You can make a difference in the Apple Support Community!

When you sign up with your Apple Account, you can provide valuable feedback to other community members by upvoting helpful replies and User Tips.

Looks like no one’s replied in a while. To start the conversation again, simply ask a new question.

User profile for user: macshopper
macshopper Author
User level: Level 1
4 points

malware on motherboard etc

Hello,


I've been reading that some forms of malware can survive a reset, and maybe even a reinstall. I am considering purchasing refurbished Apple items and want to be sure they are free from all malware, possibly placed by the previous owner, hiding on the motherboard, RAM, BIOS, or anywhere else. Can someone tell me with certainty if refurbished Macs are free from all forms of malware hiding in all locations? Do refurbished Macs just get a standard reset/hard reset, or are areas such as motherboard etc. also checked for malware? I'm not a tech person so hopefully my questions makes sense. Thanks

Mac mini (M2, 2023)

Posted on Mar 13, 2023 9:14 AM

Reply
Question marked as Top-ranking reply
User profile for user: jimbaub
jimbaub
User level: Level 1
68 points

Posted on Mar 13, 2023 11:25 AM

In theory nothing that's stored in RAM can survive even being powered off without a system reset as it's volatile memory, that is it loses all data contained in it when it's not powered on. The part of the motherboard that handles booting the machine can store malware that can seemingly survive attempts to be eradicated (from this stack exchange post https://security.stackexchange.com/questions/44750/malware-that-can-survive-bios-re-flashing)


However the chances of a machine being affected by such an issue and being given to (or even accepted by) Apple to be refurbished and sold on to customers seems quite small. From what I've found on Apples refurbishing procedure, it's very comprehensive and you shouldn't have to worry about this.


Just about the only part in your control here if you were to buy a refurbished device would be to hope that any malware that can survive the reformatting process is located in the SSD/HDD and get a refurbished machine where those are easily replaceable (2018 and sooner IIRC?) & change it yourself for a brand new one when the machine arrives.

View in context

Similar questions

7 replies
Question marked as Top-ranking reply
User profile for user: jimbaub
jimbaub
User level: Level 1
68 points

Mar 13, 2023 11:25 AM in response to macshopper

In theory nothing that's stored in RAM can survive even being powered off without a system reset as it's volatile memory, that is it loses all data contained in it when it's not powered on. The part of the motherboard that handles booting the machine can store malware that can seemingly survive attempts to be eradicated (from this stack exchange post https://security.stackexchange.com/questions/44750/malware-that-can-survive-bios-re-flashing)


However the chances of a machine being affected by such an issue and being given to (or even accepted by) Apple to be refurbished and sold on to customers seems quite small. From what I've found on Apples refurbishing procedure, it's very comprehensive and you shouldn't have to worry about this.


Just about the only part in your control here if you were to buy a refurbished device would be to hope that any malware that can survive the reformatting process is located in the SSD/HDD and get a refurbished machine where those are easily replaceable (2018 and sooner IIRC?) & change it yourself for a brand new one when the machine arrives.

Reply
User profile for user: D.I. Johnson
D.I. Johnson
User level: Level 7
24,083 points

Mar 13, 2023 10:47 AM in response to macshopper

Buying a used Mac can be a challenge.

I recommend that you purchase your refurbished Mac from a reputable dealer such as directly from Apple -Refurbished Macs or perhaps OWC/Macsales Refurbished Macs. (disclaimer: this user is unaffiliated.)


Personally, I don't consider any Mac that is simply reset by a previous user to be "refurbished". At best it's simply been wiped with an OS reinstall. At worst, it's been stolen and perhaps compromised somehow.


This is how Apple does it: Why Refurbished - Apple



Reply
User profile for user: macshopper
macshopper Author
User level: Level 1
4 points

Mar 13, 2023 11:14 AM in response to D.I. Johnson

Thanks for your reply. Yes, I was planning on purchasing the refurbished items from the Apple website. However, since I do not know the previous owner; I want to be sure the Apple refurbished items (from the Apple Store) are thoroughly checked for malware, in all the locations, I mentioned, and not just reset. I am not suggesting this is an issue unique to Apple. I am just researching this because I'm interested in Apple products. I have not found anything on their website to confirm and I was unable to verify this potential issue through Apple's chat. I'm not even 100% sure malware can hide in places such as the motherboard and RAM, but I've seen it mentioned online and want to be sure before purchasing. I'd be interested in confirmation as to whether malware can indeed hide in these locations and whether Apple refurbished items are checked for this potential issue. Thanks again!

Reply
User profile for user: macshopper
macshopper Author
User level: Level 1
4 points

Mar 16, 2023 11:47 AM in response to jimbaub

Thanks for your help. It seems the risk is low but still present. If the "cleaning" of the refurbished computer included a scan of the motherboard, and all other locations malware can hide, this would be an excellent selling feature and I'm pretty certain it would be clearly displayed on the Apple website. Since it is not marketed as such, I'll assume it is a less than complete scan and cleaning. My worry is someone with a nefarious intent could, in theory, purchase an Apple product, or any brand (I do not want to single out Apple here as I am a fan), install harmful code, and then return the item for a full refund. This would be a low-cost way for someone to possibly gain access to devices after the new owners take possession. This may be a little paranoid but it sounds as though it may be somewhat possible. For that reason I think I'll stick to buying new. I suggest Apple implement a restocking fee of some sort, for their returned devices, which could pay for a thorough deep cleaning of the device, including all locations where malware can hide. At very least, perhaps they could offer a two-tiered refurbished system identifying if devices are "previously owned" verses "unsold inventory/overstock". I know which one I'd prefer. This way the buyer can assess the true risk of their refurbished purchase and make a more informed decision. Thanks again for your help and suggestions. Take care.

Reply

malware on motherboard etc

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple Account.
Learn more Sign up