On Mon, 10/13/2025 11:34 AM, Mr. Man-wai Chang wrote:
Is it possible to scan for *HIDDEN* network adapters in Windows? :)
If it was HIDDEN wouldn't it be HIDDEN ?
For surreptitious activity you need:
1) A private network stack (hide it in the malware).
2) A piece of hardware which does not present PNP info
so the OS does not know the hardware needs a Windows
driver. The malware has the hardware driver.
The missing ingredient is Ring0 access. An
"exploitable driver" may be able to do this.
Things like "giveio" may punch a hole from
Ring0 to the phantom hardware.
Some Intel NICs have two network interfaces. One
is for the OS to use. One is for the Management Engine
and the copy of Minux that runs on the Management Engine,
to use. You cannot tell from the networking LED flashing
on the router, which side of the NIC is using the
connection.
In the last paragraph then, there are a minimum of two
OSes on the machine, running in parallel and not snooping
into each others business. "HIDDEN" but not particularly
malicious. Consumer computers, the secondary side of the
NIC (I have a couple capable ones) would not be hooked
to anything and would just have pullup resistors on
the pins. Obviously, the AMD systems those are in, don't
have an Intel Management Engine to worry about. They
have whatever AMD offers for Management Engines (not
documented, if there is such a thing).
Remember, that hardware is chock-a-block with processors.
The AMD processor has a Secure Enclave (an ARM core on
an x86 CPU), and we don't really know the totality of
the things. One AMD chip had the prototype of the
Pluton processor inside it, similar to a TPM. The TPM
has a processor and firmware too.
To get out of a PC, you need a wired connection (tough)
or a wireless connection (easy). A Faraday cage around
the PC operating area, will cut down on Microwave activity.
We had walk-in Faraday cages, in Physics labs in the basement
of the Physics buildings. Grad students used to go into
the Faraday cages and do their homework because it
was "quieter in there" :-) A little bit of kooky
physics comedy. The Faraday cages are made of copper
with plenty of air circulation available.
You can get an idea of the dimensions of a walk-in Faraday cage here.
This photo is in black and white. The door on this cage, does not
have any good gasketing that I can see. Our cages would have more
copper and or beryllium-copper around the edges, for a good RF seal
when you close the door.
https://en.wikipedia.org/wiki/Faraday_cage#/media/File:Faraday_cage_at_US_Bureau_of_Standards_1925_-_front.jpg
You would get a good night of sleep in there, as your SmartPhone
cannot receive calls or TikTok packets in there :-)
While your computer could shoot an IR optical beam through the
holes in the copper screening, you need an IR receiver
somewhere in the room to receive the signal.
Modern motherboards have a socket in the I/O row,
for a Wifi adapter, and since that has a good bus
connection on it, that would be a place to
quickly install surreptitious networking hardware.
Users do not check that socket, all that often
(only during the computer build). You cannot see into
the spot while the computer is running, normally. The
one I have, I have pulled the Wifi module out of the
socket, leaving the socket empty. That means the two
Wifi connectors on the I/O plate are missing, as the
module provides those threaded connectors. I don't have
a Wifi router, so don't need the module to be running
all the time.
Paul
--- PyGate Linux v1.0
* Origin: Dragon's Lair, PyGate NNTP<>Fido Gate (3:633/10)
