1

Suppose you lose the bag containing your laptop along with its accessories or while travelling the police confiscate all your computer devices, can you safely use all the devices again if you format all your devices and wipe all the data?

How far should you go at the software level? Would formatting the hard drive be enough or should you rewrite the BIOS also if it's editable for your laptop? And for other devices such as usb drives, external hdds, routers, and mouse? Can you use them again safely? Could they change the usb firmware for example?

And what about the hardware? Should you be worried about that? I have read laptops are hard to modify but I think you can still modify them. Modifications such as installing a keylogger.

So the question is, can these devices software and/or hardware be modified? If yes, then can you reverse the changes and how far should you go to be sure that the device is completely safe?

1) Laptop

2) External HDDs or SSDs

3) USB drive

4) Router

5) Mouse

Most people don't have the skills required or time to do more than format their HDDs. Is the answer that you can't be sure that your device is clean after an incident like this? I am sure many countries border police have got the resources to do whatever can be done with electronics.

Linux_user0987
  • 261
  • 1
  • 8

2 Answers2

1

What you are describing is called an Evil Maid attack.

The short answer is NO: you cannot trust them.

The long answer is MAYBE: depending on the hardware manufacturers of your devices you can verify the integrity of the data and the firmware of their components. However, I still not know any easy solution for all of them as a whole.

For the BIOS and internal HDDs/SSDs you can use a TPM with Anti Evil Maid, which lets you store a secret inside the TPM and only releases it if the BIOS and storage haven't been tampered with.

For the external storage you can always store checksums on other devices (or even on paper) and verify them later without mounting the drives.

When it comes to the firmware of USB devices, storage devices (internal or external) and mouse, there may be some vendors that allow downloading their firmware or dumping it easily from the device itself. However, in most cases it would have to be extracted from the memory chips and compare it to the previous one to verify its integrity. PS/2 mouses and keyboards present an interesting alternative from this point of view, but they are becoming rare history museum items nowadays.

Many home routers (and all of them should) allow downloading firmware binaries from their manufacturers' websites and flashing them again in recovery mode.

However, as most of the manufacturer's firmware is proprietary, one should ask the following question: can devices be trusted with their original firmware itself?

Albert Gomà
  • 434
  • 2
  • 10
-1

One easy way would be to replace the HDD. If you can't do that, maybe just monitor the network traffic once it's online. Don't forget that many hackers also mess with electronic like the TinyDuino, which can fit inside a laptop case, it's unlikely, but it's still possible.

If you feel that the laptop or HDD isn't safe anymore, zero the drive or toss it.

Lerie
  • 1
  • 4