I am a noob. I am wondering: are there security issues with buying a second hand Framework laptop (I cannot really afford a new one)?

I am thinking here specifically of people having loaded malicious BIOS or put in extra chips to do…”bad things”…

  • SteveTech@programming.dev
    link
    fedilink
    English
    arrow-up
    2
    ·
    edit-2
    2 months ago

    Just to freak you out, I’ve played around with the EC on my Framework, and it really wouldn’t be hard for someone to create a modified firmware with a key logger built in or something. But AFAIK the EC doesn’t have internet access or a way to screw with the OS, so it would be mildly pointless without accompanying software.

    Modifying the BIOS seems slightly more difficult, although I think some Frameworks are still vulnerable to LogoFAIL.

    I wouldn’t worry about extra chips, they’d either be quite noticeable that they shouldn’t be there, or too expensive to be wasted on a stranger.

    So the chances are, unless you’ve got some proper enemies, it’s fine. I’d definitely update the BIOS (which also updates the EC), and fresh install Windows/Linux, but that’s as far as I’d go.