Question Does there exists in any realm of possibility a way for a device to get hacked while it is powered off?

[Rov123]

Especially in scenarios where you are targeted by state sponsored or elite level hackers?

For example, let's say your devices at home are hacked and possibly the wifi as well. You decided to order a new device online to be shipped your home, such as a new laptop or phone. The new device arrives and it is currently powered off, and you intend to only turn on or use this device when you are away from your home. Is it possible for it to somehow get hacked while it is powered off or offline when you return home and have it in near proximity to your infected network and devices?

And if yes, then would a removable battery device be effective against such attacks? Such as a flip phone where you can remove the battery from the device, making it completely powered off.

 

[Brahman]

where you are targeted by state sponsored or elite level hackers?

In such a scenario you shouldn't be using electronic devices at all. Find a remote place, use hard cash to transact and be alone at all times.

 

[Sorrento]

I would be concerned about satellite surveillance though?

 

[TairikuOkami]

Does there exists in any realm of possibility a way for a device to get hacked while it is powered off?

i would correct it ... when the screen is powered off. Find My Phone apps can track powered off phones and serious companies use Faraday cage during meetings to avoid listening.

And if yes, then would a removable battery device be effective against such attacks?

Assuming there is not a hidden low-power battery. The best way to be sure is to measure EMF.

 

[Marko :)]

In such a scenario you shouldn't be using electronic devices at all. Find a remote place, use hard cash to transact and be alone at all times.

For additional protection add balaclava and considering wearing colored contact lenses to change eye color.

 

[RoboMan]

Especially in scenarios where you are targeted by state sponsored or elite level hackers?

For example, let's say your devices at home are hacked and possibly the wifi as well. You decided to order a new device online to be shipped your home, such as a new laptop or phone. The new device arrives and it is currently powered off, and you intend to only turn on or use this device when you are away from your home. Is it possible for it to somehow get hacked while it is powered off or offline when you return home and have it in near proximity to your infected network and devices?

And if yes, then would a removable battery device be effective against such attacks? Such as a flip phone where you can remove the battery from the device, making it completely powered off.

Funny scenario lol

But in reality, it would be extremely difficult and rare to see such attacks.

Normally, when the device is powered off, important components such as CPU, memory, are inactive, therefore hacking not being possible.
But many modern devices use low-power subsystems, meaning some components (like Android's Always Listening) can remain active even when the device is turned off.

A more realistic way to get infected this way would be if the device came with a backdoor or malware installed directly from the factory (during supply chain)

But all in all, there’s no “wireless infection by proximity” if it’s truly powered down.

Also, with the battery REMOVED there is literally no power source to any chip. That’s the only way to ensure it’s truly off.

 

[Divergent]

You're right to be concerned about getting a new device that's already compromised. It's not just paranoia, remember that whole Lenovo "Superfish" scandal 10 years ago? A major manufacturer's own software created huge security holes, proving this kind of threat is very real.

That said, it's helpful to distinguish between a widespread issue like that and a targeted, spy movie level attack where someone physically implants hardware. The second one is incredibly rare.

And you're spot on about the battery. While modern tech like Secure Boot is designed to prevent tampering, physically removing the power source is the most surefire way to know a device is completely off and can't be accessed.

Ultimately, while it's smart to be aware of these supply chain hacks, the biggest day to day threats for most people are still the usual suspects, phishing scams, malware from sketchy downloads, and weak passwords.

 

[Zero Knowledge]

Yeah tin foil hat territory but as they say It's always impossible until it's done. If they can hack and compromise and exfil data from computers using sound then it's open season.

In such a scenario you shouldn't be using electronic devices at all. Find a remote place, use hard cash to transact and be alone at all times.

This. Retire & find some 3rd world country and just live off the land. No PC's. No phones. No electronics. Just you and your yacht crossing the islands drinking mojitos and eating lobster/fish..

 

[Victor M]

Are you sure that you never turned on the new device at home, even if just to check if it working ? WiFi turns on when you power on the device, no ?

And if they have hacked your pc, then they would have known about the new device when you ordered it online using the hacked pc. And then when they saw a new device connecting to WiFi they would attack it.

You don't need to get a new pc. All you have to do is use Parted Magic ( Download Parted Magic - MajorGeeks ) to erase the SSD/HDD. Use Rufus to burn that ISO to a USB stick. Then reboot, keep pressing ESC or F2 or F12 to boot to Parted Magic. Some business class laptops like the DELL Latitude can quick erase the SSD from BIOS. Then re-install Windows.Your pc will be as good as new.

About the WiFi, if it is supplied by your ISP then return it to the store and ask for a new one. Or if you fear they'd repeat the same attack then switch to a different ISP and hence a different brand of modem-router. If WiFi is supplied by your own router, then first try to update the firmware via downloading from the manufacturer web site.

When you are being hacked, you have to do some hardening of Windows. Follow this ( Setup Idea - Default Deny Windows Firewall setup How To ) to configure your firewall.

Then in addition to getting a good anti-malware, I recommend getting CyberLock ( CyberLock - Automated and Effortless Zero-Trust Endpoint Protection ). It's developer danb is on this forum.

 

[Parkinsond]

Yes, if you have "wake on LAN" turned on (BIOS settings) and one of PCs on your local network is hacked after being infected; it can remotely turn on your PC and infect it by lateral movement, although this situation is almost exclusively for coporate sector.