Is it possible for a hacker to take control of Chromebook system, and spin the real user through a client instance?

[Veronica Cisneros]

Hello,

I am a victim of persistent targeted hacking, and recently I purchased an macOS 12.5.1 and also Asus Windows 11, and both were compromised in the spot. The mac, even without connecting to the Internet, and the Asus, despite using private Ethernet with new modem. What I noticed in the Asus Windows 11 was that by 2nd or 3rd login with administrative account, there would be one power-on screen with the Asus logo, then a short black screen, then another power on screen with the Asus logo, then the windows login screen (the Asus logo screen I am referring to corresponds to the splash screen). From my observations, I got the sense that I was a client OS of the actual Asus metal OS. As if I were spin out of a network instance. I am not a professional developer, and so I am speaking from gathered knowledge and personal observations (i.e., my language and terminology will be influenced by this). 

SO, I am wondering, with a Chromebook, is it possible that a hacker may take over the main OS during an update, and then spin me off through a network client instance?

I experienced this with early Pixel phone. The power on and login timespan went form a few seconds to over a minute. Despite the factory data resets. 

I am asking this question because I am trying to make a decision given a compromised environment. 

Thank you

[Harry Cutts]

On Saturday, November 5, 2022 at 8:44:34 PM UTC hacked.by.fo...@gmail.com wrote:

SO, I am wondering, with a Chromebook, is it possible that a hacker may take over the main OS during an update, and then spin me off through a network client instance?

On every boot, a Chromebook checks that the code it's running hasn't been tampered with (see the "Verified Boot" section of the Chromebook security page). If it detects tampering, it'll either silently revert to an unmodified copy of the OS (which it again verifies) or it'll show you a "ChromeOS is missing or damaged" screen. This makes an attack like you describe extremely difficult.

[Veronica Cisneros]

Thank you! 

[Harry Cutts]

On Wed, 9 Nov 2022 at 23:40, Swim Fan <swim...@gmail.com> wrote:

How does it verify?

This isn't really my area, so I don't know the details, but apparently it's based on the Hardware Root-of-trust on the device.

 

What's that look like to the user? Example- User whom is looking for a why the systems behavior deviates from what they remember was normal..

As I said, if verification fails the system will either revert to an unmodified copy of the OS or refuse to boot until you recover it. So, if the system's booted up, you can be pretty sure any behaviour changes are not due to a tampered OS. (Unless you've purposefully disabled rootfs verification, of course, but you'd know if you'd done that.)

 

Chrome://system ... and a normal or comparable device for comparison. Ideally of the same build. 

Try setting up the device you're having problems with in a different network , not used previously by the device. Maybe Public library... Chromebooks and Pixels work better together (inseparable perhaps) with Chromebooks. It can seem invasive... Generally because it is. Nevertheless. it has always been the goal to keep customers married to certain services. The best ones give you a choice imo

If you encounter issues like this, please file a bug.

Harry Cutts

[Swim Fan]

How does it verify? What's that look like to the user? Example- User whom is looking for a why the systems behavior deviates from what they remember was normal..

Chrome://system ... and a normal or comparable device for comparison. Ideally of the same build. 

Try setting up the device you're having problems with in a different network , not used previously by the device. Maybe Public library... Chromebooks and Pixels work better together (inseparable perhaps) with Chromebooks. It can seem invasive... Generally because it is. Nevertheless. it has always been the goal to keep customers married to certain services. The best ones give you a choice imo

On Monday, November 7, 2022 at 3:21:21 AM UTC-8 hcu...@chromium.org wrote:

[david....@gmail.com]

If your computers have been repeatedly compromised and as mentioned without them being connected to the internet, I would consider your whole environment compromised. That would mean, every device that can connect to the internet, computers, switches, smart home gear, router etc could all be controlled by someone remotely. As much as I trust my Chromebook, if my router was compromised, my internet bound traffic could be sent to wherever the hacker wanted to send me. Get a real professional to have a scan of your network. There are often white hat hacker /pen tester groups that might take your situation as a challenge. You might even be able to get local police involved. It will take some persistence to get yourself "fixed". I wouldn't trust ANYTHING on your network until someone gives it a clean bill of health. Once you have a known clean network, crank up your own vigilance and security practices. For things like ISP supplied routers, change the default passwords. Change all your passwords for all your websites and email accounts. Use Multi Factor Authentication wherever you can. Don't make it easy for anyone to do this again. 
And yes, do consider a Chromebook as a very safe alternative computer