Pinterest Stumbleupon Whatsapp
Ads by Google

You bought a new PC or laptop, and you got it home. You plugged it in, switched on, and started enjoying Internet access, games, email, and a bit of social networking. Perhaps you played with the webcam and uploaded a clip to YouTube.

Perhaps your computer is running the most recent version of your operating system; perhaps it arrived pre-installed with anti-virus tools.

Sadly, none of this proves the most important fact: that your PC is secure.

Is Someone Intercepting Your Hardware?

The facts are clear. Your PC, smartphone, router, server or whatever lands in your home – either purchased from a store or by mail order or even directly from a warehouse – is pre-installed with an operating system or firmware, ready to be used.

But recent stories teach us that, in almost every case, there is software pre-installed on your device designed to intercept online transactions, listen in, or compromise your security in some other way.

Recently we’ve been warned of the Superfish malware that was preinstalled on Lenovo laptops (including the one I’m writing this on!), but the problem is greater than a few thousand ultrabooks. Government agencies are involved, and they’re looking at you.

Ads by Google

Cicso Routers and the NSA

Back in May 2014 we learned through Glenn Greenwald’s book on the Edward Snowden affair that “NSA has been covertly implanting interception tools in US servers heading overseas”. This after claims from a House Intelligence Committee that Chinese companies such as ZTE and Huawei were installing backdoors in hardware and as such “may be violating United States laws.”

muo-security-nsahacks-router

As reported by The Register, it is now possible to avoid having new Cisco routers intercepted by arranging shipping to an unrelated, possibly empty address. This, hope’s the US networking manufacturer, will help retain confidence in US hardware that has been deeply tarnished – and possibly damaged beyond repair – by NSA activities.

At a Cisco press event, security chief John Stewart said:

“We ship [boxes] to an address that’s has nothing to do with the customer, and then you have no idea who ultimately it is going to.”

“When customers are truly worried … it causes other issues to make [interception] more difficult in that [agencies] don’t quite know where that router is going so its very hard to target – you’d have to target all of them. There is always going to be inherent risk.”

Stewart does concede, however, that the move – and other checks in their router mainboards and chip architecture for NSA taps – are not guarantees of protection. The NSA were revealed to be intercepting hardware en route to customers, installing their taps and then delivering to the intended recipient.

Now, you might think that this is fine; the NSA is surely protecting your rights. Except, of course, that by reading this very post you’re probably already on a watch list Your Interest in Privacy Will Ensure You're Targeted By The NSA Your Interest in Privacy Will Ensure You're Targeted By The NSA Read More . Also, it has been recorded by Snowden/Greenwald that dissenters are also targeted, not just foreign powers.

Lenovo and the Superfish

Bloatware has always been a problem, but as we found in the case of the Superfish malware preinstalled on Lenovo laptops Lenovo Laptop Owners Beware: Your Device May Have Preinstalled Malware Lenovo Laptop Owners Beware: Your Device May Have Preinstalled Malware Chinese computer manufacturer Lenovo has admitted that laptops shipped to stores and consumers in late 2014 had malware preinstalled. Read More in 2014 and early 2015, it hasn’t previously broken online security in order to hijack the adverts displayed on your computer, and potentially facilitate a man-in-the-middle attack What Is A Man-In-The-Middle Attack? Security Jargon Explained What Is A Man-In-The-Middle Attack? Security Jargon Explained Read More .

lenovo-superfish

The fact that this happened at all (by a Chinese manufacturer, incidentally) is cause for concern, regardless of Lenovo’s apparent dithering when confronted with the truth. Previously bloatware was easy to remove, but as seen in the Superfish case, this isn’t enough. That piece of malicious software was impossible to remove with the usual Windows uninstaller tool.

The last thing you expect when you buy a new computer is for the manufacturer to be facilitating a breach in your security. After all, you just handed over a lot of cash to them!

Preinstalled Software on Your Smartphone or Tablet

It isn’t just desktop computers, routers and servers that are at risk from manufacturer interest in your activities. Android smartphones and tablets invariably ship with horrendous pieces of bloatware, many of which have been previously demonstrated to leak data (when they’re not slowing everything down).

If that wasn’t bad enough, we now know that Siri voice data is sent to third party organizations Siri Is Listening: Has iOS Privacy Been Blown Open? Siri Is Listening: Has iOS Privacy Been Blown Open? Apple's has been accused of recording everything - absolutely everything - you say to Siri, and passing it to a third-party. But is this really a privacy breach, or is there good reason for it? Read More using humans to assess the accuracy of the digital assistant’s responses, which isn’t exactly secure (although it would seem necessary in order for the service to be improved).

Fact: You Don’t Know if Your New PC is Secure

While Cisco (we expect others to join them) have established a means of blocking alphabet spy agency involvement in shipping hardware to customers, there is, I’m afraid, only one way to deal with preinstalled software, bloatware and malware that might be leaking your personal data, and that is by wiping the system before use.

muo-security-nsahacks-unlocked

For Windows users, this would mean installing a fresh copy of the operating system; restoring from the recovery partition is not really an option here as the same bloatware is likely to be restored. For better results and a more secure (and in some cases, stable) experience, the answer is to first perform a complete wipe of your HDD (or for the very security-conscious, install a brand new HDD) and then freshly install Windows or even a Linux distro, such as Linux Mint Is Linux Mint 17 "Qiana" The Ubuntu Killer? Is Linux Mint 17 "Qiana" The Ubuntu Killer? The latest version of Linux Mint, the 17th release codenamed "Qiana", is out! It's a great alternative for people leaving Windows as well as those who just don't quite like Ubuntu. Read More .

Android smartphone and tablet owners, meanwhile, are encouraged to flash a custom ROM How to Find and Install a Custom ROM for Your Android Device How to Find and Install a Custom ROM for Your Android Device Android is super customizable, but to fully take advantage of that, you need to flash a custom ROM. Here's how to do that. Read More , such as CyangenMod or perhaps a secure option such as OmniROM 5 Reasons Why You Should Flash OmniROM To Your Android Device 5 Reasons Why You Should Flash OmniROM To Your Android Device With a bunch of custom ROM options out there, it can be hard to settle on just one -- but you should really consider OmniROM. Read More .

What steps do you take when switching on a new computer or smartphone for the first time? Are you concerned about NSA taps on your hardware? Tell us in the comments.

Image Credit: Not secure via ShutterstockRouter via ShutterstockPadlock via Shutterstock

  1. KT
    April 9, 2015 at 2:03 am

    I know mine are:
    1. I build my own from the ground up.
    2. Almost always a Linux build.
    3. When it is a Doze build, it's a bare bones 7 builder's disk with no crap-ware!
    4. I avoid UEFI when possible, but I'm warming up to it.

    • Christian Cawley
      April 10, 2015 at 6:58 pm

      Good tips, KT, thanks for sharing!

  2. Zhong
    April 7, 2015 at 7:46 pm

    I think this kind of insecurity is inevitable since the advent of the Internet, where information is valuable to certain companies that they could exchange for profit. I think the worst case scenario would be releasing the intercepted information to the wild and harm your lifestyle.

  3. likefunbutnot
    April 7, 2015 at 7:22 pm

    A couple points of order: Superflash was present as part of the Windows software loadout on Lenovo's consumer product lines. It wasn't present on Thinkpad or Thinkstation machines. I support a mix of Apple and Lenovo computers and I got told after the story broke that I should be buying something else over and over by people whose knowledge of the matter was essentially zero, even though the systems I support were never impacted. Please at least attribute the issue properly.

    Consumer PCs should more or less always reinstalled from scratch just as a matter of course, because nearly all consumer PCs (save those withe the Microsoft Signature branding to indicate they are shipped with nothing but Windows and drivers in the first place) will have a bunch of crap on them. I'd be perfectly happy to debate the question of whether the 90 day trial of shovelware security software represents a positive component in the overall security of a computer (hint: no, it does not).

    It's difficult to obtain OEM installation media, but it's still a good practice to go out of your way to obtain that media to put your computer in the order you'd like it. No, that won't do much to help in the case of someone adding a hardware-level bug to your PC, but if you're truly worried about that all I can suggest is that you completely avoid semiconductors.

Leave a Reply

Your email address will not be published. Required fields are marked *