For those not familiar with Shodan, this is one of the easiest ways to find vulnerable internet-connected hardware. This could be anything from personal webcams to gas pipeline control systems.
Also, this article should be a major heads up to everyone: DO NOT EVER use the factory default logins for your devices! Make unique logins and strong passwords for everything, and use MFA whenever possible.
@Tail
That's what the CLR_CMOS jumper pins are for. Or, you can go old-school and pull the MB battery, pump the power switch to discharge the caps, and start from fresh.
@voltronic It's a laptop so the pin bit doesn't work. I've done all the manufacturer's steps of clearing the CMOS and none of them worked. I'd have to RMA it back to MSI to get it fixed, but I guess it's as secure as it could get now.
@Tail
I don't know how comfortable you are doing this, but I'd take it apart, disconnect the battery bank and the MB battery. Same deal, but just requires a bit more effort to get there.
You'll want a medium-gauge guitar pick for the job.
@voltronic I've done it all, bud. Was in there reapplying some thermal paste and ripped tore the whole thing down while I was at it, pulled both batteries out and it was sitting idle for a week. I've been building desktop PCs for a while so I had a good idea of the usual steps but for whatever reason none of it worked. I'm kinda at a loss here.
It's probably for the best, I was attempting to update my BIOS for basically no reason at all.
@voltronic The threat research team at work has gotten more than one DEFCON/Black Hat presentation out of Shodan results. :-D
@ehurtley
It's one of those things that really makes you sit up straight when you realize how much low-hanging fruit is out there for the taking, including critical infrastructure.
@voltronic A-yup. I always change both username and password on all devices. If it has "peer-to-peer WiFi" I won't use, immediately configure it and disable it. (Lookin' at you, HP printers...)
@ehurtley
Yeah, I have a Samsung network printer that has the same functionality. Changing the login isn't enough; it's still constantly trying to connect to the cloud print server. I have its external connection denied through the router, but looking at my pi-hole logs shows it thrashing away.
@voltronic lol, just remembered that I locked myself out of my BIOS. Set admin password and instantly forgot it.