I am a noob. I am wondering: are there security issues with buying a second hand Framework laptop (I cannot really afford a new one)?

I am thinking here specifically of people having loaded malicious BIOS or put in extra chips to do…”bad things”…

  • Avid Amoeba
    link
    fedilink
    arrow-up
    17
    ·
    3 months ago

    It’s not impossible but I’d say it’s unlikely. This is not a scalable way to do bad things while it costs a lot. That’s why it’s typically reserved for targeted bad things. I.e. someone wants to do bad things to you specifically. For example if you’re an uncomfortable journalist. If there’s a machine put up on the wide second hand market for anyone to buy, it’s probably not one of those cases.

  • SteveTech@programming.dev
    link
    fedilink
    English
    arrow-up
    3
    ·
    edit-2
    3 months ago

    Just to freak you out, I’ve played around with the EC on my Framework, and it really wouldn’t be hard for someone to create a modified firmware with a key logger built in or something. But AFAIK the EC doesn’t have internet access or a way to screw with the OS, so it would be mildly pointless without accompanying software.

    Modifying the BIOS seems slightly more difficult, although I think some Frameworks are still vulnerable to LogoFAIL.

    I wouldn’t worry about extra chips, they’d either be quite noticeable that they shouldn’t be there, or too expensive to be wasted on a stranger.

    So the chances are, unless you’ve got some proper enemies, it’s fine. I’d definitely update the BIOS (which also updates the EC), and fresh install Windows/Linux, but that’s as far as I’d go.