Qubes and corrupted BIOS/UEFI

Hi everybody ! :slightly_smiling_face:

I guess that installing Qubes on a machine that has already been hacked is rather dangerous (not to say silly :laughing:)…

_ Is it possible to recup an already-hacked machine ?
_ How could I check the integrity of this machine ?
_ More precisely : how could I check BIOS/UEFI integrity ?

Thanks by advance :slightly_smiling_face:

Unless you know exactly what has been done in the hack, I would not
use it.
Your decision should be based on your assessment of threat - amongst
other items: whether you are a specific target, who might be the attacker,
what tools were used, how long they had access, and your security profile.

To your questions:

  1. Yes, it is possible to reuse a hacked machine.
  2. You cannot check the integrity because it would be possible for the
    hacker to install tools that report that everything is AOK.
    You may choose to discount this possibility, depending on your risk
    assessment.
  3. The best you could do is flash the BIOS chips with new images. I would
    not depend on a BIOS update image, but would flash it with hardware.
    Depending on the model, and your level of knowledge, this might be
    difficult for you - in that case, using an update tool might be second
    best.

I would replace drives, and any external devices.
If you intend to use data from the old machine, scan it before you
install it on your Qubes system. Or transfer it in to untrusted minimal
storage qubes that you keep offline, and do not use that data in any of your new,
online qubes. You can still access the files in disposables.

I never presume to speak for the Qubes team.
When I comment in the Forum or in the mailing lists I speak for myself.
1 Like

Thanks for your answer, unman.

Are we sure that no bios corruption can withstand a hardware flash ?

I know that my attackers hacked my internal webcam and microphones and stole datas of my drive. They also were able to spy my web activity and to “play” with my web connexion, my box, the screensaver display, as well as the (noisy) fan which they had fun pushing it to its maximum a certain number of times in a row, etc. Actually, I am pretty sure that they are still hacking me, spying my web activity, probably able to see what’s on my screen to bypass my vpn protection. I am pretty sure that they have hacked my smartphone too. And all of this, without having physical access to my machines.

It’s a rather complicated case of cyber-harassment which has been going on for months, and my “enemies” evolve in the field of computing at a good level of skills…

How could I protect myself from this kind of hackers ?

Moved to ‘User Support’

As a personal decision: I operate on corupt machines all the time to learn about adversaries. If you have the tools: traffic analyzer, firewalls, com software it is a good learning experience. Keep a different profile (do things that can’t be tied to you). Actually that is how I got into ecrypted networks and low level code.

1 Like

Are You sure that You are a victim of such advanced threat? Not want to insult You but it is rather not typical to use such sophisticated exploits just for cyber bullying. If someone have exploits that can hack firmware and persist over system reinstall will rather use it for earning really good amount money, not to play childish pranks with computer fan. Only real live case that I can think of, that will justify using advanced exploits just to harass regular person is some personal beef with skilled hacker, or someone wealthy enough to hire skilled hacker (but seriously in both cases they probably can use something less expensive with similarly good result). To hack someone’s webcam You don’t need to corrupt it firmware. Fan’s sometimes become noisy in not hacked situations. So reinstall the system, factory reset Your mobile, re flash the BIOS/UEFI, and more important change the router/modem (and make it as much secure as possible). Then just watch if something odd still happens. AND REMEMBER all electronic devices have glitches and bugs. It is more common then someone hacking a regular person just for fun.

P.S. Consulting Your situation with both IT security specialist and psychologist is a really good idea. If You have a money to upgrade (if You have to change it for a peace of mind, it is better to justify it to Yourself and Your family as an upgrade :slight_smile: ) Your electronic devices It’s not a bad idea. But remember I will start with router, modem, switch etc. if You have some real proof of hack.