What are the risks of buying a used/refurbished computer? How can I mitigate those risks?
up vote
59
down vote
favorite
I bought a used computer that appears to be wiped clean, but can I be sure?
hardware
add a comment |
up vote
59
down vote
favorite
I bought a used computer that appears to be wiped clean, but can I be sure?
hardware
9
Is this question theoretical or practical in nature? I would argue that buying a computer off an unknown third party would be farily low risk if you format (or replace) the storage devices and clear the BIOS. A lot of exploits are discovered through thousands of attack attempts, which is feasible in a digital environment. It would be far less so when operating in the real world, sending out tons of compromised systems hoping for a worthwhile target to buy them.
– Brian R
Nov 26 at 16:28
8
This is a very broad question.
– Billal Begueradj
Nov 27 at 5:24
3
A significant number of weird crashes reported to Microsoft are most plausibly explained by people buying used machines that incompetent or unscrupulous former owners have severely overclocked. It might be worth checking whether the observed clock speed matches the manufacturer's recommendation.
– Eric Lippert
Nov 27 at 18:11
3
I'd also point out that there is no guaranteed that if you buy a computer new from amazon or a shop it's actually 100% new... during assembly, storage, transport etc from the production plant to your home many people could have a chance to stay a significant amount of time unattended with the hardware. Sure, it's probably harder to do and to avoid it being noticed but you are not 100% sure that a new computer wasn't tampered with either.
– Bakuriu
Nov 27 at 18:54
5
Define "risks." Are you worried about it being potentially stolen? Counterfeited? Loaded with spyware? Packed with C4 to assassinate you?
– HopelessN00b
Nov 27 at 19:21
add a comment |
up vote
59
down vote
favorite
up vote
59
down vote
favorite
I bought a used computer that appears to be wiped clean, but can I be sure?
hardware
I bought a used computer that appears to be wiped clean, but can I be sure?
hardware
hardware
edited Nov 26 at 20:08
yoozer8
1641210
1641210
asked Nov 26 at 4:05
PBeezy
6441410
6441410
9
Is this question theoretical or practical in nature? I would argue that buying a computer off an unknown third party would be farily low risk if you format (or replace) the storage devices and clear the BIOS. A lot of exploits are discovered through thousands of attack attempts, which is feasible in a digital environment. It would be far less so when operating in the real world, sending out tons of compromised systems hoping for a worthwhile target to buy them.
– Brian R
Nov 26 at 16:28
8
This is a very broad question.
– Billal Begueradj
Nov 27 at 5:24
3
A significant number of weird crashes reported to Microsoft are most plausibly explained by people buying used machines that incompetent or unscrupulous former owners have severely overclocked. It might be worth checking whether the observed clock speed matches the manufacturer's recommendation.
– Eric Lippert
Nov 27 at 18:11
3
I'd also point out that there is no guaranteed that if you buy a computer new from amazon or a shop it's actually 100% new... during assembly, storage, transport etc from the production plant to your home many people could have a chance to stay a significant amount of time unattended with the hardware. Sure, it's probably harder to do and to avoid it being noticed but you are not 100% sure that a new computer wasn't tampered with either.
– Bakuriu
Nov 27 at 18:54
5
Define "risks." Are you worried about it being potentially stolen? Counterfeited? Loaded with spyware? Packed with C4 to assassinate you?
– HopelessN00b
Nov 27 at 19:21
add a comment |
9
Is this question theoretical or practical in nature? I would argue that buying a computer off an unknown third party would be farily low risk if you format (or replace) the storage devices and clear the BIOS. A lot of exploits are discovered through thousands of attack attempts, which is feasible in a digital environment. It would be far less so when operating in the real world, sending out tons of compromised systems hoping for a worthwhile target to buy them.
– Brian R
Nov 26 at 16:28
8
This is a very broad question.
– Billal Begueradj
Nov 27 at 5:24
3
A significant number of weird crashes reported to Microsoft are most plausibly explained by people buying used machines that incompetent or unscrupulous former owners have severely overclocked. It might be worth checking whether the observed clock speed matches the manufacturer's recommendation.
– Eric Lippert
Nov 27 at 18:11
3
I'd also point out that there is no guaranteed that if you buy a computer new from amazon or a shop it's actually 100% new... during assembly, storage, transport etc from the production plant to your home many people could have a chance to stay a significant amount of time unattended with the hardware. Sure, it's probably harder to do and to avoid it being noticed but you are not 100% sure that a new computer wasn't tampered with either.
– Bakuriu
Nov 27 at 18:54
5
Define "risks." Are you worried about it being potentially stolen? Counterfeited? Loaded with spyware? Packed with C4 to assassinate you?
– HopelessN00b
Nov 27 at 19:21
9
9
Is this question theoretical or practical in nature? I would argue that buying a computer off an unknown third party would be farily low risk if you format (or replace) the storage devices and clear the BIOS. A lot of exploits are discovered through thousands of attack attempts, which is feasible in a digital environment. It would be far less so when operating in the real world, sending out tons of compromised systems hoping for a worthwhile target to buy them.
– Brian R
Nov 26 at 16:28
Is this question theoretical or practical in nature? I would argue that buying a computer off an unknown third party would be farily low risk if you format (or replace) the storage devices and clear the BIOS. A lot of exploits are discovered through thousands of attack attempts, which is feasible in a digital environment. It would be far less so when operating in the real world, sending out tons of compromised systems hoping for a worthwhile target to buy them.
– Brian R
Nov 26 at 16:28
8
8
This is a very broad question.
– Billal Begueradj
Nov 27 at 5:24
This is a very broad question.
– Billal Begueradj
Nov 27 at 5:24
3
3
A significant number of weird crashes reported to Microsoft are most plausibly explained by people buying used machines that incompetent or unscrupulous former owners have severely overclocked. It might be worth checking whether the observed clock speed matches the manufacturer's recommendation.
– Eric Lippert
Nov 27 at 18:11
A significant number of weird crashes reported to Microsoft are most plausibly explained by people buying used machines that incompetent or unscrupulous former owners have severely overclocked. It might be worth checking whether the observed clock speed matches the manufacturer's recommendation.
– Eric Lippert
Nov 27 at 18:11
3
3
I'd also point out that there is no guaranteed that if you buy a computer new from amazon or a shop it's actually 100% new... during assembly, storage, transport etc from the production plant to your home many people could have a chance to stay a significant amount of time unattended with the hardware. Sure, it's probably harder to do and to avoid it being noticed but you are not 100% sure that a new computer wasn't tampered with either.
– Bakuriu
Nov 27 at 18:54
I'd also point out that there is no guaranteed that if you buy a computer new from amazon or a shop it's actually 100% new... during assembly, storage, transport etc from the production plant to your home many people could have a chance to stay a significant amount of time unattended with the hardware. Sure, it's probably harder to do and to avoid it being noticed but you are not 100% sure that a new computer wasn't tampered with either.
– Bakuriu
Nov 27 at 18:54
5
5
Define "risks." Are you worried about it being potentially stolen? Counterfeited? Loaded with spyware? Packed with C4 to assassinate you?
– HopelessN00b
Nov 27 at 19:21
Define "risks." Are you worried about it being potentially stolen? Counterfeited? Loaded with spyware? Packed with C4 to assassinate you?
– HopelessN00b
Nov 27 at 19:21
add a comment |
5 Answers
5
active
oldest
votes
up vote
95
down vote
accepted
It all boils down to which kinds of threats you want to migitate against - a determined attacker has many more options of leaving malware on your computer than just your hard drive, but it's getting increasingly complex to do so. If you're a rocket scientist working on the newest version of ICBMs you have more to fear than a college student who uses their computer for a few class assignments and some of the newest games (but in the rocket scientist's case, you won't be allowed to use self-bought used computers anyway).
Also, it depends a bit on how competent a presumed non-malicious previous owner was in protecting against malware.
And of course, "wipe clean" can mean anything from "deleting personal files, then emptying the wastebasket" to "reinstall the OS" to "completely overwrite the disks with random data/zeroes, then do an install from scratch".
The typical threats you should migitate against are random malware infections that the previous owner caught somehow. Wiping the disks clean, then reinstalling the OS should be enough to get rid of those.
Some computers, mainly laptops, come with a "recovery partition" that allows you to quickly reset the computer to factory condition; I wouldn't use that. First, because a virus might have altered the install files as well to survive a reinstallation; second, these recovery partitions often come with a lot of crapware which the manufacturer installs because they're paid a few dollars by the crapware maker. Better download an installation DVD/USB medium from Microsoft/Ubuntu/whichever OS you're using, and do a fresh install from that.
Besides that, there's many more locations that could have malware, but it's unlikely to find them on your used computer unless you are specifially targeted.
The computer BIOS might be altered to do stuff even before booting, for example, it could have a keylogger trying to steal your passwords, or even keep a few cores of your CPU busy mining bitcoin for the previous owner. It can't hurt to check the manufacturer's website for the newest BIOS update, and flashing the newest version of it, even if that's the version you already (seem to) have. This is already quite paranoid, but still something you can do in a few minutes so doing it won't hurt you much.
The hard drive firmware itself could be altered. Someone published a proof-of-concept a few years ago who installed Linux on the hard drive - no, the computer didn't run Linux; the hard drive itself ran Linux, ignoring the fact that it was supposed to be a hard drive (see http://spritesmods.com/?art=hddhack - on page 6, he adds a backdoor by replacing the root password hash with a known one every time the disk reads /etc/shadow, and on page 7, he boots a linux kernel on the disk itself).
The CPU microcode itself could be altered to do .. stuff, including ignoring any further microcode updates. Unlikely that this could be done without cooperation from Intel, but still a possibility if the NSA is trying to target you. (However, if the NSA were targeting you, "hope he'll buy the spiked used computer we put on ebay for him" wouldn't be their primary strategy, I assume).
So, if you're just a random guy, wiping the hard disks and doing an OS reinstall from scratch provides good protection against the kinds of threats you can reasonably expect.
However, if you have any reason to assume someone is actively targeting you - this includes MDs keeping patient data on their computers, credit card processors, ... - "Just don't buy used computers" is the first thing in a long chain of measures you need to take.
46
Good answer. One nitpick: Even if you assume you are actively targeted, I don't see how it would matter whether the computer is used - it would matter whether the attacker knows in advance what you are buying, giving them time to interfere - you can manipulate a new computer just as easily as a used one.
– sleske
Nov 26 at 12:15
Comments are not for extended discussion; this conversation has been moved to chat.
– Rory Alsop♦
yesterday
However, "intercept the used computer he already bought on ebay" is definitely the sort of thing the NSA might do.
– OrangeDog
yesterday
add a comment |
up vote
12
down vote
Since you are buying a used server, I assume that you aren’t the target of a nation state’s intelligence services, and that you aren’t being targeted with implanted hardware spying modules. All you really need to do is make sure the disk is free of malware.
Load DBAN onto bootable removable media, then boot the server with it and use it to wipe the disks. That's will get them as clean as you can, without delving deeply into the internals of disk storage.
11
Might as well just junk the hard drive they give you and just install an OS on a different one. Hard drives are fairly cheap.
– pboss3010
Nov 26 at 12:26
1
The hard drive is only one component of the computer...albeit the easiest place for an attack (and easiest to defend).
– usul
Nov 26 at 14:30
1
DBAN may not be enough. BIOS can also be a problem.
– user1820553
Nov 26 at 19:24
2
@kelalaka , BIOS infections are not typically something that some guy buying a used server to run in his basement is likely to encounter. If he is running a Fortune 500 company, he’s probably not buying used gear off eBay.
– John Deters
Nov 26 at 20:56
2
@KellyBang In which case once the PC goes to you it will no longer be of any interest to the threat actor and if we're talking this sophisticated in terms of spyware they'll have filters to just not act on whatever the PC is then spying on. Also, organizations such as that aren't in the habit of selling off old hardware, most of them properly physically destroy hardware with a crusher for fear of data theft.
– Magisch
2 days ago
|
show 2 more comments
up vote
8
down vote
Well, depends on how you define secure. Are you being actively targeted by a large organization, such as a conglomerate or a government? Or just scared of criminals taking over your webcam to take photos?
If you are in the first group, congratulations! Assume all electronic devices you use tainted. There's so many ways that these organizations can spy on you without your knowledge, whether it's hardware based or software based. Most electronic devices sold today do not come with a board schematic - you have no way to verify if there isn't an extra component added, such as a keylogger, recording your activity.
On the other hand, if you are just a regular guy with nothing sensitive, I wouldn't worry too much. A simple wipe of the hard drive and a reinstall of whatever operating system you prefer would suffice. Maybe reflash the BIOS if you're really, really paranoid.
add a comment |
up vote
2
down vote
It is pretty simple really, replace the hard drive, update the bios and use bitlocker or other encryption software to lock the drive once you install the OS.
New contributor
1
Whether that's sufficient or not is entirely dependent on the threat model. What if there's a wireless keylogger in the hardware itself?
– Sneftel
yesterday
add a comment |
up vote
0
down vote
The only way I can suggest ensuring said device is clean, if you're that concerned, don't buy it.
I typically will buy refurbished. Why pay top dollar for something that is already outdated the same week it his the sale floor? And with replacement parts such as hard drives getting insanely cheaper just copy down the OEM tag if it's a Microsoft Windows or whatever you need from the OS, transfer it to the new hard drive and good as new.
You could also encrypt and zero the sectors so that if something should happen, like your son or daughter as secretly hacking to change their grades, get busted and the drive confiscated, and unknown to you that the previous owners were hackers but instead of having grades, were robbing banks for Bitcoin...you and your kid don't get hit with charges.
New contributor
8
At first I couldn't see how this answered the question. Now I see that it does, sort of, but it's not very clear. Re risks, you name the (astronomically unlikely) risk of getting hit with charges if the drive is confiscated for your kids' grade hacking and evidence of bank robbery by the previous owner is uncovered. Re mitigation, your answer is to "encrypt and zero the sectors." Okay, got it.
– Wildcard
Nov 26 at 22:37
add a comment |
protected by Community♦ yesterday
Thank you for your interest in this question.
Because it has attracted low-quality or spam answers that had to be removed, posting an answer now requires 10 reputation on this site (the association bonus does not count).
Would you like to answer one of these unanswered questions instead?
5 Answers
5
active
oldest
votes
5 Answers
5
active
oldest
votes
active
oldest
votes
active
oldest
votes
up vote
95
down vote
accepted
It all boils down to which kinds of threats you want to migitate against - a determined attacker has many more options of leaving malware on your computer than just your hard drive, but it's getting increasingly complex to do so. If you're a rocket scientist working on the newest version of ICBMs you have more to fear than a college student who uses their computer for a few class assignments and some of the newest games (but in the rocket scientist's case, you won't be allowed to use self-bought used computers anyway).
Also, it depends a bit on how competent a presumed non-malicious previous owner was in protecting against malware.
And of course, "wipe clean" can mean anything from "deleting personal files, then emptying the wastebasket" to "reinstall the OS" to "completely overwrite the disks with random data/zeroes, then do an install from scratch".
The typical threats you should migitate against are random malware infections that the previous owner caught somehow. Wiping the disks clean, then reinstalling the OS should be enough to get rid of those.
Some computers, mainly laptops, come with a "recovery partition" that allows you to quickly reset the computer to factory condition; I wouldn't use that. First, because a virus might have altered the install files as well to survive a reinstallation; second, these recovery partitions often come with a lot of crapware which the manufacturer installs because they're paid a few dollars by the crapware maker. Better download an installation DVD/USB medium from Microsoft/Ubuntu/whichever OS you're using, and do a fresh install from that.
Besides that, there's many more locations that could have malware, but it's unlikely to find them on your used computer unless you are specifially targeted.
The computer BIOS might be altered to do stuff even before booting, for example, it could have a keylogger trying to steal your passwords, or even keep a few cores of your CPU busy mining bitcoin for the previous owner. It can't hurt to check the manufacturer's website for the newest BIOS update, and flashing the newest version of it, even if that's the version you already (seem to) have. This is already quite paranoid, but still something you can do in a few minutes so doing it won't hurt you much.
The hard drive firmware itself could be altered. Someone published a proof-of-concept a few years ago who installed Linux on the hard drive - no, the computer didn't run Linux; the hard drive itself ran Linux, ignoring the fact that it was supposed to be a hard drive (see http://spritesmods.com/?art=hddhack - on page 6, he adds a backdoor by replacing the root password hash with a known one every time the disk reads /etc/shadow, and on page 7, he boots a linux kernel on the disk itself).
The CPU microcode itself could be altered to do .. stuff, including ignoring any further microcode updates. Unlikely that this could be done without cooperation from Intel, but still a possibility if the NSA is trying to target you. (However, if the NSA were targeting you, "hope he'll buy the spiked used computer we put on ebay for him" wouldn't be their primary strategy, I assume).
So, if you're just a random guy, wiping the hard disks and doing an OS reinstall from scratch provides good protection against the kinds of threats you can reasonably expect.
However, if you have any reason to assume someone is actively targeting you - this includes MDs keeping patient data on their computers, credit card processors, ... - "Just don't buy used computers" is the first thing in a long chain of measures you need to take.
46
Good answer. One nitpick: Even if you assume you are actively targeted, I don't see how it would matter whether the computer is used - it would matter whether the attacker knows in advance what you are buying, giving them time to interfere - you can manipulate a new computer just as easily as a used one.
– sleske
Nov 26 at 12:15
Comments are not for extended discussion; this conversation has been moved to chat.
– Rory Alsop♦
yesterday
However, "intercept the used computer he already bought on ebay" is definitely the sort of thing the NSA might do.
– OrangeDog
yesterday
add a comment |
up vote
95
down vote
accepted
It all boils down to which kinds of threats you want to migitate against - a determined attacker has many more options of leaving malware on your computer than just your hard drive, but it's getting increasingly complex to do so. If you're a rocket scientist working on the newest version of ICBMs you have more to fear than a college student who uses their computer for a few class assignments and some of the newest games (but in the rocket scientist's case, you won't be allowed to use self-bought used computers anyway).
Also, it depends a bit on how competent a presumed non-malicious previous owner was in protecting against malware.
And of course, "wipe clean" can mean anything from "deleting personal files, then emptying the wastebasket" to "reinstall the OS" to "completely overwrite the disks with random data/zeroes, then do an install from scratch".
The typical threats you should migitate against are random malware infections that the previous owner caught somehow. Wiping the disks clean, then reinstalling the OS should be enough to get rid of those.
Some computers, mainly laptops, come with a "recovery partition" that allows you to quickly reset the computer to factory condition; I wouldn't use that. First, because a virus might have altered the install files as well to survive a reinstallation; second, these recovery partitions often come with a lot of crapware which the manufacturer installs because they're paid a few dollars by the crapware maker. Better download an installation DVD/USB medium from Microsoft/Ubuntu/whichever OS you're using, and do a fresh install from that.
Besides that, there's many more locations that could have malware, but it's unlikely to find them on your used computer unless you are specifially targeted.
The computer BIOS might be altered to do stuff even before booting, for example, it could have a keylogger trying to steal your passwords, or even keep a few cores of your CPU busy mining bitcoin for the previous owner. It can't hurt to check the manufacturer's website for the newest BIOS update, and flashing the newest version of it, even if that's the version you already (seem to) have. This is already quite paranoid, but still something you can do in a few minutes so doing it won't hurt you much.
The hard drive firmware itself could be altered. Someone published a proof-of-concept a few years ago who installed Linux on the hard drive - no, the computer didn't run Linux; the hard drive itself ran Linux, ignoring the fact that it was supposed to be a hard drive (see http://spritesmods.com/?art=hddhack - on page 6, he adds a backdoor by replacing the root password hash with a known one every time the disk reads /etc/shadow, and on page 7, he boots a linux kernel on the disk itself).
The CPU microcode itself could be altered to do .. stuff, including ignoring any further microcode updates. Unlikely that this could be done without cooperation from Intel, but still a possibility if the NSA is trying to target you. (However, if the NSA were targeting you, "hope he'll buy the spiked used computer we put on ebay for him" wouldn't be their primary strategy, I assume).
So, if you're just a random guy, wiping the hard disks and doing an OS reinstall from scratch provides good protection against the kinds of threats you can reasonably expect.
However, if you have any reason to assume someone is actively targeting you - this includes MDs keeping patient data on their computers, credit card processors, ... - "Just don't buy used computers" is the first thing in a long chain of measures you need to take.
46
Good answer. One nitpick: Even if you assume you are actively targeted, I don't see how it would matter whether the computer is used - it would matter whether the attacker knows in advance what you are buying, giving them time to interfere - you can manipulate a new computer just as easily as a used one.
– sleske
Nov 26 at 12:15
Comments are not for extended discussion; this conversation has been moved to chat.
– Rory Alsop♦
yesterday
However, "intercept the used computer he already bought on ebay" is definitely the sort of thing the NSA might do.
– OrangeDog
yesterday
add a comment |
up vote
95
down vote
accepted
up vote
95
down vote
accepted
It all boils down to which kinds of threats you want to migitate against - a determined attacker has many more options of leaving malware on your computer than just your hard drive, but it's getting increasingly complex to do so. If you're a rocket scientist working on the newest version of ICBMs you have more to fear than a college student who uses their computer for a few class assignments and some of the newest games (but in the rocket scientist's case, you won't be allowed to use self-bought used computers anyway).
Also, it depends a bit on how competent a presumed non-malicious previous owner was in protecting against malware.
And of course, "wipe clean" can mean anything from "deleting personal files, then emptying the wastebasket" to "reinstall the OS" to "completely overwrite the disks with random data/zeroes, then do an install from scratch".
The typical threats you should migitate against are random malware infections that the previous owner caught somehow. Wiping the disks clean, then reinstalling the OS should be enough to get rid of those.
Some computers, mainly laptops, come with a "recovery partition" that allows you to quickly reset the computer to factory condition; I wouldn't use that. First, because a virus might have altered the install files as well to survive a reinstallation; second, these recovery partitions often come with a lot of crapware which the manufacturer installs because they're paid a few dollars by the crapware maker. Better download an installation DVD/USB medium from Microsoft/Ubuntu/whichever OS you're using, and do a fresh install from that.
Besides that, there's many more locations that could have malware, but it's unlikely to find them on your used computer unless you are specifially targeted.
The computer BIOS might be altered to do stuff even before booting, for example, it could have a keylogger trying to steal your passwords, or even keep a few cores of your CPU busy mining bitcoin for the previous owner. It can't hurt to check the manufacturer's website for the newest BIOS update, and flashing the newest version of it, even if that's the version you already (seem to) have. This is already quite paranoid, but still something you can do in a few minutes so doing it won't hurt you much.
The hard drive firmware itself could be altered. Someone published a proof-of-concept a few years ago who installed Linux on the hard drive - no, the computer didn't run Linux; the hard drive itself ran Linux, ignoring the fact that it was supposed to be a hard drive (see http://spritesmods.com/?art=hddhack - on page 6, he adds a backdoor by replacing the root password hash with a known one every time the disk reads /etc/shadow, and on page 7, he boots a linux kernel on the disk itself).
The CPU microcode itself could be altered to do .. stuff, including ignoring any further microcode updates. Unlikely that this could be done without cooperation from Intel, but still a possibility if the NSA is trying to target you. (However, if the NSA were targeting you, "hope he'll buy the spiked used computer we put on ebay for him" wouldn't be their primary strategy, I assume).
So, if you're just a random guy, wiping the hard disks and doing an OS reinstall from scratch provides good protection against the kinds of threats you can reasonably expect.
However, if you have any reason to assume someone is actively targeting you - this includes MDs keeping patient data on their computers, credit card processors, ... - "Just don't buy used computers" is the first thing in a long chain of measures you need to take.
It all boils down to which kinds of threats you want to migitate against - a determined attacker has many more options of leaving malware on your computer than just your hard drive, but it's getting increasingly complex to do so. If you're a rocket scientist working on the newest version of ICBMs you have more to fear than a college student who uses their computer for a few class assignments and some of the newest games (but in the rocket scientist's case, you won't be allowed to use self-bought used computers anyway).
Also, it depends a bit on how competent a presumed non-malicious previous owner was in protecting against malware.
And of course, "wipe clean" can mean anything from "deleting personal files, then emptying the wastebasket" to "reinstall the OS" to "completely overwrite the disks with random data/zeroes, then do an install from scratch".
The typical threats you should migitate against are random malware infections that the previous owner caught somehow. Wiping the disks clean, then reinstalling the OS should be enough to get rid of those.
Some computers, mainly laptops, come with a "recovery partition" that allows you to quickly reset the computer to factory condition; I wouldn't use that. First, because a virus might have altered the install files as well to survive a reinstallation; second, these recovery partitions often come with a lot of crapware which the manufacturer installs because they're paid a few dollars by the crapware maker. Better download an installation DVD/USB medium from Microsoft/Ubuntu/whichever OS you're using, and do a fresh install from that.
Besides that, there's many more locations that could have malware, but it's unlikely to find them on your used computer unless you are specifially targeted.
The computer BIOS might be altered to do stuff even before booting, for example, it could have a keylogger trying to steal your passwords, or even keep a few cores of your CPU busy mining bitcoin for the previous owner. It can't hurt to check the manufacturer's website for the newest BIOS update, and flashing the newest version of it, even if that's the version you already (seem to) have. This is already quite paranoid, but still something you can do in a few minutes so doing it won't hurt you much.
The hard drive firmware itself could be altered. Someone published a proof-of-concept a few years ago who installed Linux on the hard drive - no, the computer didn't run Linux; the hard drive itself ran Linux, ignoring the fact that it was supposed to be a hard drive (see http://spritesmods.com/?art=hddhack - on page 6, he adds a backdoor by replacing the root password hash with a known one every time the disk reads /etc/shadow, and on page 7, he boots a linux kernel on the disk itself).
The CPU microcode itself could be altered to do .. stuff, including ignoring any further microcode updates. Unlikely that this could be done without cooperation from Intel, but still a possibility if the NSA is trying to target you. (However, if the NSA were targeting you, "hope he'll buy the spiked used computer we put on ebay for him" wouldn't be their primary strategy, I assume).
So, if you're just a random guy, wiping the hard disks and doing an OS reinstall from scratch provides good protection against the kinds of threats you can reasonably expect.
However, if you have any reason to assume someone is actively targeting you - this includes MDs keeping patient data on their computers, credit card processors, ... - "Just don't buy used computers" is the first thing in a long chain of measures you need to take.
edited 19 hours ago
answered Nov 26 at 10:56
Guntram Blohm
1,309710
1,309710
46
Good answer. One nitpick: Even if you assume you are actively targeted, I don't see how it would matter whether the computer is used - it would matter whether the attacker knows in advance what you are buying, giving them time to interfere - you can manipulate a new computer just as easily as a used one.
– sleske
Nov 26 at 12:15
Comments are not for extended discussion; this conversation has been moved to chat.
– Rory Alsop♦
yesterday
However, "intercept the used computer he already bought on ebay" is definitely the sort of thing the NSA might do.
– OrangeDog
yesterday
add a comment |
46
Good answer. One nitpick: Even if you assume you are actively targeted, I don't see how it would matter whether the computer is used - it would matter whether the attacker knows in advance what you are buying, giving them time to interfere - you can manipulate a new computer just as easily as a used one.
– sleske
Nov 26 at 12:15
Comments are not for extended discussion; this conversation has been moved to chat.
– Rory Alsop♦
yesterday
However, "intercept the used computer he already bought on ebay" is definitely the sort of thing the NSA might do.
– OrangeDog
yesterday
46
46
Good answer. One nitpick: Even if you assume you are actively targeted, I don't see how it would matter whether the computer is used - it would matter whether the attacker knows in advance what you are buying, giving them time to interfere - you can manipulate a new computer just as easily as a used one.
– sleske
Nov 26 at 12:15
Good answer. One nitpick: Even if you assume you are actively targeted, I don't see how it would matter whether the computer is used - it would matter whether the attacker knows in advance what you are buying, giving them time to interfere - you can manipulate a new computer just as easily as a used one.
– sleske
Nov 26 at 12:15
Comments are not for extended discussion; this conversation has been moved to chat.
– Rory Alsop♦
yesterday
Comments are not for extended discussion; this conversation has been moved to chat.
– Rory Alsop♦
yesterday
However, "intercept the used computer he already bought on ebay" is definitely the sort of thing the NSA might do.
– OrangeDog
yesterday
However, "intercept the used computer he already bought on ebay" is definitely the sort of thing the NSA might do.
– OrangeDog
yesterday
add a comment |
up vote
12
down vote
Since you are buying a used server, I assume that you aren’t the target of a nation state’s intelligence services, and that you aren’t being targeted with implanted hardware spying modules. All you really need to do is make sure the disk is free of malware.
Load DBAN onto bootable removable media, then boot the server with it and use it to wipe the disks. That's will get them as clean as you can, without delving deeply into the internals of disk storage.
11
Might as well just junk the hard drive they give you and just install an OS on a different one. Hard drives are fairly cheap.
– pboss3010
Nov 26 at 12:26
1
The hard drive is only one component of the computer...albeit the easiest place for an attack (and easiest to defend).
– usul
Nov 26 at 14:30
1
DBAN may not be enough. BIOS can also be a problem.
– user1820553
Nov 26 at 19:24
2
@kelalaka , BIOS infections are not typically something that some guy buying a used server to run in his basement is likely to encounter. If he is running a Fortune 500 company, he’s probably not buying used gear off eBay.
– John Deters
Nov 26 at 20:56
2
@KellyBang In which case once the PC goes to you it will no longer be of any interest to the threat actor and if we're talking this sophisticated in terms of spyware they'll have filters to just not act on whatever the PC is then spying on. Also, organizations such as that aren't in the habit of selling off old hardware, most of them properly physically destroy hardware with a crusher for fear of data theft.
– Magisch
2 days ago
|
show 2 more comments
up vote
12
down vote
Since you are buying a used server, I assume that you aren’t the target of a nation state’s intelligence services, and that you aren’t being targeted with implanted hardware spying modules. All you really need to do is make sure the disk is free of malware.
Load DBAN onto bootable removable media, then boot the server with it and use it to wipe the disks. That's will get them as clean as you can, without delving deeply into the internals of disk storage.
11
Might as well just junk the hard drive they give you and just install an OS on a different one. Hard drives are fairly cheap.
– pboss3010
Nov 26 at 12:26
1
The hard drive is only one component of the computer...albeit the easiest place for an attack (and easiest to defend).
– usul
Nov 26 at 14:30
1
DBAN may not be enough. BIOS can also be a problem.
– user1820553
Nov 26 at 19:24
2
@kelalaka , BIOS infections are not typically something that some guy buying a used server to run in his basement is likely to encounter. If he is running a Fortune 500 company, he’s probably not buying used gear off eBay.
– John Deters
Nov 26 at 20:56
2
@KellyBang In which case once the PC goes to you it will no longer be of any interest to the threat actor and if we're talking this sophisticated in terms of spyware they'll have filters to just not act on whatever the PC is then spying on. Also, organizations such as that aren't in the habit of selling off old hardware, most of them properly physically destroy hardware with a crusher for fear of data theft.
– Magisch
2 days ago
|
show 2 more comments
up vote
12
down vote
up vote
12
down vote
Since you are buying a used server, I assume that you aren’t the target of a nation state’s intelligence services, and that you aren’t being targeted with implanted hardware spying modules. All you really need to do is make sure the disk is free of malware.
Load DBAN onto bootable removable media, then boot the server with it and use it to wipe the disks. That's will get them as clean as you can, without delving deeply into the internals of disk storage.
Since you are buying a used server, I assume that you aren’t the target of a nation state’s intelligence services, and that you aren’t being targeted with implanted hardware spying modules. All you really need to do is make sure the disk is free of malware.
Load DBAN onto bootable removable media, then boot the server with it and use it to wipe the disks. That's will get them as clean as you can, without delving deeply into the internals of disk storage.
edited Nov 26 at 15:14
answered Nov 26 at 4:54
John Deters
26k24087
26k24087
11
Might as well just junk the hard drive they give you and just install an OS on a different one. Hard drives are fairly cheap.
– pboss3010
Nov 26 at 12:26
1
The hard drive is only one component of the computer...albeit the easiest place for an attack (and easiest to defend).
– usul
Nov 26 at 14:30
1
DBAN may not be enough. BIOS can also be a problem.
– user1820553
Nov 26 at 19:24
2
@kelalaka , BIOS infections are not typically something that some guy buying a used server to run in his basement is likely to encounter. If he is running a Fortune 500 company, he’s probably not buying used gear off eBay.
– John Deters
Nov 26 at 20:56
2
@KellyBang In which case once the PC goes to you it will no longer be of any interest to the threat actor and if we're talking this sophisticated in terms of spyware they'll have filters to just not act on whatever the PC is then spying on. Also, organizations such as that aren't in the habit of selling off old hardware, most of them properly physically destroy hardware with a crusher for fear of data theft.
– Magisch
2 days ago
|
show 2 more comments
11
Might as well just junk the hard drive they give you and just install an OS on a different one. Hard drives are fairly cheap.
– pboss3010
Nov 26 at 12:26
1
The hard drive is only one component of the computer...albeit the easiest place for an attack (and easiest to defend).
– usul
Nov 26 at 14:30
1
DBAN may not be enough. BIOS can also be a problem.
– user1820553
Nov 26 at 19:24
2
@kelalaka , BIOS infections are not typically something that some guy buying a used server to run in his basement is likely to encounter. If he is running a Fortune 500 company, he’s probably not buying used gear off eBay.
– John Deters
Nov 26 at 20:56
2
@KellyBang In which case once the PC goes to you it will no longer be of any interest to the threat actor and if we're talking this sophisticated in terms of spyware they'll have filters to just not act on whatever the PC is then spying on. Also, organizations such as that aren't in the habit of selling off old hardware, most of them properly physically destroy hardware with a crusher for fear of data theft.
– Magisch
2 days ago
11
11
Might as well just junk the hard drive they give you and just install an OS on a different one. Hard drives are fairly cheap.
– pboss3010
Nov 26 at 12:26
Might as well just junk the hard drive they give you and just install an OS on a different one. Hard drives are fairly cheap.
– pboss3010
Nov 26 at 12:26
1
1
The hard drive is only one component of the computer...albeit the easiest place for an attack (and easiest to defend).
– usul
Nov 26 at 14:30
The hard drive is only one component of the computer...albeit the easiest place for an attack (and easiest to defend).
– usul
Nov 26 at 14:30
1
1
DBAN may not be enough. BIOS can also be a problem.
– user1820553
Nov 26 at 19:24
DBAN may not be enough. BIOS can also be a problem.
– user1820553
Nov 26 at 19:24
2
2
@kelalaka , BIOS infections are not typically something that some guy buying a used server to run in his basement is likely to encounter. If he is running a Fortune 500 company, he’s probably not buying used gear off eBay.
– John Deters
Nov 26 at 20:56
@kelalaka , BIOS infections are not typically something that some guy buying a used server to run in his basement is likely to encounter. If he is running a Fortune 500 company, he’s probably not buying used gear off eBay.
– John Deters
Nov 26 at 20:56
2
2
@KellyBang In which case once the PC goes to you it will no longer be of any interest to the threat actor and if we're talking this sophisticated in terms of spyware they'll have filters to just not act on whatever the PC is then spying on. Also, organizations such as that aren't in the habit of selling off old hardware, most of them properly physically destroy hardware with a crusher for fear of data theft.
– Magisch
2 days ago
@KellyBang In which case once the PC goes to you it will no longer be of any interest to the threat actor and if we're talking this sophisticated in terms of spyware they'll have filters to just not act on whatever the PC is then spying on. Also, organizations such as that aren't in the habit of selling off old hardware, most of them properly physically destroy hardware with a crusher for fear of data theft.
– Magisch
2 days ago
|
show 2 more comments
up vote
8
down vote
Well, depends on how you define secure. Are you being actively targeted by a large organization, such as a conglomerate or a government? Or just scared of criminals taking over your webcam to take photos?
If you are in the first group, congratulations! Assume all electronic devices you use tainted. There's so many ways that these organizations can spy on you without your knowledge, whether it's hardware based or software based. Most electronic devices sold today do not come with a board schematic - you have no way to verify if there isn't an extra component added, such as a keylogger, recording your activity.
On the other hand, if you are just a regular guy with nothing sensitive, I wouldn't worry too much. A simple wipe of the hard drive and a reinstall of whatever operating system you prefer would suffice. Maybe reflash the BIOS if you're really, really paranoid.
add a comment |
up vote
8
down vote
Well, depends on how you define secure. Are you being actively targeted by a large organization, such as a conglomerate or a government? Or just scared of criminals taking over your webcam to take photos?
If you are in the first group, congratulations! Assume all electronic devices you use tainted. There's so many ways that these organizations can spy on you without your knowledge, whether it's hardware based or software based. Most electronic devices sold today do not come with a board schematic - you have no way to verify if there isn't an extra component added, such as a keylogger, recording your activity.
On the other hand, if you are just a regular guy with nothing sensitive, I wouldn't worry too much. A simple wipe of the hard drive and a reinstall of whatever operating system you prefer would suffice. Maybe reflash the BIOS if you're really, really paranoid.
add a comment |
up vote
8
down vote
up vote
8
down vote
Well, depends on how you define secure. Are you being actively targeted by a large organization, such as a conglomerate or a government? Or just scared of criminals taking over your webcam to take photos?
If you are in the first group, congratulations! Assume all electronic devices you use tainted. There's so many ways that these organizations can spy on you without your knowledge, whether it's hardware based or software based. Most electronic devices sold today do not come with a board schematic - you have no way to verify if there isn't an extra component added, such as a keylogger, recording your activity.
On the other hand, if you are just a regular guy with nothing sensitive, I wouldn't worry too much. A simple wipe of the hard drive and a reinstall of whatever operating system you prefer would suffice. Maybe reflash the BIOS if you're really, really paranoid.
Well, depends on how you define secure. Are you being actively targeted by a large organization, such as a conglomerate or a government? Or just scared of criminals taking over your webcam to take photos?
If you are in the first group, congratulations! Assume all electronic devices you use tainted. There's so many ways that these organizations can spy on you without your knowledge, whether it's hardware based or software based. Most electronic devices sold today do not come with a board schematic - you have no way to verify if there isn't an extra component added, such as a keylogger, recording your activity.
On the other hand, if you are just a regular guy with nothing sensitive, I wouldn't worry too much. A simple wipe of the hard drive and a reinstall of whatever operating system you prefer would suffice. Maybe reflash the BIOS if you're really, really paranoid.
answered Nov 26 at 11:16
ideaman924
1034
1034
add a comment |
add a comment |
up vote
2
down vote
It is pretty simple really, replace the hard drive, update the bios and use bitlocker or other encryption software to lock the drive once you install the OS.
New contributor
1
Whether that's sufficient or not is entirely dependent on the threat model. What if there's a wireless keylogger in the hardware itself?
– Sneftel
yesterday
add a comment |
up vote
2
down vote
It is pretty simple really, replace the hard drive, update the bios and use bitlocker or other encryption software to lock the drive once you install the OS.
New contributor
1
Whether that's sufficient or not is entirely dependent on the threat model. What if there's a wireless keylogger in the hardware itself?
– Sneftel
yesterday
add a comment |
up vote
2
down vote
up vote
2
down vote
It is pretty simple really, replace the hard drive, update the bios and use bitlocker or other encryption software to lock the drive once you install the OS.
New contributor
It is pretty simple really, replace the hard drive, update the bios and use bitlocker or other encryption software to lock the drive once you install the OS.
New contributor
New contributor
answered Nov 27 at 13:34
aaronzook
288
288
New contributor
New contributor
1
Whether that's sufficient or not is entirely dependent on the threat model. What if there's a wireless keylogger in the hardware itself?
– Sneftel
yesterday
add a comment |
1
Whether that's sufficient or not is entirely dependent on the threat model. What if there's a wireless keylogger in the hardware itself?
– Sneftel
yesterday
1
1
Whether that's sufficient or not is entirely dependent on the threat model. What if there's a wireless keylogger in the hardware itself?
– Sneftel
yesterday
Whether that's sufficient or not is entirely dependent on the threat model. What if there's a wireless keylogger in the hardware itself?
– Sneftel
yesterday
add a comment |
up vote
0
down vote
The only way I can suggest ensuring said device is clean, if you're that concerned, don't buy it.
I typically will buy refurbished. Why pay top dollar for something that is already outdated the same week it his the sale floor? And with replacement parts such as hard drives getting insanely cheaper just copy down the OEM tag if it's a Microsoft Windows or whatever you need from the OS, transfer it to the new hard drive and good as new.
You could also encrypt and zero the sectors so that if something should happen, like your son or daughter as secretly hacking to change their grades, get busted and the drive confiscated, and unknown to you that the previous owners were hackers but instead of having grades, were robbing banks for Bitcoin...you and your kid don't get hit with charges.
New contributor
8
At first I couldn't see how this answered the question. Now I see that it does, sort of, but it's not very clear. Re risks, you name the (astronomically unlikely) risk of getting hit with charges if the drive is confiscated for your kids' grade hacking and evidence of bank robbery by the previous owner is uncovered. Re mitigation, your answer is to "encrypt and zero the sectors." Okay, got it.
– Wildcard
Nov 26 at 22:37
add a comment |
up vote
0
down vote
The only way I can suggest ensuring said device is clean, if you're that concerned, don't buy it.
I typically will buy refurbished. Why pay top dollar for something that is already outdated the same week it his the sale floor? And with replacement parts such as hard drives getting insanely cheaper just copy down the OEM tag if it's a Microsoft Windows or whatever you need from the OS, transfer it to the new hard drive and good as new.
You could also encrypt and zero the sectors so that if something should happen, like your son or daughter as secretly hacking to change their grades, get busted and the drive confiscated, and unknown to you that the previous owners were hackers but instead of having grades, were robbing banks for Bitcoin...you and your kid don't get hit with charges.
New contributor
8
At first I couldn't see how this answered the question. Now I see that it does, sort of, but it's not very clear. Re risks, you name the (astronomically unlikely) risk of getting hit with charges if the drive is confiscated for your kids' grade hacking and evidence of bank robbery by the previous owner is uncovered. Re mitigation, your answer is to "encrypt and zero the sectors." Okay, got it.
– Wildcard
Nov 26 at 22:37
add a comment |
up vote
0
down vote
up vote
0
down vote
The only way I can suggest ensuring said device is clean, if you're that concerned, don't buy it.
I typically will buy refurbished. Why pay top dollar for something that is already outdated the same week it his the sale floor? And with replacement parts such as hard drives getting insanely cheaper just copy down the OEM tag if it's a Microsoft Windows or whatever you need from the OS, transfer it to the new hard drive and good as new.
You could also encrypt and zero the sectors so that if something should happen, like your son or daughter as secretly hacking to change their grades, get busted and the drive confiscated, and unknown to you that the previous owners were hackers but instead of having grades, were robbing banks for Bitcoin...you and your kid don't get hit with charges.
New contributor
The only way I can suggest ensuring said device is clean, if you're that concerned, don't buy it.
I typically will buy refurbished. Why pay top dollar for something that is already outdated the same week it his the sale floor? And with replacement parts such as hard drives getting insanely cheaper just copy down the OEM tag if it's a Microsoft Windows or whatever you need from the OS, transfer it to the new hard drive and good as new.
You could also encrypt and zero the sectors so that if something should happen, like your son or daughter as secretly hacking to change their grades, get busted and the drive confiscated, and unknown to you that the previous owners were hackers but instead of having grades, were robbing banks for Bitcoin...you and your kid don't get hit with charges.
New contributor
edited Nov 26 at 19:10
schroeder♦
71.9k29156191
71.9k29156191
New contributor
answered Nov 26 at 17:35
Syntaxxx Err0r
172
172
New contributor
New contributor
8
At first I couldn't see how this answered the question. Now I see that it does, sort of, but it's not very clear. Re risks, you name the (astronomically unlikely) risk of getting hit with charges if the drive is confiscated for your kids' grade hacking and evidence of bank robbery by the previous owner is uncovered. Re mitigation, your answer is to "encrypt and zero the sectors." Okay, got it.
– Wildcard
Nov 26 at 22:37
add a comment |
8
At first I couldn't see how this answered the question. Now I see that it does, sort of, but it's not very clear. Re risks, you name the (astronomically unlikely) risk of getting hit with charges if the drive is confiscated for your kids' grade hacking and evidence of bank robbery by the previous owner is uncovered. Re mitigation, your answer is to "encrypt and zero the sectors." Okay, got it.
– Wildcard
Nov 26 at 22:37
8
8
At first I couldn't see how this answered the question. Now I see that it does, sort of, but it's not very clear. Re risks, you name the (astronomically unlikely) risk of getting hit with charges if the drive is confiscated for your kids' grade hacking and evidence of bank robbery by the previous owner is uncovered. Re mitigation, your answer is to "encrypt and zero the sectors." Okay, got it.
– Wildcard
Nov 26 at 22:37
At first I couldn't see how this answered the question. Now I see that it does, sort of, but it's not very clear. Re risks, you name the (astronomically unlikely) risk of getting hit with charges if the drive is confiscated for your kids' grade hacking and evidence of bank robbery by the previous owner is uncovered. Re mitigation, your answer is to "encrypt and zero the sectors." Okay, got it.
– Wildcard
Nov 26 at 22:37
add a comment |
protected by Community♦ yesterday
Thank you for your interest in this question.
Because it has attracted low-quality or spam answers that had to be removed, posting an answer now requires 10 reputation on this site (the association bonus does not count).
Would you like to answer one of these unanswered questions instead?
9
Is this question theoretical or practical in nature? I would argue that buying a computer off an unknown third party would be farily low risk if you format (or replace) the storage devices and clear the BIOS. A lot of exploits are discovered through thousands of attack attempts, which is feasible in a digital environment. It would be far less so when operating in the real world, sending out tons of compromised systems hoping for a worthwhile target to buy them.
– Brian R
Nov 26 at 16:28
8
This is a very broad question.
– Billal Begueradj
Nov 27 at 5:24
3
A significant number of weird crashes reported to Microsoft are most plausibly explained by people buying used machines that incompetent or unscrupulous former owners have severely overclocked. It might be worth checking whether the observed clock speed matches the manufacturer's recommendation.
– Eric Lippert
Nov 27 at 18:11
3
I'd also point out that there is no guaranteed that if you buy a computer new from amazon or a shop it's actually 100% new... during assembly, storage, transport etc from the production plant to your home many people could have a chance to stay a significant amount of time unattended with the hardware. Sure, it's probably harder to do and to avoid it being noticed but you are not 100% sure that a new computer wasn't tampered with either.
– Bakuriu
Nov 27 at 18:54
5
Define "risks." Are you worried about it being potentially stolen? Counterfeited? Loaded with spyware? Packed with C4 to assassinate you?
– HopelessN00b
Nov 27 at 19:21