How secure is the Bios? can it be 'hacked' easily?

Hello friends, i’m just curious, Framework’s laptops are quiet secure, curious how secure is the Bios? how easy would it be ‘hacked’ so to speak? how is it different from normal laptop bios?
Thanks alot!

  • The Framework Laptop is made in Taiwan, not China
  • The BIOS is created by Insyde, which is also a Taiwanese and not Chinese company.
  • There are ways to reset the BIOS (including the password) to default settings if you disassemble the laptop. See here: Reset forgotten BIOS password - #17 by sgilderd - this is similar to how other laptops and computers work
2 Likes

i was just reminded of movies/tv shows ive seen, where someone comes in, plugs an usb drive into the laptop, removes it, and now has control over the laptop. I wonder if that has to do with the Bios and if the Bios is different//more secure, then maybe its not so easily hacked…

The scenario you describe is probably possible on any PC/Laptop.
There are general methods to reduce it likelihood of it working.
For example, in Linux you can disable auto-mount of USB stick, one then needs a logged in user to click on something to mount it.
In general, if an un-trusted person gets physical access to your PC/Laptop, anything is “possible”.

2 Likes

Framework’s BIOS is created by Insyde (except on the Chromebook variant, that variant’s BIOS is based on Coreboot).

Insyde is one of the main BIOS makers worldwide and makes the BIOS for many laptops from major brands (Lenovo and HP definitely use Insyde on at least some of their laptops, I’m not sure about other brands).

So I doubt Framework’s BIOS is any more prone to having security vulnerabilities than other Insyde BIOSes.

On the other hand Framework’s track record for quickly releasing an update when an exploit is discovered isn’t perfect and Framework often has a delay to release a fix.

2 Likes

Framework’s BIOSs have been notoriously out-of-date and vulnerable to local exploits. And many BIOS vulnerabilities can also be exploited remotely by malicious or compromised programs you mistakenly or unknowingly install. If this is important to you, Framework might not be the best option until they manage to get their firmware update situation under control.

In the meantime, companies like Dell, Lenovo and Apple have giant corporate userbases who trust them to keep their BIOSs secure and up-to-date. So while you wait for Framework to improve their processes, you’ve got plenty of other options.

3 Likes

Thankyou Both :), i think its the easiest option is to unplug all your inputs- usb c or a /ethernet/bluetooth from the computer before leaving it in your hotel room… but seriously, unless you are an high level security guy, who is going to hack your computer anyway? there is no point be paranoid right? :slight_smile:

How would a hacker know it’s your / not your computer? (And also know you are you?)

1 Like

It’s more to do with the fact that most TV/ Movie’s depictions of “hacking” are comically divorced from reality :slight_smile:

2 Likes