We help IT Professionals succeed at work.

Pawnshop Laptop: Unsafe?

My fiancée's mother exchanged her laptop for a pawn loan 3 months ago and she bought it back today. The laptop had no password on it. Just turn on the power and your in. Now she is staying with us for a bit and wants our WiFi password so she can connect to the internet with it.

The problem is I am very worried about her laptop compromising the security/safety of my family and their devices. (I.e., In 10 seconds couldn't the pawn owner turn it on and install spyware that could spread to everyone's devices connected too it?!)

I Just wanted to get some feedback from professionals out there on what you would do in my scenario, what are some worst case scenarios and how likely are they too occur? Would you let her login too your WIFI? (Part of me wants to just burn it and buy her a new one)
Comment
Watch Question

Software & Systems Engineer
CERTIFIED EXPERT
Distinguished Expert 2019
Commented:
Unless your fiancée's mother is a millionaire or unless you have some pretty good secrets (superspy ?) i doubt that a random pawn owner would take the time to open the laptop and install a spyware that will compromise your family safety.
If you worry too much just copy what is "precious" to a flash drive and format the hard drive and reinstall the OS (if you are too worry you could buy a SSD and get the speed bonus and use the original drive for backup)
Nolan MasonIT Professional
CERTIFIED EXPERT

Commented:
Agreed.  I wouldn't have given it a first thought.  It's a reasonable expectation that most computers purchased at a pawn shop will be immediately erased and the OS reinstalled, which would destroy anything malicious that might have been installed.

Beyond that, for the pawn shop owner to have any motivation to do this, he'd have to install something that does exactly what he wants, which would be an expensive investment in software programming.  Furthermore, it would be illegal and easy to trace back to him since the damage would be somehow provably beneficial to him.

Also, due to security settings that are on by default on many devices and computers, a compromised laptop connected to your network would not necessarily have automatic access to anything other than the Internet.

My opinion is that paranoia is unwarranted and nothing but stress-inducing in this situation.
CERTIFIED EXPERT
Distinguished Expert 2019

Commented:
A pawn shop is mostly a holding area. So in the case of your relative, there is no motivation to do anything harmful. (Or even change anything on it before she misses her time to buy it back) They're making money whether or not she buys it back. Granted, they are known for some shady practices, so better safe than sorry.

If you're that worried, try backing up the data, wiping the laptop, and reloading it. Once you've made sure all of the backed up data is clean, then restore it.
Dr. KlahnPrincipal Software Engineer
CERTIFIED EXPERT

Commented:
As with any foreign device wanting access to a LAN under my control, I'd want to personally virus scan and malware scan it before giving a WiFi password.  But if your router has  the option for a guest network, then you could skip that and let the device have access only to the guest network.
CERTIFIED EXPERT

Commented:
If it were a laptop purchased from the pawn shop (or any other used computer purchase), I generally recommend wiping (not just formatting) and reinstalling from scratch.  Otherwise, there could be all sorts of problems lingering, not just malware/viruses/etc.

If I read you post correctly, this was her computer, left at the pawn shop as collateral for a loan, then returned.  As mentioned above, the pawn shop owner COULD have installed something, but it's rather unlikely.  I'd go along with the advice to scan (not a bad idea anyway) and then not worry about it.

Author

Commented:
Very interesting! Thank you for the feedback! :-) You are correct Comp. I guess I am paranoid, but am just trying to assess the threat if any.

I do know the following:
*I do not know the pawn shop owner or any of his employees (if any).
*The pawn shop is in the worst part of town with the highest crime in the state.
*Pawn shops owners where I'm from seem to have lots of time on their hands. Whenever I walk in one, I'm always the only there, no matter what time of the day, and they are usually sitting watching a movie etc.,
*The pawn shop owner is 'supposed' to keep the laptop in the back, but there is no guarantee he didn't let someone else use it or put it on the floor where other people could use it too see if someone would pay more for it.
*You don't have to be a millionaire to worry about having something stolen. Having a Social Security number stolen from tax records is one of the many things that could ruin anyone's life and possibly have a high yield to a criminal.

So I guess I'm trying to say, the pawn shop owner is a stranger. I wouldn't trust strangers handling my equipment, and therefore want to understand the worst thing someone incriminating could do if they had access to an unprotected laptop and gave it too someone to use on my WIFI as well as how easy it would be for them.

Example: In 10 seconds, could they install something that would download everything the laptop and everything else connected to the same wifi network?
CERTIFIED EXPERT
Distinguished Expert 2019

Commented:
and therefore want to understand the worst thing someone incriminating could do if they had access to an unprotected laptop and gave it too someone to use on my WIFI as well as how easy it would be for them.
Some questions you don't want the answer to. If someone has full access to a machine, the possibilities are endless. Keyloggers, ransomware, start of a botnet...

But reasonably speaking, there would no business incentive to screw up someone's machine. If the pawn shop screws it up and it gets proven, a lawsuit would not be a good look. Pawn shops do enough shady things, so why attract extra attention?
CERTIFIED EXPERT

Commented:
I think there is a clear consensus here.  Yes, a pawnshop owner (or employee) could install something fairly quickly on the computer that would all him to take over the computer once it has been returned to the owner.  Is it likely?  Probably not.  If you are really concerned then the reasonable approach would be to back up data, wipe the drive, reinstall OS and applications, and restore the data.

If you are going down that path, John Ts made a good suggestion of buying a new SSD and doing the reinstall on that instead of your existing drive.  They're not that expensive (until you get to 1-2T), will be much faster, and can make the process much easier and far less likely to lose data.
CERTIFIED EXPERT
Distinguished Expert 2019

Commented:
in the future - install a password on the laptop and disk before handing it over to the pawnshop

Author

Commented:
Thank you everyone! Very solid advice. Also totally agree Nobus, but my fiancée's mother pretty much does not care and does what she wants. Hehe. For whatever reason that's what she chose/chooses to do.

She doesn't have any software with it though. I figure my only options are to buy a new SSD, Windows 10 and install it on the machine or see if she has the original backup on a partition and do a recover... If there is no backup I suppose I'll be stuck with option 1...
CERTIFIED EXPERT

Commented:
If you are buying a new SSD, consider also buying a USB-SATA 2.5" case (about $10 on Amazon).  You can put her old drive in there and retrieve the data.  Once you are comfortable that you have everything, you can wipe and re-format the external drive and use it for backups.
Jackie Man IT Manager
CERTIFIED EXPERT
Distinguished Expert 2019

Commented:
Just turn on AP isolation in your router and it will minimise the chances of infection from a new device in your network.

Most public WiFi networks do enable AP isolation.

Author

Commented:
Thanks everyone. As always solid advice!

Explore More ContentExplore courses, solutions, and other research materials related to this topic.