Hardware Implants: When Reinstalling OS Won't Help
When people talk about digital security, they mostly discuss encryption and keeping secrets safe. Don’t click random links, use encryption for everything and you are safe. These rules really can help you to stay safe. But unfortunately, there is a whole class of threats, you can’t avoid by just not clicking random links. It’s a sophisticated attack that is invisible to your antivirus, firewall and even erasing a disk and reinstalling system will not fix it.
Hardware implants. They are physical components, think of them as separate devices, inserted into legitimate devices during manufacturing, supply chain transit, or physical access to a target machine. Unlike software malware, they operate at or below firmware level, making them invisible to the operating system and any software-based security tool.
Types of Hardware Implants
Here are some types of the devices. It’s not a full list.
Interposer / PCB-level Implants
Tiny rogue chips soldered directly onto a motherboard, often between the CPU, BMC, or network controller.
What they do:
- Intercept data on the bus
- Inject malicious instructions into the boot sequence
- Establish covert network backdoors
Firmware / Flash Chip Implants
The attacker replaces or reprograms a legitimate flash memory chip (BIOS/UEFI, SSD controller firmware, NIC firmware) with a malicious version.
What they do:
- Inject a persistent rootkit that survives full OS reinstalls
- Modify the boot chain before the OS loads
- Disable Secure Boot silently
RF / Wireless Exfiltration Implants
Small implants with a radio or WiFi transmitter: custom RF, UWB, or infrared, that silently exfiltrate data without touching your network at all. They are dangerous against air-gapped systems where software-based exfiltration is impossible.
What they do:
- Exfiltrate keystrokes, screen captures, or documents wirelessly
- Receive remote commands with no internet access required
- Operate on unconventional frequencies specifically to avoid RF detection tools
- Can be interrogated by a nearby operative with a directional receiver
Keyboard & Peripheral Implants
Covert hardware inserted inside keyboards, mice, or USB hubs.
What they do:
- Log every keystroke and transmit it wirelessly
- Act as a BadUSB — inject keystrokes to execute commands
- Sit passively for months before activation
Power Line / PSU Implants
Implants hidden inside power supply units or power cables, drawing power from the AC/DC rail.
What they do:
- Stay active even when the machine is "off" (using standby 5V rail)
- Communicate over powerline networking (no wireless signal to detect)
- Trigger actions on power-on events
Storage Controller Implants
Malicious firmware flashed onto an SSD, HDD, or NVMe controller chip.
What they do:
- Hide protected sectors invisible to the OS
- Persist malware in storage the OS can never see or wipe
- Reinstall malware automatically after every OS install
Network Implants (Inline Taps)
Devices placed inline on a network cable or inside network equipment — routers, switches, TAPs.
What they do:
- Perform full packet capture passively
- Inject malicious traffic or DNS responses
- Provide persistent remote access into the network
Optical / Acoustic Side-Channel Implants
Less "chip" and more "sensor" — tiny cameras, microphones, or light sensors embedded in hardware or accessories.
What they do:
- Capture screen content optically
- Record audio for voice exfiltration
- Measure electromagnetic emissions
Hardware implants own your information. Reinstalling the OS changes nothing. Because such devices are hidden and some of them can even survive and transmit your data even when your device is powered off, treat your OS as just a tenant at someone's hardware.
I never took this topic seriously until it was too late. I became a victim of a crime in Austin, TX in 2023 where I moved from Kyiv in 2022. The attack was committed during my sleep with using of drugs, so that I had no information about what happened besides some very brief memory of the part of the attack. After that I started to look for witnesses and evidence. As a part of the process I started to work with my flashbacks and wrote the article that explains what PTSD is and what mechanisms drive it and where PTSD: When Dragon Doesn't Scare. That was the point where I understood I have PTSD. What I didn't know then was that I was attacked not only in Texas, but it happened first on the Crimean Peninsula around 2014, then in Kyiv, and later in Austin.
Before I started to work with my flashbacks I never understood how attackers could know what I discussed in private messages and how my private information leaked to entire groups of people, diluted with false assertions and staged video recordings of dubious origin. I didn't know how they tracked me. Only today it became cristal clear for me: the attackers discussed implants in my laptop.
When you are a target, even your political position doesn't matter. What matters for them is what you have and possibility of exploiting you. No one of them are interested in revealing the truth. They are going to exploit you as much as possible, to gain political and financial capital. In the modern world digital devices play a massive role in it. Because many educated people and professionals such as developers, researchers and journalists keep their data on their devices.
So, how can you defend your information? Consider a digital device compromised by default. You can never know when you become a target. The most important thing is understanding how these attacks are carried out to have crystal clear understanding of what can happen and don't accept the "mental disorder" narrative pushed by your attackers.
Don't underestimate someone's appetite for your information. They will not take your laptop, they will leave it to you with their implant inside to get more than just a stolen device could ever give them.