IT Guys: Anyone know anything about the security on Lenovo Thinkpad laptops?

Birdie2000

Birdie2000

Club Member
Have a potential client who needs the data recovered off of his laptop ASAP. Problem is that he has a Lenovo laptop with fingerprint ID and he tells me all the data is encrypted, however the security chip in the laptop isn't letting him in after (from what I can gather) someone else updated/reloaded the BIOS. I just need to know if this data is recoverable in timely matter or not. Ideally getting the computer accessible again is the goal, but I'm planning for the worst case scenario.

Also, if anyone can recommend someone who has dealt with this type of laptop/problem before I would be willing to pass it on if it ends up being above my head. I will be discriminating on who I send him to though as I don't want to end up looking bad if he is unhappy with them.
 
Is this a BIOS fingerprint reader that won't let the computer boot or is it a windows fingerprint reader? Does the computer boot past the bios and start booting windows? I doubt the harddrive is encrypted, you can always just hook the laptop up to a computer to get the data.

Sometimes you can short the cmos battery or the manufacturer has a jumper you can short to restore defaults.

Sometimes you can just reflash the BIOS and that would restore defaults using a bootable floppy or cd.

Worst case scenerio is to access the EEPROM directly and use numerous recovery methods this way.

If it boots and this is the windows fingerprint reader authentication you are talking about getting past this shouldn't be hard at all.
 
I was thinking CMOS as well


What about a SATA/IDE to USB2.0 adapter?
 
I haven't seen the computer yet so I don't know the exact symptoms, only a very basic overview based on the client's observations. He has someone else working on it right now and if they are unsuccessful I'll probably end up taking a look at it or recommending someone if I can't do it (assuming I find someone).

From what I'm reading, the laptop has a built in fingerprint reader and an embedded chip in the laptop that controls access and can encrypt the data. It seems to be a pretty elaborate system exclusive to IBM equipment.
 
Without knowing the symptoms you can't really fix it. If it's a hardware problem, then there's no way around it. If it's software, then pulling his personal data off the drive even in an encrypted state and reimaging the machine would fix it.
 
This is an overview I found in their technical papers if it helps at all.





IBM Embedded Security Chip

The IBM Embedded Security Chip is a Trusted Computing Platform Alliance
(TCPA) compliant, cryptographic microprocessor that is embedded in the mother
board of the IBM client. The IBM Embedded Security Chip:

-Supports RSA (Rivest, Shamir, and Adelman) PKI (Public Key Infrastructure) operations such as encryption for privacy and digital signatures for authentication. The IBM Embedded Security Chip includes Electrically Erasable Programmable Read-Only Memory (EEPROM) where RSA key pairs are stored.

-Communicates with the main processor of the computer through the Low Pin count (LPC) bus.

-Performs RSA key generation.

-Contains a Pseudo Random Number Generator.

-Computes RSA operations in 200 milliseconds.

-Includes all TCPA (Trusted Computing Platform Alliance) functions defined in specification V1.1.
 
Once I look at the computer (if it comes to that) I will be able to better diagnose his problem. However, since I did not work on it from the start (it started with a BSOD) I don't exactly know what was done to remedy it that locked him out of the computer and will obviously be a hurdle in figuring it out.
 
Birdie2000 said:
I haven't seen the computer yet so I don't know the exact symptoms, only a very basic overview based on the client's observations. He has someone else working on it right now and if they are unsuccessful I'll probably end up taking a look at it or recommending someone if I can't do it (assuming I find someone).

From what I'm reading, the laptop has a built in fingerprint reader and an embedded chip in the laptop that controls access and can encrypt the data. It seems to be a pretty elaborate system exclusive to IBM equipment.
Click to expand...

That is pretty cool. I would guess if it actually encrpts the data and the client has some $$. Pickup another notebook of the same make and exchange drives. This assumes there is a hardware problem. I am not sure how else to get around the encryption other then see if any programs out there recover encrypted data. That sounds like an expensive bill no matter how you fix it. I hope he is trying to recover more than his porn collection.
 
Yeah, I would recommend him go to ontrak or drivesavers but he needs it done yesterday. He has a person who set it up and he thinks can fix it, but he's in another state now and ideally he would at least like the data off of it now so he can send the laptop to him to be repaired. How quickly can those services have the data back to you? I have to have another conversation with him and if he hasn't gotten it solved elsewhere yet I'll present him with the option.

Yes, he admitted he doesn't have a backup, and yes the data is important. From the conversation it sounds like he asked for/was sold more security than he had IT knowledge/support for.
 
If it is like the ones we use at work (Lenovo), the drive is keyed to the laptop. I wanted to upgrade my laptop at work and had a hell of a time. The damn drive would not mount in a slave configuration. After a half dozen calls to Lenovo, I found out they pair the serial number to the device and use that as a salt for encryption at the bios level.

I promptly took my Lenovo back to my IT department. Went and purchased a 2nd MacBook Pro for work and expensed it.
 
I don't think he's screwed if the data is encrypted, Ontrack can probably take care of it in as little as an hour of actually working on it.

It would be interesting to take a look at it to try and see if I can get the data off but the only high success rate would come from a professional data recovery place such as ontrack.

robvas said:
Depends on how much you want to pay.

A rush job with next day shipping can add a couple extra thousand $ to the job.

If the data is actually encrypted you're fucked anyway.
Click to expand...
 
LT1Pat said:
I don't think he's screwed if the data is encrypted, Ontrack can probably take care of it in as little as an hour of actually working on it.

It would be interesting to take a look at it to try and see if I can get the data off but the only high success rate would come from a professional data recovery place such as ontrack.
Click to expand...

It depends on how it is encrypted. RSA key based block level encryption can't be broken yet. File level encryption however, can.
 
If it's actually encrypted, you'd need a supercomputer to break it. If not a bunch of them ;)

If it's one of those half ass 'encryption' schemes they use on those cheap USB drives, you can get it.
 
256 can be broken easily and 512 bit can be broken. It seems as if Lenovo is making things harder for the average consumer rather than easier. They should market them with warnings I would think.

little2v said:
It depends on how it is encrypted. RSA key based block level encryption can't be broken yet. File level encryption however, can.
Click to expand...
 
Got word that the client's current technician was able to retrieve his data, so I'm guessing either the data wasn't encrypted as he thought or they were given admin info to somehow bypass/reset the security chip.

I still get to try and fix the laptop and it's BSOD. Hopefully aside from the login this thing isn't any more of PITA than normal.
 
You must log in or register to reply here.

Similar threads

WhiteHawk
Any HVAC Guys on Motown?
Replies
8
Views
1K
85notch
85notch
347convert
Does anyone work in the service department of a Chrysler dealer.
Replies
4
Views
920
13SECSS
13SECSS
nitrouspete
need some opinions to know if i made the right choice. work topic
2 3
Replies
42
Views
4K
89-LX
89-LX
TooSlo86
Anyone know anything about this 82 Stang FS?
Replies
6
Views
492
Anthony
Anthony
ConfusedGarage
Anyone dealt with check fraud in Oakland County recently?
Replies
6
Views
609
Beigg
Beigg
Back
Top