Hi! Thanks for looking! I find many used electronics perfectly usable and agreeable, but my father, who used to be in the army and lives abroad, suggested there's a risk that someone might previouslly install spyware/gain access to your information. I was wondering, can we generally counter this risk? (Above is the important question, below are just thoughts that went with it -What are the chances we'd encounter something like this? (More or less likely in different countries?) -Is risk reduced by buying from a certain type of dealer, type of electronic? (Refurbished, craigslist) -Would taking precautions after buying, address the risks? Are there different types of spyware hard/soft spyware? (What are the most likely route a person doing the nefarious act would take?) -What readings might you suggest for commonfolk who use electronics quite extensively and personally, but don't actually understand the tech they're using (but would like to know how to protect their privacy)? Thank you so much!
Wipe the disk, then re-install the OS. If that's not possible, factory reset would remove most of them.
I would say your Father is right and the risk is high. Also in addition to what J_L said, if it is a cellphone/tablet get the latest firmware and install it. If it is a laptop get the latest BIOS version and the latest firmware for each device in device manager and install them. That should overwrite previous firmware that could be compromised.
Serious firmware malware (BadBios/BadUSB for example) will survive a firmware update, they're designed to. Besides, the malware doesn't need to reside in the primary firmware interface (BIOS or UEFI), it can be on the hard drive firmware, keyboard, webcam, or whatever- in theory. It's rather unlikely though, so I wouldn't be worried personally. Realistically, firmware malware is only likely to be used in highly targeted gov't attacks against suspected terrorists, other governments, executives of banks, oil companies, etc. The malware probably has a self-destruct feature in case the machine changes hands when it's sold, so it doesn't get into the wrong hands and exposed. Typical hackers out to steal from you or put you in a botnet are much more likely to go after low-hanging fruit, of which there is plenty.