Can using a second hand wifi card be potentially dangerous?
Hi,
many people here should know the problem that the stock wifi card in their laptop is not supported by free software operating systems like Trisquel.
When buying a supported wifi card (mostly Atheros/Qualcomm), be it from a market place or a special vendor, it is almost always second hand.
This makes me wonder if there is a risk that one of the previous owners has maliciously modified the card.
As far as I understand, there is some kind of software residing on the card itself, e.g. in EEPROM.
Also, it seems to be possible to write to it and therefore change the code.
Could someone with bad intentions have any motivation to manipulate a wifi card?
What could happen in the worst case?
Also, is it realistic for this to happen in the wild or is it something only the NSA would do for their so called tailored access operations?
I have collected some Atheros wifi cards over the years and would like to know if I can use them without being concerned.
What do you think?
ath5k/ath9k doesn't have dedicated storage to hold firmware, nor dedicated processor and memory to run firmware, so it's secure by design. Even if someone wants to compromise it by engineering a malicious firmware, ath5k/ath9k has nowhere to hold and run it.
Don't think that brand-new wireless NICs are securer than used ones. They can be tampered by OEMs as well, as long as they have firmware.
Not sure if I know what you mean.
I always thought that ath9k is just the Linux kernel driver.
Couldn't a wifi card which is supported by ath9k have memory and code on it nonetheless?
Some Atheros cards seem to have EEPROM at least and there are various online forums where people talk about writing to this memory.
Or do you mean that this kind of memory/code can't be read when using the ath9k driver?
ath9k-htc (USB) has firmware but ath5k/ath9k (PCI/e) doesn't. The former can be compromised but the latter cannot.
It is true that some Atheros ath5k/ath9k cards do have EEPROM (or other non-volatile storage) to hold some data. But such data are called calibration data (controlling the frequency band support in order to meet regional laws/regulations). They are not executable codes so they are not firmware. Again, even if such storage can be compromised to hold certain malicious executable codes, there is no dedicated processor and memory to run them.
Okay, that's basically what I wanted to know.
Thanks for explaining.