Serious Discussion Malware that allows hacker to use laptops hardware in secret

[Oblivion99]

Dear all

Malware that made it possible for the hacker to use the laptops Network card in secret.
While also:
Windows has no wifi connection
Wifi is off in Windows settings
Network card is disabled in Device Manager
No activity in Resource Monitor Network

Or

Malware that made it possible for the hacker to use the laptops Bluetooth adapter in secret.
While also:
Windows has no Bluetooth connection
Bluetooth is off in Windows settings
Bluetooth is disabled in Device Manager

1.
Would malware like this be on the blacklist of MS Defener, and MS Defender would block or quarantine it?

2.
Is this kind of malware purely theoretical?
Does this kind malware exist?
Or anyone heard of something similar?

3.
What level of skill does it require to create this kind of malware, something like NSA / super hacker?

Thank you

 

[Victor M]

While I haven't encountered these 2 things, the surest way to prevent this is to switch it off in the BIOS. Switching it off in Windows only stops the Windows components from using it; the drivers are still installed and still functional, just that no Windows code is calling it.

I wouldn't rely on some blacklisting technology like an AV alone as my defense. Blacklists only block what it has previously encountered. It is up to you to reduce your attack surface.

Your perception of who can exploit this needs to change. 'Super hackers' make and sell their wares on the blackmarket and even junior hackers have access to their technology.

And I don't classify this as super secret tech, I seem to have heard of it before. And hardware manufacturers wouldn't have made the BIOS on/off switches available for no reason. Even my consumer grade 2020 $600 ASUS Vivobook has these features in it's BIOS security tab.

 

[TuxTalk]

Dear all

Malware that made it possible for the hacker to use the laptops Network card in secret.
While also:
Windows has no wifi connection
Wifi is off in Windows settings
Network card is disabled in Device Manager
No activity in Resource Monitor Network

Or

Malware that made it possible for the hacker to use the laptops Bluetooth adapter in secret.
While also:
Windows has no Bluetooth connection
Bluetooth is off in Windows settings
Bluetooth is disabled in Device Manager

1.
Would malware like this be on the blacklist of MS Defener, and MS Defender would block or quarantine it?

2.
Is this kind of malware purely theoretical?
Does this kind malware exist?
Or anyone heard of something similar?

3.
What level of skill does it require to create this kind of malware, something like NSA / super hacker?

Thank you

 

[Khushal]

Dear all

Malware that made it possible for the hacker to use the laptops Network card in secret.
While also:
Windows has no wifi connection
Wifi is off in Windows settings
Network card is disabled in Device Manager
No activity in Resource Monitor Network

Or

Malware that made it possible for the hacker to use the laptops Bluetooth adapter in secret.
While also:
Windows has no Bluetooth connection
Bluetooth is off in Windows settings
Bluetooth is disabled in Device Manager

1.
Would malware like this be on the blacklist of MS Defener, and MS Defender would block or quarantine it?

2.
Is this kind of malware purely theoretical?
Does this kind malware exist?
Or anyone heard of something similar?

3.
What level of skill does it require to create this kind of malware, something like NSA / super hacker?

Thank you

 

[Oblivion99]

While I haven't encountered these 2 things, the surest way to prevent this is to switch it off in the BIOS. Switching it off in Windows only stops the Windows components from using it; the drivers are still installed and still functional, just that no Windows code is calling it.

I have thoroughly looked through my laptops BIOS several times. There are no settings for either network card or bios / bios adapter.

Your perception of who can exploit this needs to change. 'Super hackers' make and sell their wares on the blackmarket and even junior hackers have access to their technology.

This is perception aswell. That almost any type of malware is obtainable on the dark web, unfortunately.

 

[Oblivion99]

View attachment 286419

I would very much appreciate your qualified answers og best guesses.

Thank you

 

[Oblivion99]

I would very much appreciate your qualified answers og best guesses.

Thank you

 

[Victor M]

There are no settings for either network card or bios / bios adapter.

I have BIOS settings for both Bluetooth (labeled as Bluetooth in both Asus and Dell) and WiFi Network card (called Network Stack in my Asus bios, and WLAN in Dell bios).

What I really meant to say was: there doesn't need to be a super hacker attacking your machine, super hacker tools are available on the dark web at a price. Even scriptkiddies can get them. So the odds of getting attacked that way is higher than you may have thought.

No disrepects.

 

[Oblivion99]

What I really meant to say was: there doesn't need to be a super hacker attacking your machine, super hacker tools are available on the dark web at a price. Even scriptkiddies can get them. So the odds of getting attacked that way is higher than you may have thought.

Would you feel, that below measures would be enough to protect your data?

Windows has no wifi connection
Wifi is off in Windows settings
Network card is disabled in Device Manager

Bluetooth is off in Windows settings
Bluetooth is disabled in Device Manager

Thank you

 

[TuxTalk]

Would you feel, that below measures would be enough to protect your data?

Windows has no wifi connection
Wifi is off in Windows settings
Network card is disabled in Device Manager

Bluetooth is off in Windows settings
Bluetooth is disabled in Device Manager

Thank you

 

[cliffspab]

Would you feel, that below measures would be enough to protect your data?

Windows has no wifi connection
Wifi is off in Windows settings
Network card is disabled in Device Manager

Bluetooth is off in Windows settings
Bluetooth is disabled in Device Manager

Thank you

SMB

 

[Victor M]

Would you feel, that below measures would be enough to protect your data?

Windows has no wifi connection
Wifi is off in Windows settings
Network card is disabled in Device Manager

Bluetooth is off in Windows settings
Bluetooth is disabled in Device Manager

In Device Manager, disable WiFi Direct too. Pull down the menu and checkmark Show Hidden. There should be 2 instances if I remember correctly.

If this machine is intended to be an always offline machine to safeguard your important data, then you should disable Networking (ethernet and wifi/wlan) and Bluetooth in the BIOS/UEFI . That is the master kill switch. Different BIOSes use different names, for example my ASUS Vivobook calls it the Network Stack.

 

[Oblivion99]

SMB

SMB?
Shaking my brain?

 

[Oblivion99]

In Device Manager, disable WiFi Direct too. Pull down the menu and checkmark Show Hidden. There should be 2 instances if I remember correctly.

I have enabled show hidden devices in device manager, all the time.

Every device that can be disabled, is disabled in the "Network adapters" and "Bluetooth" groups.

1.
What else should I consider disabling?

2.
Some the devices is greyed out, and when right clicking on them, only "properties" is available.
What does that mean?

If this machine is intended to be an always offline machine to safeguard your important data, then you should disable Networking (ethernet and wifi/wlan) and Bluetooth in the BIOS/UEFI . That is the master kill switch. Different BIOSes use different names, for example my ASUS Vivobook calls it the Network Stack.

As stated earlier, I have tried this. I have looked thoroughly the BIOS several times, and there are no such settings.

Thank you

 

[bazang]

1. Would malware like this be on the blacklist of MS Defener, and MS Defender would block or quarantine it?

If such a malware is discovered in the wild, the installer likely would end up in Microsoft's signatures. Otherwise, Defender does not scan Windows at deep enough level to detect it.

2.
Is this kind of malware purely theoretical?

Not theoretical. Possible but would require close proximity to the system such as an emissions attack.

2.
Does this kind malware exist?
Or anyone heard of something similar?

So many hackings. Oh, so many.

Yes, it exists.
There are many proof-of-concepts (POCs) and some actual attacks and some real, in-the-wild instances of use.

Researchers snoop data from air-gapped PC's RAM sticks by monitoring EM radiation from 23 feet away

'RAMBO' attack exploits a weakness present in almost every electronic device.

www.tomshardware.com

RAMBO attack uses RAM in air-gapped computers to steal data

RAM's electromagnetic emissions could be used to steal your passwords

www.techradar.com

Researchers warn about new "SATAn" that can hack air-gapped PCs using SATA cables

A new air-gap cyberattack technique has entered the frame. The researchers are referring to it as “SATAn” and it basically involves using ordinary SATA cables to transmit data wirelessly.

www.neowin.net

Attacking Air-Gap-Segregated Computers

Computers disconnected from the wire can still be compromised using advanced, off-the-shelf tools.

www.f5.com

Van Eck Phreaking:

Van Eck phreaking - Wikipedia

en.wikipedia.org

3.
What level of skill does it require to create this kind of malware, something like NSA / super hacker?

Can be purchased on the Dark Web.

 

[Victor M]

That is all the advise I have to offer then. I have told you what I know.

 

[TuxTalk]

I have enabled show hidden devices in device manager, all the time.

Every device that can be disabled, is disabled in the "Network adapters" and "Bluetooth" groups.

1.
What else should I consider disabling?

2.
Some the devices is greyed out, and when right clicking on them, only "properties" is available.
What does that mean?


As stated earlier, I have tried this. I have looked thoroughly the BIOS several times, and there are no such settings.

Thank you

Shut down your computer and throw it away ,.for you the most safest!