Is it safe to buy a second hand 4g dongle online in terms of it having some malware or such?
Linux - HardwareThis forum is for Hardware issues.
Having trouble installing a piece of hardware? Want to know if that peripheral is compatible with Linux?
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Guys just how risky is buying 2nd hand I want clarification on that?
It's probably about the same as when the devices were new. If the firmware is unmodified, then it brings the same risks it has always brought. It's going to be running some kind of embedded Linux which has not been updated since it was manufactured.
When those devices were new on the market there were more than a few demos online about how to replace the firmware, but that is unusual and aside from some conference demos, there haven't been any articles about updating that kind embedded device.
It's probably about the same as when the devices were new. If the firmware is unmodified, then it brings the same risks it has always brought. It's going to be running some kind of embedded Linux which has not been updated since it was manufactured.
When those devices were new on the market there were more than a few demos online about how to replace the firmware, but that is unusual and aside from some conference demos, there haven't been any articles about updating that kind embedded device.
Thanks, but isn't the risk buying 2nd hand the fact that whoever had it before, or any more times down the line, has had a chance to tamper with it and potentially put whatever malware they want on there whereas fresh sealed box from the manufacturer this is not going to be an issue - not impossible by a rogue employee but least likely to have been tampered with.
Thanks, but isn't the risk buying 2nd hand the fact that whoever had it before, or any more times down the line, has had a chance to tamper with it and potentially put whatever malware they want on there whereas fresh sealed box from the manufacturer this is not going to be an issue - not impossible by a rogue employee but least likely to have been tampered with.
IT is always possible. Some things come from the FACTORY with ROM malware installed! Secondhand is added risk, but ALL second hand equipment is a risk.
The question is "Are you prepared to evaluate and reduce that risk in your handling of the equipment?", although I think if you were you would not be posting the question HERE.
Only you will know what you plan to do with the used hardware, what will be at risk, and if that risk is acceptable to YOU.
-------------
For context, I am running a used laptop. When I got it I flashed the firmware, swapped out the internal drive, cleaned it, and installed a diagnostic OS and checked the hardware and firmware functions before picking an OS to load onto it. Took me about a week and was fun at times, but mostly really boring.
You only have a dongle to deal with. You want to check it against factory specs and make sure it was not somehow flashed with something nasty, but it really does not have parts to swap or extra complexity after that.
Just do not plug it into anything that you care that it might infect on day 1. Take time to verify it first.
IT is always possible. Some things come from the FACTORY with ROM malware installed! Secondhand is added risk, but ALL second hand equipment is a risk.
The question is "Are you prepared to evaluate and reduce that risk in your handling of the equipment?", although I think if you were you would not be posting the question HERE.
Only you will know what you plan to do with the used hardware, what will be at risk, and if that risk is acceptable to YOU.
-------------
For context, I am running a used laptop. When I got it I flashed the firmware, swapped out the internal drive, cleaned it, and installed a diagnostic OS and checked the hardware and firmware functions before picking an OS to load onto it. Took me about a week and was fun at times, but mostly really boring.
You only have a dongle to deal with. You want to check it against factory specs and make sure it was not somehow flashed with something nasty, but it really does not have parts to swap or extra complexity after that.
Just do not plug it into anything that you care that it might infect on day 1. Take time to verify it first.
Thanks. Yes that was to be a follow up question, how to check nothing untoward is on it.
Can I load it while running a livecd on main machine or is that too a nono? I don't have the luxury of spare machines lying around to use as test beds.
Well my mum has an old laptop she doesn't use any more. I could use that. But it would auto connect to the internet probably in wifi and also local network I guess of all other computers in the house. It was simple to disconnect from other machines when using a wired connection/desktop machine as you can just either pull the cat plug and/or remove the related, usually, pci board. I am not familiar with how you 'airgap' a laptop given that they are made not to be opened up?
How does one even test for hidden malware on one of these things though? How to be sure there is not something lying in wait if it didn't spring up immediately? I imagine a keylogger would go unnoticed and all your stuff would be stolen before you knew it was there.
Should I flash it again with the same version as it already contains to wipe it? I specifically can't upgrade the firmware as the whole reason I want an old one is due to old firmware .
It is reassuring to know you indeed are using a used machine yourself.
My threat model is 'normal' but normal in that I use it for accessing all financial so would not want that compromised.
Last edited by linuxuser371038; 05-13-2024 at 03:05 AM.
Thanks. Yes that was to be a follow up question, how to check nothing untoward is on it.
Can I load it while running a livecd on main machine or is that too a nono? I don't have the luxury of spare machines lying around to use as test beds.
Well my mum has an old laptop she doesn't use any more. I could use that. But it would auto connect to the internet probably in wifi and also local network I guess of all other computers in the house. It was simple to disconnect from other machines when using a wired connection/desktop machine as you can just either pull the cat plug and/or remove the related, usually, pci board. I am not familiar with how you 'airgap' a laptop given that they are made not to be opened up?
How does one even test for hidden malware on one of these things though? How to be sure there is not something lying in wait if it didn't spring up immediately? I imagine a keylogger would go unnoticed and all your stuff would be stolen before you knew it was there.
Should I flash it again with the same version as it already contains to wipe it? I specifically can't upgrade the firmware as the whole reason I want an old one is due to old firmware .
It is reassuring to know you indeed are using a used machine yourself.
My threat model is 'normal' but normal in that I use it for accessing all financial so would not want that compromised.
The odds are EXTREMELY small that you would find firmware with malware on it that would do the network jump thing.
If you can mount it and view the storage on it, then there is value in running scans on the UNMOUNTED (when you need to mount it mount it R/O) device from a machine booting from CD (or write protected USB) on a machine with no hard drive and no network connection.
I have used ClamAV, then Malwarebytes, and rootkit hunter (or another rootkit detector). There is a 90%+ chance the device is clean, but if it is NOT then a 90%+ chance that only ONE of those kinds of tools will detect the malware.
(Malwarebytes runs on Android, Windows, and those machines from the little fruit company. I do not recall what would do the same job from Linux as I have not needed it for several years now. I hope someone has it in top of mind and will comment here.)
If there is nothing there that can be mounted, then there are other questions but then it is unlikely any malware will do you damage.
IF you decide to flash it, make sure you get your firmware image direct from the vendor support site and check the CRC code for the file to ensure it has either not been tampered with, or that the tempering was done my a competent criminal. My take is that this would be overkill if scanning does not trigger on a threat, but a good step to remediate the issue if it DOES.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
.
