It's probably about the same as when the devices were new. If the firmware is unmodified, then it brings the same risks it has always brought. It's going to be running some kind of embedded Linux which has not been updated since it was manufactured.

When those devices were new on the market there were more than a few demos online about how to replace the firmware, but that is unusual and aside from some conference demos, there haven't been any articles about updating that kind embedded device.

1 members found this post helpful.

Thanks, but isn't the risk buying 2nd hand the fact that whoever had it before, or any more times down the line, has had a chance to tamper with it and potentially put whatever malware they want on there whereas fresh sealed box from the manufacturer this is not going to be an issue - not impossible by a rogue employee but least likely to have been tampered with.

IT is always possible. Some things come from the FACTORY with ROM malware installed! Secondhand is added risk, but ALL second hand equipment is a risk.

The question is "Are you prepared to evaluate and reduce that risk in your handling of the equipment?", although I think if you were you would not be posting the question HERE.

Only you will know what you plan to do with the used hardware, what will be at risk, and if that risk is acceptable to YOU.

-------------
For context, I am running a used laptop. When I got it I flashed the firmware, swapped out the internal drive, cleaned it, and installed a diagnostic OS and checked the hardware and firmware functions before picking an OS to load onto it. Took me about a week and was fun at times, but mostly really boring.

You only have a dongle to deal with. You want to check it against factory specs and make sure it was not somehow flashed with something nasty, but it really does not have parts to swap or extra complexity after that.

Just do not plug it into anything that you care that it might infect on day 1. Take time to verify it first.

1 members found this post helpful.

Thanks. Yes that was to be a follow up question, how to check nothing untoward is on it.

Can I load it while running a livecd on main machine or is that too a nono? I don't have the luxury of spare machines lying around to use as test beds.

Well my mum has an old laptop she doesn't use any more. I could use that. But it would auto connect to the internet probably in wifi and also local network I guess of all other computers in the house. It was simple to disconnect from other machines when using a wired connection/desktop machine as you can just either pull the cat plug and/or remove the related, usually, pci board. I am not familiar with how you 'airgap' a laptop given that they are made not to be opened up?

How does one even test for hidden malware on one of these things though? How to be sure there is not something lying in wait if it didn't spring up immediately? I imagine a keylogger would go unnoticed and all your stuff would be stolen before you knew it was there.

Should I flash it again with the same version as it already contains to wipe it? I specifically can't upgrade the firmware as the whole reason I want an old one is due to old firmware .

It is reassuring to know you indeed are using a used machine yourself.
My threat model is 'normal' but normal in that I use it for accessing all financial so would not want that compromised.

The odds are EXTREMELY small that you would find firmware with malware on it that would do the network jump thing.
If you can mount it and view the storage on it, then there is value in running scans on the UNMOUNTED (when you need to mount it mount it R/O) device from a machine booting from CD (or write protected USB) on a machine with no hard drive and no network connection.
I have used ClamAV, then Malwarebytes, and rootkit hunter (or another rootkit detector). There is a 90%+ chance the device is clean, but if it is NOT then a 90%+ chance that only ONE of those kinds of tools will detect the malware.

(Malwarebytes runs on Android, Windows, and those machines from the little fruit company. I do not recall what would do the same job from Linux as I have not needed it for several years now. I hope someone has it in top of mind and will comment here.)
If there is nothing there that can be mounted, then there are other questions but then it is unlikely any malware will do you damage.

IF you decide to flash it, make sure you get your firmware image direct from the vendor support site and check the CRC code for the file to ensure it has either not been tampered with, or that the tempering was done my a competent criminal. My take is that this would be overkill if scanning does not trigger on a threat, but a good step to remediate the issue if it DOES.