Hacked Computer: New HP PC With Corrupt BIOS required to enter power on password not administrator – GSM FRP

by Hacked.By.Former.Employer@gmail.com @cybertrapped

This blury video shows that despite having set the administrator and power on passwords for this HP PC, I am only required to enter one password when I accessed the BIOS set up, the power on password.

@0:33 After power on, the computer requires me to enter the power on password. No other password is required from me before I enter BIOS set up.

@03:31 I try to change the administrator, and when I entered the wrong password, there is a beep from the computer. This means the administrator password was set. Then, I try to change the power on password, and after I entered the wrong on, the computer disables me from operating it, and I have to restart the computer.

Eventually I was able to clear first the power on password, and then the administrator password. Given that I never loaded the Windows Operating System, nor connected to the Internet, not even sniffed a WI-Fi access point, I conclude this new HP Computer was vulnerable from the moment I first powered it on, and despite the fact I “secured the BIOS.”

An example of the dangers of sniffing a Wi-Fi access point are illustrated point is discussed in during Twit’s “Security Now” Episode 828, in which Steve Gibson and Leo Laporte discussed a strange Apple’s Wi-Fi bug: https://www.youtube.com/watch?v=Okxn7G3FC38&t=1869 “… a security researcher who was poking at iOS somehow
discovered that if a Wi-Fi network’s SSID’s name was set to: “%p%s%s%s%s%n” and an iOS
device then attempted to join any Wi-Fi network having that name, the device’s Wi-Fi would
become immediately and semi-permanently inoperative. A restart/reboot would have no effect and all logical attempts to reverse the change would fail. Any attempt to enable the Wi-Fi subsystem to fix the trouble would immediately crash it before the user could use it to resolve the problem.

If you have powered on a new Laptop or PC, you may remember that when we first power it on, Microsoft tries to force users to logon with a Microsoft account. Immediately, the system prompts us to connect to the internet. This is when the first sniff for a network occurs.

Well, with this computer I never got to that point, and yet the system was infected (hacked). This video illustrates the files and utilities I tried to run on it: https://www.youtube.com/watch?v=z6uGseDi4TY

Below I describe the events that led me to return the device, and most important for this video, what made me think the BIOS is also vulnerable and corrupted.

July27th, 2021: I purchased a new HP Computer from Walmart.

July 28th, 2021: Powered on computer and immediately accesses BIOS set up. I believed I could secure it by setting the administrator and power on passwords. Also, I disabled (or “hid” as HP calls it), the Network Adapter.

After I restarted the computer, I was required to enter the power on password, and when I selected the System Recovery item from the boot menu, I was asked for the administrator’s password. This video illustrates how the computer required me to enter these passwords when I accessed System Recovery: https://www.youtube.com/watch?v=fEfmZGIepU4

After I entered the administrator’s password, I observed a splash screen with the message “Preparing for Automatic Repair.” I immediately restarted the computer, and again, the “Preparing for Automatic Repair” continued. I powered off the computer.

July 30th, 2021: I powered on the computer and accessed the System Recovery boot menu. After I was able to access the Command Prompt, Administrator: X:windowssystem32cmd.exe, I was able to explore files and folders, and I realized many files were dated back to 2019, and some of the drivers like Bluetooth and Network Configuration Objects had versions dating back to 06/21/2006

I continued exploring files and folders and crossed path with X:WindowsSystem32sfc.exe (System Integrity Check and Repair), which properties showed Date modified of 12/6/2019 and lacked the Security and Digital Signature tabs.

I invoked “sfc /SCANNOW”:

Beginning system scan. This process will take some time.

Beginning verification of system scan.
Verification 100% complete.

Windows Resource Protection could not perform the requested operation.

So I navigated to the top of the System Recovery menu, and I “Reset this PC” and “Delete Everything.” However, when I powered the computer back on, I was now seeing two “Windows 10 on volume 3” items. This video illustrates what I observed: https://www.youtube.com/watch?v=P2_BB1Qaqqs

I decided to return the computer, and when I was trying to reset the BIOS, (i.e., remove the passwords and restore the default configuration), I no longer was required to enter the administrator password. This video illustrates that I am only required to enter the power on pwd, and not the administrator password. I interpret this as a corrupted BIOS.

#HackedByFormerEmployer #cybertrapped


Leave a Comment

Your email address will not be published.

Scroll to Top