As we know, buying an older phone can be a big security risk, as it might not get updates anymore. How about laptops? i would install Linux on the laptop. Is it a security risk to buy a used and refurbished computer from maybe 2019?

  • nonstopshirtflutter@lemmy.fmhy.ml
    link
    fedilink
    English
    arrow-up
    11
    ·
    1 year ago

    This depends on your threat model and circumstances:

    Old versions of OS are generally a security risk.

    Old hardware may lack some modern security features near the hardware level. However these usually protect against tampering with BIOS or bootloaders. In general threats like this need physical access to the machine. I don’t know much about TPM and keystorage in general, but those are what this might concern.

    Other than that, old networking hardware might have vulnerabilities that are either not patched with software or are impossible to path. This extends to any device and all device-drivers, but network-devices to me sound the most exposed surface.

    This risk however depends on not just the device but the usage as well. If you use it inside a local network, you lose a layer of defence. If you use it in an untrusted network, you are exposed directly.

    I would usually not be concerned about old hardware as long as it can run a modern OS I trust. This means most laptops are fine, but phones not so much.

    Especially phones with no access to patched applications become less and less secure as time goes by. Old hardware is a small risk; old OS is a concern; old browser on said old OS and you can bet there is at least one serious, well-known and already used vulnerability.

    I’m personally tinkering with an old 4th-gen iPad, hoping to secure it or at least jailbreak it. However I am not expecting it to ever be a safe device after that, but a glorified IOT device.

    • wildbus8979@sh.itjust.works
      link
      fedilink
      English
      arrow-up
      4
      ·
      edit-2
      1 year ago

      You mention old hardware is generally exploited physically, but we’ve seen a number of critical bugs in CPUs in recent years such as Specter and Meltdown that can be exploited by just visiting a website. Yes these can be mitigated by the OS, but alluring that hardware bugs are not exploitable remotely isn’t quite correct.

      • nonstopshirtflutter@lemmy.fmhy.ml
        link
        fedilink
        English
        arrow-up
        1
        ·
        1 year ago

        I didn’t know Specter or Meltdown can be exploited through a website, that’s good to know.

        I should have been more specific on this issue: old hardware is much less common to exploit than old OS or software, so buying new hardware for the sake of hardware security might not be necessary for ones threat scenario. However if there is a risk of a malicious actor accessing or stealing the hardware, then the hardware is definitely relevant.

        Similarly I do think one can do a lot with old hardware if they can find a usecase with less needed privileges.

    • hermit3
      link
      fedilink
      English
      arrow-up
      2
      ·
      1 year ago

      I would usually not be concerned about old hardware as long as it can run a modern OS I trust. This means most laptops are fine, but phones not so much.

      This is not a good suggestion because even with up to date and modern operating systems, hardware vulnerabilities can often be leveraged