Question avoid diccionary attacks for crack BIOS password that unable SSD class 0 encription

digitoforo

Reputable
Feb 22, 2019
9
0
4,510
Hi. I have a laptop HP Compaq 6710b and a SSD disk Samsung 860 EVO and according to the HP security software, the HP Protect Tools with the Embedded Security addon, I am receiving dictionary attacks leading to crack my BIOS password. This password is necessary to activate the Class 0 hardware encryption of my SSD according to the Samsung Magician software. I have configurated so that if a dictionary attack is received, Embedded Security is automatically disabled for a day and therefore during that time system doesn´t ask me for the BIOS password when starting and I have to reactivate manually after each attack. But when BIOS haven´t a password, the Class 0 encryption be deactivated and those attacks, although they do not serve to find the password because it is blocked as protection after several tries, they serve to remove the encryption automatically each time these atacks happens. I can configure Embedded Security so that it never can be deactivated but if I have a good firewall (ESET Internet Security), I don´t understand how these attacks are not blocked by the firewall. Can somebody help me?,
Thank you.
 

Ralston18

Titan
Moderator
Perhaps the dictionary attacks are coming from within the network....

Or the firewall needs some additional configuration to ensure that there are no openings left to be exploited.

Lastly, may be some legitimate network activity being falsely recognized as an attack. Or even some application on the laptop. Look at Task Manager to identify all software running in the background.

Key is to find the source of the attacks.
 

digitoforo

Reputable
Feb 22, 2019
9
0
4,510
Thank you Ralston18 for your answer.

I think the dictionary attacks coming from Internet because in my network there is only one host: me. Even so, maybe the firewall should detect the internal attacks coming from a LAN.

The security software from HP detects the attack and even show me the number of tries to sign in. In fact, I have to find the source of attacks but I don´t know how.
 
what are the alleged attack attempts trying to sign into? what service/application? Or is this some integrated management/KVM-like hack of a monitoring/BIOS update port?

How would anyone know you are using HP Protect Tools to even try to exploit some sort of behind the scenes BIOS entry/crack?

What OS are you running?

Do these attacks occur even with no browser open?

What TCP/IP port(s) does this/these attack(s) come thru?

Can these 'attempts (if genuine' be seen thru/via a software firewall addition such as Glasswire? (Try it, easy to use, shows countries of origin on assorted connections)
 
Is this attack coming remotely as a part of : "From HPs docs"

"HP Client Manager (HPCM) provides a method of remotely enabling the TPM and taking ownership of the TPM in the enterprise environment. This method does not require the physical presence of the IT administrator, yet it still meets the TCG requirement. "

That would sound as though it merely being open/installed or enabled in BIOS is an avenue of attack....
 

digitoforo

Reputable
Feb 22, 2019
9
0
4,510
Thank for your answer. Now I think there aren´t such attacks. Since the only host is me, the attack is only a mere statistic of my own tries accessing to services of HP Embedded Security.