Security question - laptop stolen and soon returned - can it be rigged now?

[Schmeisel_level5]

Hi,

I might seem paranoid, but my laptop (Asus D509D / ryzen 5 3500u) was stolen and returned pretty soon as "hey I found it on a bench and checked your history and found email address" etc.

I trade crypto, and now my concern is security. Is simple full format / fresh Win10 install be enough? + some Kaspersky full check etc? Can my laptop be hardware rigged? Idk, like some wifi traffic interceptor or keylogger hooked to keyboard?

 

Or should I just ditch that thing or sell on ebay and get new one?

 

Any tips and experiences are welcome!

[Origami Cactus]

Having deticated hardware level exploits mounted in your computer is something you need to be a really big target for, nobody is doing that to a random laptop they found, hoping for that 0.001% chance that it belongs to someone. These things cost money, so unless you were a target and someone you knew returned the laptop, I wouldn't worry.

Like ffs, nobody is rigging up a 300€(for new) laptop, hoping that it belongs to a rich guy. So if there is more to the story than you tell us, then definitely sell the laptop and get a new one, 

but if the story happened like you told us, I would bet that even the windows install is untouched.  Like your laptop being so worthless that someone returned it should be telling enough.

But why didn't you have bitlocker+ boot and windows passwords on that thing? How was a guy able to access your email and history?

[Dutch_Master]

Go see a specialist to give it a security audit. Probably cheaper then a new one.

[Origami Cactus]

2 minutes ago, Dutch_Master said:

Go see a specialist to give it a security audit. Probably cheaper then a new one.

Lol, the guy had no password on either the bios or windows, and the laptop costs 305€ for new. New laptop will be cheaper than any security audit that will take his visit.

[Bombastinator]

4 minutes ago, Schmeisel_level5 said:

Hi,

I might seem paranoid, but my laptop (Asus D509D / ryzen 5 3500u) was stolen and returned pretty soon as "hey I found it on a bench and checked your history and found email address" etc.

I trade crypto, and now my concern is security. Is simple full format / fresh Win10 install be enough? + some Kaspersky full check etc? Can my laptop be hardware rigged? Idk, like some wifi traffic interceptor or keylogger hooked to keyboard?

 

Or should I just ditch that thing or sell on ebay and get new one?

 

Any tips and experiences are welcome!

It could theoretically be firmware rigged.  To do that one would have to either write custom software or have a script for such a thing, and I don’t know if such exists or not.  It’s even harder to do because it’s a laptop.  If you really want to get your paranoia on you could flash the firmware too.  A slightly more likely scenario is the creation of a whole other really small partition with an OS on it.  Not windows it would be too big.  It could maybe be done with a custom *nix though.  That could be searched for though using the right tools.  I don’t know if diskpart will do that or not.  Might not find it but might overwrite it anyway. Partitioning and formatting are separate.  You create partitions and then format them individually.  Maybe to a repartition from external media that isn’t windows then do the format in windows just to be sure the NTFS is totally legit.  I don’t know how good non Microsoft ntfs is. (So both a non windows liveCD of some sort and a windows install USB key.) 

[dilpickle]

If you're super paranoid and think the gubment might be after you there is absolutely no way you can be sure it is safe.

 

In fact that goes for anything but especially if the hardware has left your possession.

 

[Schmeisel_level5]

Thanks everyone for input. True, laptop is 300ish thing and not a big deal.

"Keep me logged in" wasn't on anywhere, I use password manager that turns off in 2min. So i don't think any account was exposed + 2fa everywhere. No sensitive files on drive too.

Question came up when GF asked if she can safely use it for simple things; browsing and socials. I was more curious about possibilities.

[dilpickle]

If it were me I would certainly change all my important passwords and wipe that laptop.

[Bombastinator]

2 hours ago, dilpickle said:

If it were me I would certainly change all my important passwords and wipe that laptop.

Yep.  Hope for the best but prepare for the worst.
 You could even paint the thing.  Coat of many colors.  For your laptop was lost and lo it is found again.  Of course Virginia’s woolfe’s naming of her parakeet Onan because he spilled his seed on the ground still amuses me. 

[BlueChinchillaEatingDorito]

8 hours ago, Origami Cactus said:

But why didn't you have bitlocker

Because that requires an expensive Pro license or a laptop that supports connected standby which most laptops don't. You can thank Microsoft because MacOS and Linux distros had drive encryption made standard for years. It's just Microsoft who still charges an arm and a leg for this decade old technology. Despite their constant stance on "security" and "data protection" being a focus for Windows 11. 

[GhostRoadieBL]

It's always possible for a hardware/firmware exploit but 99.9% of people have no clue how software let alone firmware works so I'd be less worried.

Most common would be someone scraped your files for passwords and account/ID data and would use that to impersonate you. Once they have that, the device itself is useless to them so keep an eye out for account accesses not from your devices.

[Dr_Whom]

On 4/2/2022 at 6:21 PM, BlueChinchillaEatingDorito said:

Because that requires an expensive Pro license or a laptop that supports connected standby which most laptops don't.

This... Just isn't true though?

Quote

System requirements

BitLocker has the following hardware requirements:

For BitLocker to use the system integrity check provided by a Trusted Platform Module (TPM), the computer must have TPM 1.2 or later. If your computer does not have a TPM, enabling BitLocker requires that you save a startup key on a removable device, such as a USB flash drive.

A computer with a TPM must also have a Trusted Computing Group (TCG)-compliant BIOS or UEFI firmware. The BIOS or UEFI firmware establishes a chain of trust for the pre-operating system startup, and it must include support for TCG-specified Static Root of Trust Measurement. A computer without a TPM does not require TCG-compliant firmware.

The system BIOS or UEFI firmware (for TPM and non-TPM computers) must support the USB mass storage device class, including reading small files on a USB flash drive in the pre-operating system environment.

Modern Standby is a requirement for Automatic BitLocker Encryption, as in it's enabled automatically on a fresh install. And I'm not sure about the Pro requirement, all of the Laptops I repair that have BitLocker enabled are Windows 10 Home but they all also support modern standby, so idk. The documentation is worded weirdly but it seems if it ever did require Pro it hasn't been a thing since Windows 10

 

Quote

Beginning in Windows 8.1, Windows automatically enables BitLocker Device Encryption on devices that support Modern Standby. With Windows 11 and Windows 10, Microsoft offers BitLocker Device Encryption support on a much broader range of devices, including those that are Modern Standby, and devices that run Windows 10 Home edition or Windows 11.

 

[Bombastinator]

5 hours ago, Dr_Whom said:

This... Just isn't true though?

Modern Standby is a requirement for Automatic BitLocker Encryption, as in it's enabled automatically on a fresh install. And I'm not sure about the Pro requirement, all of the Laptops I repair that have BitLocker enabled are Windows 10 Home but they all also support modern standby, so idk. The documentation is worded weirdly but it seems if it ever did require Pro it hasn't been a thing since Windows 10

 

 

It’s apparently a common belief.  One perpetuated perhaps by the a+ certification.  I’m becoming curious about this one.  The current a+ forces you to learn ancient things like the minutia of internet explorer.