Any best method for cleaning/wiping second hand laptop?

BlueKing · March 10, 2016, 3:16am

I’ve got a second hand laptop and figured I’ll install whonix on it. Wanted to gather any methods & suggestions for completely and securely wiping clean the hardware. The laptop has an ssd so I guess that’d be the trickiest part of it, rest is intel. It did have windows 10 on it but now has windows 7 if that matters

Ego · March 10, 2016, 6:56am

Good day,

the best you could do is to override the drive using GParted multiple times with zeros and then install Qubes with LUKS enabled. Remember though, that this won’t make a PC safe to use, if it has any kind of “BIOS-focused” malware on it.

Have a nice day,

Ego

BlueKing · March 10, 2016, 7:31am

can I do anything to check/remove bios focused malware?

Ego · March 10, 2016, 8:33am

Good day,

Not presently no. Even flashing a new firmware isn’t enough anymore with this kind of malware.

Have a nice day,

Ego

Patrick · March 10, 2016, 1:42pm

BlueKing:

can I do anything to check/remove bios focused malware?

Realistically: no.

[Unrealistically: you become the expert in that field.]

entr0py · March 10, 2016, 7:30pm

This prompted me to go read a bit about BIOS malware.
Top Votes from Malware that can survive BIOS re-flashing:

As for how it may happen that reflashing the BIOS does not eradicate the malware, we can hazard a few guesses:

The reflash operation is under control of… the BIOS, so the infected BIOS only pretends to do the reflash (or reinfects the new BIOS immediately afterwards).

Another flashable firmware in the machine is also infected, and when either it or the BIOS is reflashed, the still infected firmware reinfects the other one. Any device with DMA can hijack the live machine at any point, and most devices with a firmware have an onboard CPU which would be up to the task (GPU, hard disks…).

The disk firmware is infected, and inserts malicious code in the boot code which reinfects the BIOS. (Not sure it matches the symptoms, but that’s a possibility.)

The common theme here is that all the reflashing is done while part of the machine is live, so there is a chicken-and-egg: you cannot securely reflash from a machine which runs infected code (even indirectly, in the case of a DMA-able device with its own CPU), but if the machine is off you cannot reflash either.

Completely uneducated guess… my impression is that BIOS attacks are still quite rare in the wild. If you’re a high-value target then everything is a concern, but if you’re just worried about random drive-by’s, your efforts are probably better spent on higher-order magnitude threats. (phishing/redirects, keyloggers, browser vulnerabilities, device auto-play, etc.)