The Anti-virus Times

Thursday, November 24, 2022

Buying a second-hand device is not only a good way to save money but also a big risk of acquiring a pig in a poke. We will tell you how to minimise this risk and recognise an unscrupulous seller in time.

Risk № 1. Shipping via a transport company

Are you going to buy a smartphone via a notice board with subsequent forwarding or delivery? Be alert if a seller says they are reluctant or allegedly unable to use a standard delivery service and insists on sending your purchase via a transport company. In this case, you risk receiving a “brick” containing an unknown number of defects and breakdowns or a device of a version you didn't order. Or the right device but with hidden defects. When the defects eventually emerge, there will be no one to whom you can make a claim.

In general, buying a second-hand smartphone online is much riskier than doing so in person. Since a device can only actually be checked after it is received, the chance of encountering criminals or unscrupulous sellers is very high. You can only pin your hopes on the honest reviews of other customers and the decency of the seller themself.

Risk № 2. A device is not reset to factory settings

Be sure to check whether a smartphone is unlinked from all of its old accounts.

If it’s not reset to the factory settings and it has an old account on it, you’ll need to unlink it in the presence of the seller. An honest and fair seller will do this in person without asking any questions, when the transaction is actually complete or almost complete: the buyer is ready to pay, and no claims exist on their part. But, when a seller refuses (or is in a hurry, etc.) to do this, that should alert you.

If a seller suddenly “forgot” the account password and promises to find it and call or email you from home, the probability is high that this smartphone is not theirs, and they are attempting to deceive you by selling a found or stolen device. Suggest to the seller that they find the password and arrange to meet you again. Most likely, you’ll never set eyes on them again.

You didn’t agree on a purchase here and now, and the seller is continuing to use the smartphone? In this case, there is nothing strange about refusing to reset the settings.

Risk № 3. Hidden blocks and software modifications

Even if your smartphone has already been reset to the factory settings, reset it again yourself. It’s unknown what applications the previous owner installed or what settings they changed. It can’t hurt. This is additional assurance that the smartphone is operating properly and that there’s a high degree of probability that no hidden blocks and software modifications are on it.

Risk № 4. The presence of Root or Jailbreak

If possible, it is worth checking for root access (elevated system privileges) on an Android smartphone. This can be done, for example, using Dr.Web Security Space for Android via the Security Auditor (if you do not have a license, you can install a trial version).

Root access is dangerous because:

1. the warranty will be voided (if the smartphone is still under warranty);
2. if it is not possible to restore the factory firmware after modification, a device will be rooted, which is potentially dangerous since the system area of the file system will be available for accessing. Because of this, the risk of accidentally damaging or removing something on a device exists. Or of “catching” malware for which root is very useful: for example, it will be able to surreptitiously install other trojans and adware.

A smartphone running iOS should be checked for the presence of Jailbreak. Jailbreak is similar to root – it is dangerous because a device becomes more vulnerable to attacks and data leaks. There are different ways for a device to be jailbroken, and signs of this process may differ. In most cases, the indicator will be the program Cydia (an alternative software directory). However, its icon can be hidden, in which case it will not be easy to detect jailbreak.

Risk № 5. Third-party firmware

Alternative firmware versions are popular among Android smartphone users. Therefore, when purchasing a device, you can additionally check the version of the installed system. It can be viewed in the system settings menu (depending on the model, the item to look for will be called “About”, “Software version”, “Firmware version”, etc.).

The main task is to understand what is installed: the official firmware or a custom version. A custom version is potentially dangerous because trojans and adware can be built into third-party firmware. At the same time, depending on the model, it can be complicated or even impossible to restore the original version.

To a certain extent, an anti-virus, which will detect known threats, may be a solution for this issue. However, trojans that aren’t yet known may be in the firmware. In addition, not many sellers will wait while you fiddle with your inspection. But this is even for the best – such a situation will mean that you do not need to take risks and it is worth looking for other variants.