geekhack Community > Input Devices

Are I/O devices disabled in the BIOS still vulnerable to malware.


Apologies if this is the wrong place or is a naive question. If a user has disabled I/O devices via the BIOS, for example, an internal microphone and webcam, is it possible for malware to still 'spy' on the user via these devices? I guess my question boils down to how the BIOS disables these devices? And whether it is possible for malware to get around whatever method the BIOS uses to disable these devices.

There's more than a few security people who go so far as to disconnect the webcam wiring and clip the mic wires in any laptops they buy.

That's a bit extreme for most but if you just want added protection without damaging things you could disable them in bios then re-install Windows so that the OS has no record of them ever existing and therefore no drivers or registry entries showing it ever existed. Not perfect, but better than nothing.

Ask yourself this though, are you worth hacking at this level? 
It's not trivial to target a specific person with something like this over the internet and quite easy to be inundated with too much data to be useful if you cast too wide of a net. Most hacks like this tend to be through monitoring/security software on a company/school laptop and someone in charge abusing that system. It's far easier for someone with access to your laptop or home to just install a hidden camera elsewhere and watch all the time from angles/places where they're sure to catch something than hoping to catch you dancing naked in front of your webcam.


[0] Message Index

Go to full version