• witx@lemmy.sdf.org
      link
      fedilink
      arrow-up
      22
      arrow-down
      6
      ·
      edit-2
      10 months ago

      Unfortunetaly, that does close to nothing when the issue is spyware on firmware

      • Heratiki@lemmy.ml
        link
        fedilink
        arrow-up
        14
        arrow-down
        1
        ·
        10 months ago

        According to this Tom’s Hardware article (https://www.tomshardware.com/desktops/mini-pcs/mini-pc-maker-ships-systems-with-factory-installed-spyware-acemagic-says-issue-was-contained-to-the-first-shipment) it isn’t firmware based spyware but just existing on the machine drive.

        They were also found on the restore partition so a full wipe and fresh install would eliminate the issue. AceMagic have also claimed that the issue was isolated to the first round of shipments.

        • NaN@lemmy.sdf.org
          link
          fedilink
          English
          arrow-up
          8
          arrow-down
          2
          ·
          10 months ago

          This article says the same thing, but it’s worth people being aware that firmware is a vector.

        • CaptObvious@literature.cafe
          link
          fedilink
          arrow-up
          7
          arrow-down
          1
          ·
          10 months ago

          It’s reasonable to consider whether to trust a company that shipped spyware in the first place. I would have a hard time with that.

            • sugar_in_your_tea@sh.itjust.works
              link
              fedilink
              arrow-up
              1
              arrow-down
              2
              ·
              10 months ago

              Trying to, but credible alternatives just don’t exist. I really want a Linux phone, but battery life and basic features just aren’t there.

          • Heratiki@lemmy.ml
            link
            fedilink
            arrow-up
            3
            arrow-down
            1
            ·
            10 months ago

            It’s more than likely they “borrowed” some other Chinese company’s cloned Windows drive and used it for their install rather than roll their own. Could be they were malicious but coming out and claiming it was an error so quickly doesn’t really push that narrative hard.

            • CaptObvious@literature.cafe
              link
              fedilink
              arrow-up
              3
              arrow-down
              1
              ·
              10 months ago

              If they weren’t the original malicious actor, then their quality control sucks. Either way, they shipped a booby-trapped system. Trusting them again will be hard for a lot of people.

            • CaptObvious@literature.cafe
              link
              fedilink
              arrow-up
              3
              arrow-down
              1
              ·
              10 months ago

              We’re going to agree to disagree about that. Being caught red-handed would trigger an immediate mea culpa if they want to preserve plausible deniability and try again later.

          • helenslunch@feddit.nl
            link
            fedilink
            arrow-up
            4
            arrow-down
            1
            ·
            10 months ago

            Because the issue is what they did find. If they hadn’t found it there would be no article.

            • sugar_in_your_tea@sh.itjust.works
              link
              fedilink
              arrow-up
              2
              arrow-down
              1
              ·
              10 months ago

              Sure. I’m just saying that if a company is caught putting spyware into their products, I’m not going to trust them to suddenly fix it. If they cared, they should’ve caught this with internal QA.

              So either they’re negligent or malicious. If the former, they’ll probably be negligent again. If the latter, they’ll be more sneaky next time. Either way I don’t trust them.

                • sugar_in_your_tea@sh.itjust.works
                  link
                  fedilink
                  arrow-up
                  1
                  arrow-down
                  1
                  ·
                  10 months ago

                  My point is that we know there’s spyware on the image, so we should suspect malware elsewhere as well. Until the hardware is audited, we should assume that hardware is compromised as well.

      • krolden@lemmy.ml
        link
        fedilink
        arrow-up
        2
        ·
        10 months ago

        Nothing in this article said anything about the device firmware being compromised

    • astrsk@kbin.social
      link
      fedilink
      arrow-up
      7
      arrow-down
      1
      ·
      10 months ago

      Hopefully it’s not built into a rom chip on any number of custom components in these mini PCs making it software independent.