Can’t wait until this spurs the security community into doing a deep look at the roms on these cheap Chinese boards. Yeah the malware was caught - but what’s more important is the intent. This is a country that is constantly behind breaches and botnets… and here we have these PCs being marketed as router replacents and mini servers. It doesn’t take much to figure out that this is free back door territory.
Yes! I’ve been telling this to friends who keep buying Chinese boards to use as routers and NAS … wth
but what’s more important is the intent
Afaik, the problem was a trojan inside the cracked windows images they used to avoid paying for windows keys. I doubt the intent was to create a botnet, it seems more like generic cybercrime.
I personally always wipe the preinstalled OS to avoid issues like this. However, make sure to use a clean image directly from the source. Simply reinstalling from within Windows wouldn’t have helped in this case, because the malware was part of the recovery files.
The story originated from a video from the “The Net Guy Reviews” YouTube channel. Most articles I’ve seen so far oversimplify the issue and/or get facts wrong, therefore I recommend checking out the original video if you want to learn more.
Yeah malware is everywhere - This could simply be a product of an individual actor abusing their position in a supply chain… but this also goes for hardware as well. It is certainly a more difficult vector to attack from but due to its ‘level’ it’s a valuable position to compromise.
It comes pre installed with Windows, so that’s a given isn’t it?
You’re repeating what @sugartits@lemmy.world said 😉
Remember kids if you’re going to buy a Chinese pre-built, wipe that shit before use.
Remember kids if you’re going to buy a
Chinesepre-built, wipe that shit before use.
Always wipe and start fresh. Yes, Chinese brands seem to be worse about security, but there’s no reason to keep bloatware and FSM only know what other crapware the OEM installed.
To me that always applies, irregardless of the manufacturer. Supply chain attacks are a thing, they are not even necessarily targeted. “I’m not interesting enough” does not apply: everyone has contact with other people, mostly everyone has (or will have) voting rights, and some will have authority over other people.
Yup, I don’t trust it to not install a rootkit on the BIOS or something. Buy from reputable companies, and if you get a prebuilt PC, you’ll probably want to reinstall Windows to get all of the adware off. If you don’t use Windows, you’re probably fine with just buying from a reputable vendor.
That’s what I’m always most paranoid about - buying storage and having some bad actor insert malicious code through unusual means.
Kinda low effort when just a windows defender scan can detect it.
This is why we do fresh installs on new hardware. Preferably Linux 🙂
Unfortunetaly, that does close to nothing when the issue is spyware on firmware
According to this Tom’s Hardware article (https://www.tomshardware.com/desktops/mini-pcs/mini-pc-maker-ships-systems-with-factory-installed-spyware-acemagic-says-issue-was-contained-to-the-first-shipment) it isn’t firmware based spyware but just existing on the machine drive.
They were also found on the restore partition so a full wipe and fresh install would eliminate the issue. AceMagic have also claimed that the issue was isolated to the first round of shipments.
It’s reasonable to consider whether to trust a company that shipped spyware in the first place. I would have a hard time with that.
How do you know? They find spyware not in firmware, but that doesn’t cover what they didn’t find.
Nothing in this article said anything about the device firmware being compromised
