Pen Test Partners

🔧 Right to repair, but not to fix security?

Framework’s philosophy empowers users to open, upgrade, and repair their devices. But with great openness comes a security catch.

On the Framework 13, pressing the chassis intrusion switch 10 times resets the BIOS, removing passwords, Secure Boot, and more.

We flagged this to Framework. Their response?
"It's a feature..."

That’s risky. This reset might help with recovery, but it also hands an attacker physical access to critical settings.

Kieran explains the issue, what this means for security, and how to protect your device.

📌Read here: https://www.pentestpartners.com/security-blog/framework-13-press-here-to-pwn/

#RightToRepair #HardwareSecurity #FrameworkLaptop #BIOSReset #SecurityByDesign #CyberSecurity

Jul 15 at 11:02amWeb
Show threadJonas4d ago
@PTP
These machines are so close to be a solid recommandation for sensitive works with removable storage easily accessible.
Fixing this issue, adding an antitheft port to slow down an attacker and adding space for temper evident seals on each removable cards and chassis would vastly improve the security of these computers #framework