Question How to avoid getting components that have been tampered with?

Status
Not open for further replies.

The Worker

Commendable
May 21, 2020
24
3
1,515
I have read that sometimes pc parts have been somehow tampered-with between leaving the factory and arriving at their destination, and that this is a new and innovative way of installing malware and viruses onto a PC. The Dell brochure stated the need for "above-OS" and "below-OS" protection. Is this ever a problem for someone building their own PC, and how can it be avoided? Thank you!
 
This is part of a security issue known as the "supply chain attack." There's almost nothing you can do as a consumer to protect yourself from this, unless you happen to have the tools to analyze what firmware your hardware is running and the knowledge to even know what to look for. The only thing you can really do is:
  • Buy new if possible
  • Buy from reputable, trusted vendors and brands
  • Keep up with the latest security bulletins where possible
Of note, this is what the whole trusted computing thing is supposed to mitigate. For example, this is how Apple protects its hardware from malware attacking their systems:
 

Eximo

Titan
Ambassador
USB flash drives are the most common attack vector. Stick with name brands from known suppliers.

There was a whole slew of digital picture frames and cameras in the early 2000s that were riddled with malware seeking to grab personal information from computers. It made a lot of companies re-examine their supply chain. But it only takes a little local corruption or greed for someone within that supply chain to cause problems.

But it isn't limited to black hats. Companies also have been caught doing things. Lenovo was caught putting coupon/advertisements on their default builds for laptops and desktops. Effectively returning preferred suppliers on web searches in place of normal results. Vizio was caught selling viewer habits to third parties by having the TV identify what was being watched against a known library of content. (Effectively examining a single row of pixels and finding a match so that it wasn't bandwidth intensive) One of Sony's DRM schemes disabled an important security feature of Windows allowing it to be exploited (I'm trying to recall the specifics, it was really stupid, they didn't even have the rights to software itself in a huge twist of irony) And there are many more examples of this.

Really it is just a matter of staying on top of tech news and applying mitigations as they come up.

Using a separate computer or VM with a blank OS and some antivirus/anti-malware software might be a step to take with extreme security requirements.
 
....One of Sony's DRM schemes disabled an important security feature of Windows allowing it to be exploited (I'm trying to recall the specifics, it was really stupid, they didn't even have the rights to software itself in a huge twist of irony)....
Ah yes, the rootkit that Sony put on all of their CD/DVD's that would install an insidiously difficult to remove DRM trojan on any PC that so much as read the directory of such a disc. They got seriously slapped for that.
 
  • Like
Reactions: The Worker
Status
Not open for further replies.