Question Find out if computer contains "secret" / "hidden" hardware?

emilfrederiksen

Reputable
Jul 6, 2018
200
1
4,585
0
Dear all

I use Windows 10

1)
It is not a concern, but I was wondering how I can found out, if my computer contains hardware I am not aware of / “illegal” / “spy” hardware? Without opening up the case / looking at the hardware.

2)
Does Device Manager display ALL hardware connected to my computer?

3)
Is it possible hardware can function, without being shown in Device Manager?

Thank you in advance for replying

Best regards
 

emilfrederiksen

Reputable
Jul 6, 2018
200
1
4,585
0
  1. You don't. This requires that you do a visual inspection, which means opening the case and looking.
  2. Everything it knows about.
  3. Yes.
Why do you need to know this?
Thank you for your reply

My "concern" is, if someone with bad intetions, theoretically could insert hardware that could steal my data. I don't have anything of value or interest on my private home system. My work laptop is completely offline, but it has alot of GDPR sensitive data.

So my question rewritten is:
Hardware that tranfers data from a Windows 10 OS to a receiver, would it be shown in Device Manager, or could it operate without being shown in / outside of Device Manager?

Thanks again for your further help
 

emilfrederiksen

Reputable
Jul 6, 2018
200
1
4,585
0
There are multiple ways to do that without something being shown in Device Manager.

For sanity's sake, I'll not list them here.
But the hidden harware, would still require drivers etc. to function? How could i find those?

How would you find out, if there is hardware in your laptop that you are unaware of?
 
1)
It is not a concern, but I was wondering how I can found out, if my computer contains hardware I am not aware of / “illegal” / “spy” hardware? Without opening up the case / looking at the hardware.
You can't unless you open up the computer. And even then, there's no guarantee what you're seeing is what you get. Modern chips are massively complex devices and even if you obtained a die shot or were able to get a look at the die, it'd be impractical to figure out if there is something that isn't supposed to be there. There's also the burning question of "how would you even know it's supposed to be there?"

If you're really paranoid about spyware, the best thing to check is what's going in and out of the computer on a network level. You don't necessarily have to check each and every packet's data, but if you notice packets being sent to an IP address that doesn't make sense, you may have a case for something suspect going on. Though this takes a good understanding of what your computer has in the first place, as many applications want to report "anonymous" usage statistics and the like.

2)
Does Device Manager display ALL hardware connected to my computer?
It does not. Device Manager is basically a driver management utility. Not a hardware reporting one. For example, it doesn't even list what kind of RAM you have... or that you have RAM at all. A better built-in tool for this, though not by much, is System Information.

However, the thing is the hardware still has to report itself to the OS in order for the OS to even be aware of its existence. There are plenty of little controller ICs that are connected to some bus that has some data flowing through it, so who knows what it's actually doing with that data or where it's directing it to?

3)
Is it possible hardware can function, without being shown in Device Manager?
Yes. Motherboard fan controllers for example. The OS does not control them by default, if at all. And this is a good thing, you don't want to have something that's critical to the health of the computer needing an OS to control it.
 

emilfrederiksen

Reputable
Jul 6, 2018
200
1
4,585
0
You can't unless you open up the computer. And even then, there's no guarantee what you're seeing is what you get. Modern chips are massively complex devices and even if you obtained a die shot or were able to get a look at the die, it'd be impractical to figure out if there is something that isn't supposed to be there. There's also the burning question of "how would you even know it's supposed to be there?"

If you're really paranoid about spyware, the best thing to check is what's going in and out of the computer on a network level. You don't necessarily have to check each and every packet's data, but if you notice packets being sent to an IP address that doesn't make sense, you may have a case for something suspect going on. Though this takes a good understanding of what your computer has in the first place, as many applications want to report "anonymous" usage statistics and the like.


It does not. Device Manager is basically a driver management utility. Not a hardware reporting one. For example, it doesn't even list what kind of RAM you have... or that you have RAM at all. A better built-in tool for this, though not by much, is System Information.

However, the thing is the hardware still has to report itself to the OS in order for the OS to even be aware of its existence. There are plenty of little controller ICs that are connected to some bus that has some data flowing through it, so who knows what it's actually doing with that data or where it's directing it to?


Yes. Motherboard fan controllers for example. The OS does not control them by default, if at all. And this is a good thing, you don't want to have something that's critical to the health of the computer needing an OS to control it.
Thank you so much for your long response

"what's going in and out of the computer on a network level"
I have disabled both Network card and Bluetooth in Device Manager
So I guess, that yoursuggested solution is not doable?

But as others have pointed out, a hidden hardware part can send data through the OS without being detected / shown
 

Corwin65

Honorable
While it is good to be vigilant, paranoia is a distraction. If this is a work computer then the responsibility would fall on your IT department, not you.

Have you had any indication that " GDPR sensitive data " has been compromised?

At the end of the day all we can do is be vigilant and pay attention to what we are doing and if we see something suspicious act on it.
 
The long and short of it is if someone maliciously put some device on the motherboard out of the factory, they absolutely could do it without you knowing. But at a logical level, no motherboard manufacturer would do this since if detected they would more or less instantly go out of business. Therefore, you can be assured this is not happening.

This is bordering on paranoia, honestly.
 

geofelt

Titan
Your exposure is not to any device that might have been installed in China, but on simple software hacking.
Clicking on a phishing email link can install malware, tracking apps, viruses or ransomware.

Install an effective antivirus app.

Disconnect from the internet if you must(and disable wifi also)
 
Reactions: helper800

emilfrederiksen

Reputable
Jul 6, 2018
200
1
4,585
0
Thank you again for all your responses

1.
Would it be possible to monitor in Windows, if something malicious shady is going on / traffic?

2.
Is there ways to monitor around / outside the laptop, if something malicious shady is going on / traffic?

3.
And what kind traffic could it be, radio, bluetooth?

Thank you for further help

Best regards
 

ex_bubblehead

Champion
Moderator
Thank you again for all your responses

1.
Would it be possible to monitor in Windows, if something malicious shady is going on / traffic?

2.
Is there ways to monitor around / outside the laptop, if something malicious shady is going on / traffic?

3.
And what kind traffic could it be, radio, bluetooth?

Thank you for further help

Best regards
1. Define "malicious" and "shady" in terms that a programmer can then write the necessary code. Detail counts here.

2. Mount a camera.

3. Yes. Just as well as literally thousands of other ways.
 
Reactions: emilfrederiksen
Nov 3, 2021
50
8
45
4
Dear all

I use Windows 10

1)
It is not a concern, but I was wondering how I can found out, if my computer contains hardware I am not aware of / “illegal” / “spy” hardware? Without opening up the case / looking at the hardware.

2)
Does Device Manager display ALL hardware connected to my computer?

3)
Is it possible hardware can function, without being shown in Device Manager?

Thank you in advance for replying

Best regards
Without opening the case itself, it's unlikely that you'd be able to find anything. However, it's just as unlikely that someone could do that unless your laptop was temporarily stolen and the thief opened your device and installed some kind of hardware that could take your data. While possible, it's extremely unlikely; if anything, most thieves would just keep your device and do what they will with what's on the device.

As others have said, device manager simply displays the hardware that's on your device; a better tool to get an idea of what's installed on your device would be something like HardwareInfo. Obviously if someone installed some kind of rogue peripheral on your computer, it's entirely possible that it could be hidden from such tools. And yes, hardware can function just fine w/out showing in Device Manager; your RAM does, for example.

If you're legitimately concerned about some rogue device on your laptop, open it up and look for yourself. Otherwise, you've really nothing to worry about. Unless you work with highly sensitive data on that device anyways, most attackers wouldn't be attracted to what's on there beyond typical PII which should be secured anyways.
 
Reactions: emilfrederiksen
Dear all

I use Windows 10

1)
It is not a concern, but I was wondering how I can found out, if my computer contains hardware I am not aware of / “illegal” / “spy” hardware? Without opening up the case / looking at the hardware.
..
Unlike others, I don't think your concern is unfounded:

https://www.electronicdesign.com/technologies/embedded-revolution/article/21807102/is-your-motherboard-hacked

But also like the others have shown I don't think you'll find it easy ferret out any added, or altered, semiconductors with embedded hacks. Mainly because it's going to be 'built-in' at a very low level and is specifically designed to be hard to find without opening up the device and looking for the altered micro-circuitry.

I don't think you need to be individually worried about exploits that sophisticated because they aren't aimed at individual computers for data. It's way to hard to collect random data from hundreds of millions...maybe billions...of devices and make sense enough of it to do anything. They're after huge data banks on servers, where the data's already amassed and they only have to correlate it with data gathered from a few others to learn all they need to about you and millions of others.

So hack billions of chips and even just a few will be installed in critical computers. Now just wait for an unthinking administrator to let that computer have unprotected access to the wider internet for just a few minutes and bam, they get a back door to the network it will be attached to later on.

But if you're worried about something like a key-logger....
https://www.malwarebytes.com/keylogger
It doesn't appear they need added hardware like they used to, the virus/trojan/whatever exploits seem to do just fine taking over your own hardware and making it do it for them. So keep your AntiVirus up to date and practice safe browsing.
 
Last edited:

emilfrederiksen

Reputable
Jul 6, 2018
200
1
4,585
0
1. Define "malicious" and "shady" in terms that a programmer can then write the necessary code. Detail counts here.

2. Mount a camera.

3. Yes. Just as well as literally thousands of other ways.
Once again, thank you so much for your help

1.
If some radio, Bluetooth, network / wifi transmitter hardware was put in my laptop without my knowledge. The traffic of that hardware, could I monitor that in Windows?
Im familiar with the embedded Windows Resource Monitor.

2.
I was thinking some kind of scanner maybe?
My phone for example can scan for Bluetooth devices and wifi networks.
 

emilfrederiksen

Reputable
Jul 6, 2018
200
1
4,585
0
The long and short of it is if someone maliciously put some device on the motherboard out of the factory, they absolutely could do it without you knowing. But at a logical level, no motherboard manufacturer would do this since if detected they would more or less instantly go out of business. Therefore, you can be assured this is not happening.

This is bordering on paranoia, honestly.
Thank your for your contribution to the topic

Regarding what you wrote. It would require my laptop to be connected to the internet:
“someone maliciously put some device on the motherboard out of the factory”
?
 

emilfrederiksen

Reputable
Jul 6, 2018
200
1
4,585
0
Your exposure is not to any device that might have been installed in China, but on simple software hacking.
Clicking on a phishing email link can install malware, tracking apps, viruses or ransomware.

Install an effective antivirus app.

Disconnect from the internet if you must(and disable wifi also)
Thank you for your reply

My laptop is not connected to any nework or wifi

So for any rogue hardware to have any effect (steal data and traffic monitoring), it would require my laptop to be connected to the internet?
 

emilfrederiksen

Reputable
Jul 6, 2018
200
1
4,585
0
Unlike others, I don't think your concern is unfounded:

https://www.electronicdesign.com/technologies/embedded-revolution/article/21807102/is-your-motherboard-hacked

But also like the others have shown I don't think you'll find it easy ferret out any added, or altered, semiconductors with embedded hacks. Mainly because it's going to be 'built-in' at a very low level and is specifically designed to be hard to find without opening up the device and looking for the altered micro-circuitry.

I don't think you need to be individually worried about exploits that sophisticated because they aren't aimed at individual computers for data. It's way to hard to collect random data from hundreds of millions...maybe billions...of devices and make sense enough of it to do anything. They're after huge data banks on servers, where the data's already amassed and they only have to correlate it with data gathered from a few others to learn all they need to about you and millions of others.

So hack billions of chips and even just a few will be installed in critical computers. Now just wait for an unthinking administrator to let that computer have unprotected access to the wider internet for just a few minutes and bam, they get a back door to the network it will be attached to later on.

But if you're worried about something like a key-logger....
https://www.malwarebytes.com/keylogger
It doesn't appear they need added hardware like they used to, the virus/trojan/whatever exploits seem to do just fine taking over your own hardware and making it do it for them. So keep your AntiVirus up to date and practice safe browsing.
Thank you so much for your reply

Your reply surely fueled my paranoia (joke, and laughing)

For that rogue hardware to have any effect (steal my data etc.), it would require my laptop to be connected to the internet?
And if the rogue hardware somehow was connected via cellular, my laptop would have internet?

Network cards and Bluetooth are all disabled in Device Manager.
My laptop is not online.
 

USAFRet

Titan
Moderator
Mar 16, 2013
153,659
10,991
175,990
24,031
"hidden hardware"

Two possible options:
1. It was installed at the factory. This would mean that it was installed on many/most/all of the laptops coming off that assembly line. They would just put it on one single device, in hopes that it was sold to someone with valuable info and data. But if installed on all those laptops, someone else would have found it by now, and that would have been widely publicized.

or

2. They are targeting you. This means that you personally have something they want. AND they have had physical access to your laptop. But if they had physical access, why didn't they just steal the laptop?
 

emilfrederiksen

Reputable
Jul 6, 2018
200
1
4,585
0
"hidden hardware"

Two possible options:
1. It was installed at the factory. This would mean that it was installed on many/most/all of the laptops coming off that assembly line. They would just put it on one single device, in hopes that it was sold to someone with valuable info and data. But if installed on all those laptops, someone else would have found it by now, and that would have been widely publicized.

or

2. They are targeting you. This means that you personally have something they want. AND they have had physical access to your laptop. But if they had physical access, why didn't they just steal the laptop?
Once again, thank you so much for your help

For your example 1.
For that rogue hardware to have any effect (steal my data etc.), it would require my laptop to be connected to the internet? (otherwise they would have to be withing bluetooth / radio distance).
And if the rogue hardware somehow was connected via cellular, my laptop would have internet?

More questions:

1.
If some radio, Bluetooth, network / wifi transmitter hardware was put in my laptop without my knowledge. The traffic of that hardware, could I monitor that in Windows?
Im familiar with the embedded Windows Resource Monitor.

2.
Is there ways to monitor around / outside the laptop, if something malicious shady is going on / traffic?
My phone for example can scan for Bluetooth devices and wifi networks.
 

ASK THE COMMUNITY