Can a computer be hacked in sleep mode?
Another question my clients often ask me is ‘Can a computer be hacked in sleep mode?’ .. Well lets find out..
If you’ve read our previous blog post, you would know that it’s quite easy to get hacked.
A computer cannot be hacked “in” sleep mode, but it can be hacked either if the user resumes his or her computer to make it back into functioning under the power of the operating system or the hacker triggers a Wake-on-Lan (WOL). You see, when a computer is sleeping or hibernating, it is still powered on and running – just at a very low level where it does not have any access to memory. In fact, even during sleep mode you cannot cut energy from your computer because whichever feature you use keeps your computer’s LED running and the fan spinning.
How a hacker can access your computer when its in sleep mode?
In this article we’ll also look at how an attacker might access your computer’s memory when in sleep mode, then discuss possible mitigations that could be taken against this kind of attack.
Computer hackers use different tricks to make their way into computers, but one of the most common is to answer an email from someone purporting to be a legitimate authority such as a bank or your internet service provider (ISP). The message will tell you that something has gone wrong with your account and that you need to click on a link to log in and update or revalidate it. You do not know that clicking on this link may give the perpetrator access to your machine via your web browser and allow them complete control over what programs run and thus – once they’ve breached security – all of your information. It might not take much for hackers to find ways around sleep mode protections.
Remember that the best way to avoid any security vulnerability is to keep software (and hardware) up to date. Of course, you should always stay abreast of current events – our blog will make sure you don’t miss anything!
With that out of the way, let’s take a look at how an attacker might hack your computer when it is in sleep mode.
As mentioned earlier, sleep mode turns off RAM to conserve energy; however it doesn’t cut power completely – this allows the contents of the RAM to be maintained, which includes any viruses or malware already loaded into memory. This short time window can be used by attackers to run their own code on the target system, with the victim none-the-wiser.
There are two main methods used by hackers: cold boot attacks and DMA attacks. Both involve physically accessing the machine – either remoting from a secure location or from being left turned on. In both cases the goal is to boot up the computer and then carry out the attack, though cold boot attacks require a little more time and effort.
Cool boot attacks vs DMA attacks
Cold boot attacks simply reboot the target machine to carry out the attack, which like DMA attacks requires physical access, but unlike DMA doesn’t require any special equipment. Once rebooted, an attacker has around five minutes before memory contents are lost. This means that they need to move quickly. One of two approaches can be taken: steal data directly by logging keystrokes or taking screenshots or download malware via USB. Either way, if it’s done within those five minutes there’s a good chance that some information can be obtained.
While this method is effective at obtaining information, it’s also noisy. It’s also possible that the target computer will go into hibernation mode before rebooted. In this case, the attack will fail as a human would likely catch the device being stolen. However, if a thief is quick, they may still be able to swipe some data from volatile memory without having to reboot.
In short, if an attacker has physical access, then there are plenty of ways of getting information from a sleeping laptop that don’t require complex equipment or programs. If an attacker does have such equipment or programs, then additional methods exist that allow them to remain undetected until after theft takes place.
For example, someone could reboot into safe mode and copy data directly from volatile memory without disrupting power. This would require some know-how though – many average users should stick with simpler ways of keeping their hardware secure.
How to protect yourself from being hacked
When you disconnect all cords and make sure they can’t be accessed or connected to by anyone else’s devices (by placing them out of sight) you protect yourself not only while it’s awake but also while it’s asleep/ powered off. This way you ensure no one will be able to access anything without signing in with their password. If you need a hand with any of the below, be sure to get in touch with one of our computer technician.
- Login Credentials
If someone does somehow attempt to hack into your device and they’re able to access it while it’s sleeping, there is still a chance they can’t do too much without first signing into an account with valid credentials. If you never save your passwords on web pages or applications, anyone trying to get into them won’t be able to without guessing what those passwords might be . If they try guessing, each failed login attempt will sound off an alarm which makes hacking even more difficult.
- Disconnect internet
Of course, a computer can’t be hacked just because it’s sleeping if there is no Wi-Fi connection. If the device is not connected to a wireless network, any hacking attempts would have nothing to go off of and your computer will remain safe from most attacks. In fact, many businesses use this power-saving mode so employees don’t waste company time on Facebook or playing games when they should be working. There are some exceptions where hackers could attempt to access your information even while the machine is in sleep mode, but it depends largely on what type of data you’re storing on that device and how much security is protecting it.
- Install an anti-virus
Computer security has never been more important than now, with the internet connecting us all into one community that’s open to attack. When your computer goes into hibernation or shut-down mode, its data moves out of volatile system memory (RAM) into non-volatile storage (such as hard drives). This makes it cryptographically impossible for hackers to break in while the machine is powered down. Simply by powering up again, users can resume where they left off, safe in the knowledge that no intruders have accessed their machine. But there are ways around this – some of them fairly straightforward. We highly recommend Kaspersky Internet Security.
- Shut down Your PC
For someone who really is determined to keep hackers away, no matter what, the solution is even simpler – just unplug it from its power source. This can be done with impunity by any user – there’s absolutely nothing that will happen other than the machine showing an error message after reboot saying that it wasn’t shut down properly and does the current user want to do so now. If your PC isn’t set up in such a way as to require authentication before allowing somebody access, unplugging it can allow them full rein over your files.
- BIOS Password
The most obvious way would be to password-protect the BIOS. Unfortunately, this isn’t as effective as it sounds: simply unplugging the PC from its power source will circumvent this protection too, allowing anybody with physical access free reign over your machine. It’s still not a bad idea though; coupled with at least one other layer of security or authentication, such as encrypting partitions, it could help to ensure that any sensitive data on your computer remains accessible only to you.
- Don’t leave your computer unattended
Regardless of whether or not you choose to use sleep mode, the most important thing to remember is that a computer which has been put into this state should not be left unattended. If you absolutely must step away for even one minute, slide the laptop’s lock switch to the locked position. It will prevent most tampering, and it will keep your device safe when you are unable to keep an eye on it.
- Keeping Yourself Cognizant
Knowing how sleep mode works is important, but keep in mind that there are ways to get around it. It’s not a perfect method, and you always need to be cognizant of your surroundings. If someone enters your office while you’re gone, they could easily access your technology in unsafe ways. To prevent this from happening put your laptop in lock mode or turn off nonessential devices when leaving them alone for short periods of time.
As for laptops specifically, closing their lid will close all open programs simultaneously so that its resources are at rest when the computer goes into deep sleep mode. Unplugging a laptop automatically enters deep sleep mode and therefore shuts down all open programs. If someone were to access your computer after it’s been unplugged, they wouldn’t be able to access anything other than the information stored locally on its hard drive.
Lastly, leaving the network cable plugged into a device will keep it from entering deep sleep mode. Someone with physical access would be able to connect to the internet without any trouble through this wired connection as long as the router is still powered on. Note that this won’t work if your wireless card has been disabled so you should always secure both connections when putting your devices to sleep by using power saving modes or shutting them down completely.
Sleep mode is useful in keeping processes running smoothly after hours of inactivity, but just like anything else in life there are downsides. If someone happens to have physical access then they can easily circumvent security measures by using something called cold boot attacks, or “RAM harvesting.” To prevent your computer from being hacked in sleep mode always lock your device when leaving it unsupervised. The choice whether or not to use sleep mode depends on your security requirements. While it does improve device longevity, it can make it more vulnerable to tampering when in the wrong hands.