Firmware / Bios Malware & Refurbished PC's

I am trying to open up an exploratory conversation, on the topic of bios/firmware Malware, on second hand and refurbished machines.

Simple truth - our friends and family will buy recycled units. Many charities & NGO's will also buy the same.

Now - As the IT guy that is often asked/paid to prep these systems when they arrive, i'm asking you all - how would the community address this type of risk/threat?

What would you do, to ensure a recycled/repurposed/donated machine is truly 'cleaned' (other than sanitising/securing erasing hdd/ssd)?

Aim of this thread is to have an open discussion, explore the topic - in hopes there is knowledge and wisdom to be gained & shared.

I doubt if there's any malware in the BIOS of refurbished machines these days -- If you are any sort of "Sensible hacker" there's many easier ways of "getting access to stuff you shouldn't" and things like Windows defender have perfectly good protection against that sort of rubbish. Besides the average person who buys a refurbished PC is hardly likely to be a great source of wealth either.

I think people are FAR TOO PARANOID these days -- you are far more likely to get scammed or have identity theft judging by the amount of intimate personal data people just chuck out on to publicly accessible social media sites.

That said -- you can get some really good deals on small re-furbished servers that work brilliantly as NAS's and most of these are sold by reputable companies / organisations.

For a backup NAS I got an old Proliant Gen 8 HP microserver -- populated it with 4 old HDD's I have spare in the 4 bay enclosure - swapped the DVD for an SSD, put a USED XEON processor in it (cost €20 from Amazon refurbishment store) and it works brilliantly as a file /media server and backup device for my main NAS plus Windows clients. The thing cost me €78 with 16 GB memory and I just replaced the Celeron CPU with the XEON. It can also handle W11 VM's too -- the XEON with 8 cores and hyperthreading is more than powerful enough - and the whole thing can be controlled via SSH -- from Windows laptops just install openssh-server from add optional features and on Linux clients ensure service SSHD is up and running (package openssh). Samba is also a good idea to have running on the NAS and filezilla is an easy front end GUI to have on both Windows and Linux clients for really easy file transfers both ways.

There's too much electronics going to landfill these days -- things like file serving, backups, media streaming etc don't need huge processing power with video cards that almost need the ouput of a nuclear power station to run them and a river the size of the Mississipi to cool them.

Note also servers are generally built to run efficiently 24/7 so for a NAS it's an excellent cheap way of having a reliable machine.

Cheers
jimbo

I suggest that you run a Defender quick scan & a Defender offline scan on each machine.
Run Defender scans - ElevenForumTutorials
Windows Defender Offline Scan - ElevenForumTutorials [to detect rootkits]
but I know of nothing that would search for malware in the Bios.


All the best,
Denis

KingDing said:

Simple truth - our friends and family will buy recycled units. Many charities & NGO's will also buy the same

Click to expand...

I don’t know any family member that would buy a refurbished machine.
80% of the work I do is for Not for profit organisations and charities, I’ve never known any to do this.

KingDing said:

Now - As the IT guy that is often asked/paid to prep these systems when they arrive

Click to expand...

As the “IT Guy” how many refurbished systems do you come across with BIOS/Firmware malware? I’ve personally never heard of it being found, but that doesn’t mean it doesn’t happen.

KingDing said:

What would you do, to ensure a recycled/repurposed/donated machine is truly 'cleaned' (other than sanitising/securing erasing hdd/ssd)

Click to expand...

I’d have them stripped, disposed of. All you’re giving to someone when giving an outdated used PC is a world of trouble in my opinion.
Families in need with children in schools have access to special programs equipped to help them with devices, hardly any pre school uses a PC anymore, everything is done on a tablet. High schools have payment programs and welfare plans for laptops.
Not for profit have tax breaks, charities use donations to purchase PC’s.

My two cents.

antspants said:

I don’t know any family member that would buy a refurbished machine.
80% of the work I do is for Non for profit organisations and charities, I’ve never known any to do this.

As the “IT Guy” how many refurbished systems do you come across with BIOS/Firmware malware? I’ve personally never heard of it being found, but that doesn’t mean it doesn’t happen.

I’d have them stripped, disposed of. All you’re giving to someone when giving an outdated used PC is a world of trouble in my opinion.
Families in need, with children in schools have access to special programs equipped to help them with devices, hardly any pre school uses a PC anymore, everything is done on a tablet. High schools have payment programs and welfare plans for laptops.
Not for profit have tax breaks, charities use donations to purchase PC’s.

My two cents.

Click to expand...

There's plenty of uses for older machines -- In over 25 years of using Windows I've never come across an instance of malware in the BIOS chip. It's just not worth people doing it -- rewards will be trivial compared to other stuff.

There's a huge amount of non recyclable toxic heavy metal (and not music either) material in used electronics -- I think there's actually a stigma against buying a refurbished machine -- people don't seem to have any problems buying used cars which are far more likely to have serious faults in them than when buying a used server.

I like and appreciate new technology and will buy if I need it - but I'd bet out there 90% of those computers that are capable of running Windows 10 or Windows server up to Server 2022 would still be perfectly good as backup machines or whatever -- and most charities etc IMO don't need mega powerful machines --just stuff with decent Internet connection, good financial app to track donations, tax liabilities and expenses, decent email, and an office suite.

Forget all bout that 2050 Net zero nonsense -- start consuming intelligently now and if it works properly don't waste it.

Cheers
jimbo

You could always reflash the BIOS chip with a known good BIOS - both via the usual way or via a chip programmer. I had to do the latter to un-brick an Asus motherboard not so long ago.

Someone else might be able to advise if there are areas of the BIOS which are impossible to wipe and reset - and whether that would be able to hold malware anyway.

jimbo45 said:

There's plenty of uses for older machines -- In over 25 years of using Windows I've never come across an instance of malware in the BIOS chip. It's just not worth people doing it -- rewards will be trivial compared to other stuff.

There's a huge amount of non recyclable toxic heavy metal (and not music either) material in used electronics -- I think there's actually a stigma against buying a refurbished machine -- people don't seem to have any problems buying used cars which are far more likely to have serious faults in them than when buying a used server.

I like and appreciate new technology and will buy if I need it - but I'd bet out there 90% of those computers that are capable of running Windows 10 or Windows server up to Server 2022 would still be perfectly good as backup machines or whatever -- and most charities etc IMO don't need mega powerful machines --just stuff with decent Internet connection, good financial app to track donations, tax liabilities and expenses, decent email, and an office suite.

Forget all bout that 2050 Net zero nonsense -- start consuming intelligently now and if it works properly don't waste it.

Cheers
jimbo

Click to expand...

Gem of a joke about music aside; 12 months ago I would of agreed with you, I even advocated in one of Scannermans threads about recycling. But with the changes looming to Windows, 10 being buried and 11… (Eleven, to be honest I’d never install it on a novices machine) Eleven possibly changing hardware requirements with 24H2, I now think differently.

So heres an interesting angle.

For those in the IT game that say 'never buy a refurbished/recycled machines' - then you'll avoid this concern.

What happens when the 'brand new' machine you purchased instead, gets one of these types of malware. Are you suggesting you would bin it?

@antspants

My last word on this.

Just to re-iterate - a few refurbished things I've got have performed far better than expected, done the job requested of them and saved me a whole serious slew of money (have to hide it before the politicians get at it).

Thanks Luxembourg !!!!!!.

I'm sure wherever you live you've got politicians devising ever more ways of separating you from your tax dosh to spend on bloated and vanity projects that they hope to make them seem good. !!!! I saw on TV recently that Hamas - whatever the rights and wrongs of that whole sorry and sordid mess etc have built more tunnels and infrastructure in the Gaza strip underground than the entire London Metro ("Tube") has - and that's a HUGE system. !!!!! Don't you wonder where that money came from --Iran can't afford that sort of capital outflow !!!! even though it probably chucks in a load of help. As the US says "Your tax dollars at work"

UK,US, AUS ,NZ,CAN etc don't have a monopoly on bad politicians -- we even have them too. !!!

People won't change their views on this I know - (I still BTW think W10 is a better OS from usability than the sort of convoluted mess W11 is becoming) - and as for insisting on a 12 year old piece of hardware (TPM 2) is required to run W11 and be used for any sort of security (I know you can get round it- but that's not the point) is just PLAIN BONKERS.

Anyway that's my feelings on this and if I get even one person to reduce stuff to landfill - then I'm satisfied.

So I'll exit this thread gracefully I hope.

Cheers
jimbo

What I do is I always flash the bios with the latest firmware from the manufacturer, even if its already on that version. I then disable bios rollback feature. Makes me feel better, but again, as everyone pointed out it is highly unlikely.

Scams and the like are much more effective money makers. Malware in the firmware and things like that would only happen if you were specifically targeted, and if you were someone in that position, you would know how likely it is to happen. But the average person does not have much to worry about.

Having said that, the most dangerous malware and other things that exist out there can hide from windows defender and the top antimalware apps and all windows safety measures regardless of settings. You would never even know you were infected. (though funny enough sometimes uac set to always notify can block some things-which is not the default I might add. Even to this day microsoft has never fixed this making uac useless at the default setting) But again, this is usually targeted and calculated for that target or person.

Most average users have to worry about scams and other things, not malware on a sophisticated scale. Ai might change that down the road though.

Any PC that's had a problem and had to go to the Repair Shop, is now using a refurbished PC. They're everywhere!!!
Every one of the 12 PC's I own is a refurbished PC, , , Discarded by someone else, and, Refurbished by ME!

If I were to actually buy a "Refurbished" PC, like I've purchased Refurbished Printers, and if I had any question about the OS being compromised, I'd just wipe the HD and install my own OS.
A person with limited means, can get a pretty good deal on a Refurbished PC, from a reputable source.

TM

Well, folks, things are always changing in the computer world. I got a new Dell Vostro desktop back in Apr. '22, it works fine but one thing I didn't have in older machines was the included OEM Updates. This machine actually has a Dell feature that can update the BIOS and other things from within Windows so if Windows can get infected what would keep that from happening to the BIOS.


The older machines, back to when I started work in a computer shop, always required booting to an external disk [outside of the installed OS] to update the BIOS.

I think I'd like to gently bring the thread back to the issue of how to deal-with/uncover/remediate/mitigate against BIOS & FIRMWARE malware - specifically.

(The truth is, recycled / refurbished machines ARE a thing and will be so for the foreseeable future).

It used to be easy. Sanitise/Secure-erase any storage. Fresh install. Job done.

However, BIOS/FIRMWARE MALWARE is, increasing - not decreasing (in prevalence).

I'm trying to get to grips with strategies to deal with this emerging and growing threat.

Open to opinions...

KingDing said:

(The truth is, recycled / refurbished machines ARE a thing and will be so for the foreseeable future).

Click to expand...

Agreed and I will keep doing it as long as I can, there's always a part or that can be reused. I acquired a 2019 HP Desktop and a 2019 HP Notebook [different clients] that I fixed, they work fine and aren't in the landfill. A year ago I sent 4 Notebooks I had fixed up with a missionary to a church school in Honduras. I've donated a few locally.

Berton said:

Agreed and I will keep doing it as long as I can, there's always a part or that can be reused. I acquired a 2019 HP Desktop and a 2019 HP Notebook [different clients] that I fixed, they work fine and aren't in the landfill. A year ago I sent 4 Notebooks I had fixed up with a missionary to a church school in Honduras. I've donated a few locally.

Click to expand...

This is part of the work I do.

Refurbish & donate to worth causes.

I'm here in europe and we're going through what is being called 'The Cost Of Living Crisis'. People are turning to Refurbished and Reuse/Recycle schemes to lighten the burden.

However - even if refurbished or donated, the job has to be done right. Hence my questions.

Plus - even we take refurbs/recycled machines out of the picture. What if your brand new/factory fresh machine somehow gets a BIOS/FIRMWARE virus -
the challenge still needs to be met.

I'm asking for strategies and approaches that the community are using to deal with this growing concern?

Berton said:

This machine actually has a Dell feature that can update the BIOS and other things from within Windows so if Windows can get infected what would keep that from happening to the BIOS.

Click to expand...

This has been a thing for quite a long time. I did this back in windows xp. You can also update the bios over the internet from the bios itself usually as well for hp and dell machines. The way the oem tool usually works is there is a special identifier that the oem has for each bios and version. It looks for this specific key and validates the hash of the bios file being loaded and ensures that the file is valid before being loaded into the bios. (Sorta similar to digital signing of a file.) Now of course malware could infect it for sure, but usually there is enough safeguards to prevent this.

Again, the average user in general does not have much to worry about with this. Any modern machine past 2015 or so has additional measures in place to prevent malicious firmware. If you use custom built machines, with motherboards from msi or asus and such this can be slightly more of a worry as most motherboard custom built manufacturers don't do much for security for their boards other than the bare minimum requirements for windows. Dell, HP, and other OEM care a little more as a lot of their machines are also business machines, so they are protected much better.

KingDing said:

I think I'd like to gently bring the thread back to the issue of how to deal-with/uncover/remediate/mitigate against BIOS & FIRMWARE malware - specifically.

(The truth is, recycled / refurbished machines ARE a thing and will be so for the foreseeable future).

It used to be easy. Sanitise/Secure-erase any storage. Fresh install. Job done.

However, BIOS/FIRMWARE MALWARE is, increasing - not decreasing (in prevalence).

I'm trying to get to grips with strategies to deal with this emerging and growing threat.

Open to opinions...

Click to expand...

There really isn't much you can do, so worrying about it doesn't solve anything. The whole point of firmware attacks is they are silent and designed so they can't be detected. As I said, flashing the bios to the latest version and disabling rollback can possibly help. But other than that, it's on manufactures to fix. The firmware attacks I have seen increasing are on things like routers and the like, which is much more dangerous. But again, there is not much you can do here. As for computers in general, the firmware attacks are usually on government machines or other large fortune 500 companies, not the average user machines. It is specifically targeted. If you are getting refurbished machines, it's highly unlikely your getting it from one of those places, as they are usually destroyed and replaced instead of just being recycled.

KingDing said:

I'm asking for strategies and approaches that the community are using to deal with this growing concern?

Click to expand...

One thing I have to keep in mind is that the only time 2 or more computers are exactly alike is when on the sellers shelves, once sold and set up by a User they are no longer alike, at least one thing has changed them. All that to say that strategies will always be run afoul by those changes and we can only do our best to fix them. I always set a computer up on my workstation and try to determine what works, what doesn't and go from there, usually to a drive wipe with the GPARTED program on a bootable Linux Mint USB Thumb drive or DVD+R disc, gets rid of all partitions to an as-shipped condition.

KingDing said:

I'm asking for strategies and approaches that the community are using to deal with this growing concern?

Click to expand...

I think I am fairly typical in that I am not doing anything about the risk of Bios malware.


Denis

I regularly buy off lease business class machines which are designed and built for long term use and originally had a fat pricetag. I never buy consumer or gaming grade systems. Many come to me with a clean install of the OS. In those cases I low-level format and do my own install. Others come with no drive installed.I reflash bios and install whichever OS is the latest the hardware is compatible with. Since 11 has been out 2 1/2 years, one can now get really good deals on systems that are 100% compatible with it. I won't install 11 on any incompatible hardware nor will I install any insider version of it.

I've been doing this since my retirement 23 years ago. It's kept my mind sharp(er) and I've helped a lot of buyers who want good solid machines but either can't afford or don't want to pay new prices. I am not the least bit paranoid that there's a UEFI bootkit in any of them.

KingDing said:

As the IT guy that is often asked/paid to prep these systems when they arrive

Click to expand...

Can you clarify, are you an IT guy or is that a part of the hypothetical?