There is often the view that if you purchase preowned hardware (especially from a third party), that it is not as good as buying it directly from the vendor. However, as one of our previous blogs have examined, buying preowned hardware is just as good, if not better, than getting it straight from the source. But just like anything else, there can be security risks involved. In this blog, we examine those risks and provide tips as to how you can mitigate them.
The Top Security Risks
*Keylogging software may be installed:
Keyloggers are software packages that can be deployed on just about any computer, server, or wireless device. The intention of this is to secretly record what you are typing, which is then transmitted back to the previous hardware owner. Keyloggers can be very difficult to detect.
*Malware could be present:
This is a more advanced version of a Keylogger. For example, it can record your web browsing history, install cookies without your consent, and even search your computer for other types of personal information that you may have stored on the hard drive. In more extreme cases, it can even view your presence through the webcam.
*It could be the target for Cryptojacking:
Cryptomining software typically mines for the virtual currencies, such as Bitcoin, etc. However, this requires more processing power and electrical consumption on part of your preowned hardware. Thus, it could be the case that the seller has actually installed this onto your hardware, so that they can illegally mine for these currencies (which is technically known as “Cryptojacking”). The tell-tale signs of this include slower than normal speeds when using your computer or wireless device.
*Deleted files can still be lurking:
When you delete a file from your computer, there are still traces of it in your hard drive. For example, although you may not see that file anymore where it was originally stored, it is still in your system. All that deleting does is simply mark that specific file so that it can be overwritten with a brand new one. Worst yet, these deleted files could even contain some sort of malware (such as a Trojan Horse) that can be secretly launched when you turn on your preowned hardware for the first time.
How to Mitigate the Risks of Preowned Hardware
Here are some tips to make sure that you stay safe:
*Wipe the hard drive clean:
Before you actually start creating and storing files, make sure that you have wiped out the hard drive just after you purchase your preowned hardware. This is often referred to as “nuking”, and there are many tools available that can help you accomplish this task. Not only will any existing files be completed flushed out, but any “junk” data as well.
*Replace the hard drive:
If for some reason you are unable to “nuke” the hard drive, then the next best option would be to replace it in its entirety. But you have to make sure that you can actually procure this from a reliable source. This all depends on how old your preowned hardware is. The older it is, the more difficult it will be to find the right hard drive.
*Make sure that the BIOS is updated:
Always check for the latest updates as it relates to the BIOS. Make sure that you download and install the latest version, in order to get rid of any surprises that could still be lurking in the preowned hardware. This process is known as “flashing the BIOS”.
Tips to Make Sure That You Avoid These Security Risks
*Make sure that the pre-owned hardware has been 100% refurbished to factory specs:
The hardware needs to have the most updated versions of both firmware and software. It also must be tested to ensure that it is operating within the appropriate specifications. Make sure that it is certified as well.
*Make sure that you have the same warranty plans in place:
You need to double check that the preowned hardware that you are about to purchase is backed by the same warranty plan as the manufacturer offers. In addition to this, you also need to make sure that you have the equivalent support and maintenance plans as well. If this is not in place, you could potentially lose a lot of money if the equipment does not work properly.
*There are no hidden costs:
You should be paying the retail price and nothing more. Be wary of any hidden and inflated costs. If there are any, these should be a red flag to you. Also, be aware of any products in which the “prices are too good to be true”. There could be defects with them, and could even pose a grave security risk to your company.
*Confirm that the reseller is certified by the OEM:
While the prices might be much cheaper at eBay or Amazon, there is no guarantee that the product you are getting has been tested, or even has a warranty plan with it. You should always procure your hardware from an authorized reseller, and one that has been certified by the OEM. That way you are assured that you are buying the real thing.
It is important to keep in mind that not all Cyber attacks have to be digitally related. A lot can happen at the hardware level too, especially when it comes to using portable media devices and other such related items. But even with refurbished hardware, just because everything has been supposedly “wiped clean” does not necessarily mean that there is stuff still not lingering on them, which can pose a very serious security down the road.
It’s just like deleting a file, like a .DOC or .XLS file. Just because you do a right click with the mouse and delete it, it is always still in your system. Really in the end, there is no way to guarantee that by getting a refurbished device that it will be totally wiped clean.
Therefore, if you choose to get refurbished equipment, then always make sure to go with a very reputable dealer, as stated before, and get the best warranty plan that is possible, so if something does go wrong, at least it can be fixed or replaced.
Remember, it comes down to this old adage: You get what you pay for.