Is Sleep mode safe?



  • If a PC has rootkit, when it goes into sleep mode, can rootkit do anything to it while it’s in state of sleeping? Meaning steal data, open programs and basically do anything. Assuming it’s not BIOS rootkit.



  • In "true" sleep mode, where the CPU is powered down, no; rootkits are software like anything else, and can't run in a state when software isn't able to run. Of course, the rootkit might have set a wake timer (if the firmware allows these) to wake the machine up without user interaction, at which point it can run like normal. Additionally, the rootkit can of course run as usual whenever the system resumes.

    Modern mobile devices (including many laptops) support "connected standby", where the system is not fully paused. This is intended for things like continuing to retrieve email and push notifications, and run alarm clock apps or similar, while "sleeping". A rootkit can probably configure itself to remain active while in this state. It might have limited functionality - I'm not sure how tightly operating in connected standby is restricted - but it can at least maintain a connection to the Internet, and can certainly (at a minimum) wake the system on demand.

    Most PCs also support hibernate mode. In hibernate mode, the system is fully shut down - you can unplug it, remove the battery, and walk away for a year; it'll remember where it was when you wake the system again - so absolutely no code can run in this state. Firmware that supports startup timers can automatically boot (assuming there's power) on a schedule, and software can potentially set a startup timer if it has enough permissions (and the firmware allows them), but the OS (and all of its software) isn't even resident in RAM anymore, much less the CPU, and can't do anything until the machine boots again (at which point it'll restore the OS state from the disk).



Suggested Topics

  • 2
  • 2
  • 2
  • 2
  • 2
  • 2
  • 2
  • 2