If someone has an unauthorized remote connection to my computer (not remote login), can they see anything if the browser is 'not' open?
Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Folks, everything you give OP here will be half-digested, then thrown back at you, revealing piles of half-truths and confirmation bias: OP does not draw conclusions from something they understood, they just draw lines between various familiar sounding words and phrases, thinking they actually understood something...
Which then leads to sentences like:
"So root access is important to get hacked, but the browser does not really have to be open, right?"
As a whole, this is actually harmful to understanding security and assessing potential risk, both for OP and others that might pass by here.
Folks, everything you give OP here will be half-digested, then thrown back at you, revealing piles of half-truths and confirmation bias: OP does not draw conclusions from something they understood, they just draw lines between various familiar sounding words and phrases, thinking they actually understood something...
Which then leads to sentences like:
"So root access is important to get hacked, but the browser does not really have to be open, right?"
As a whole, this is actually harmful to understanding security and assessing potential risk, both for OP and others that might pass by here.
Was thinking this same thing; reminds me of the four other posters in recent memory that have 'hackers' after them.
While vast majority of malware aimed at the desktop is written to infect Windows systems; for one thing, a lot of that malware set's itself to be started when the system starts, and then will monitor things like, running processes, opened files, websites visited, keystrokes, etc. An important point is that, none of that requires any web browser to actually be "open"/running.
For seconds, it's entirely possible to write the same sort of malware for any system, including Linux distro's. There was the "Hand of Thief" malware written for Linux, which will monitor things like which files are opened, running processes, websites visited, etc I believe. From what I remember, it did rely on the user explicitly becoming root themselves to get superuser rights, otherwise it was limited to running under the current user - because it didn't have the code to crack Linux's user privilege system. Again, it doesn't rely on any web browser running for malware to do it's business, regardless of the operating system being used.
Interest from malware developers to target Linux more will only increase. Although, a lot of recent Linux malware is more aimed at server Linux, bar maybe "cryptomining" malware. Also, in a lot of cases, Linux makes a good "distribution point" for malware - even if Linux itself isn't directly effected itself. Because Linux machines usually stay up for long periods of time without requiring a reboot, and well, there's a lot of Linux servers around.
What about the IME-Intel Management Engine start before the actual os ? The VNC Vieweruses this and can operate in safe mode even after a re-boot,can be used to install anything. I think this is how most infections we hear about are occuring, installed by default in servers-VPS presents a serious risk. I forgot to mention AMD has the same thing, most likely mobile phones have the same thing, like the gov. required chip`s for tracking.
Last edited by TokTok; 10-05-2019 at 12:01 PM.
Reason: Need to include something
While vast majority of malware aimed at the desktop is written to infect Windows systems; for one thing, a lot of that malware set's itself to be started when the system starts, and then will monitor things like, running processes, opened files, websites visited, keystrokes, etc. An important point is that, none of that requires any web browser to actually be "open"/running.
For seconds, it's entirely possible to write the same sort of malware for any system, including Linux distro's. There was the "Hand of Thief" malware written for Linux, which will monitor things like which files are opened, running processes, websites visited, etc I believe. From what I remember, it did rely on the user explicitly becoming root themselves to get superuser rights, otherwise it was limited to running under the current user - because it didn't have the code to crack Linux's user privilege system. Again, it doesn't rely on any web browser running for malware to do it's business, regardless of the operating system being used.
Interest from malware developers to target Linux more will only increase. Although, a lot of recent Linux malware is more aimed at server Linux, bar maybe "cryptomining" malware. Also, in a lot of cases, Linux makes a good "distribution point" for malware - even if Linux itself isn't directly effected itself. Because Linux machines usually stay up for long periods of time without requiring a reboot, and well, there's a lot of Linux servers around.
...
Thanks for the input! The key word in my question is the word "see". Maybe I didn't make it clear what I meant by this word, and that is my fault. Simply, I was asking if the hacker can visually see my monitor / screen.
I have been told in the past that if my browser is not open when someone has remote access to my computer, concomitant with them "not" having the desktop password, that they can notvisuallysee my monitor. That's what I was asking 100% - I should have made that point clearer. But I am glad to have had you mention some of the other things that could possibly go on.
However, from what I have read, 'outside of the visual aspect', a hacker can not install keyloggers in linux without root access.
As you mentioned, "From what I remember, it did rely on the user explicitly becoming root themselves to get superuser rights, otherwise it was limited to running under the current user - because it didn't have the code to crack Linux's user privilege system."
Thus, as I don't know one way or the other, I wonder if root access is needed for the following that you mentioned: running processes, opened files, websites visited? My guess would be no.
If your machine is infected then you have to assume that whoever it is can see anything and everything you are doing, can access anything you can access, can see any files you open, can record every single thing you type on the keyboard including bank details, passwords, root password, ANYTHING. Doesn't matter if a browser or anything is open or closed you have to assume that they have access to everything you have access to.
Thanks. If you believe that they can visually see my monitor's screen without any browser open, has anyone ever shown a way that this could be achieved? In other words, is it 'really' known that someone can see my monitor's screen when there is no active browser? Thank you.
Thanks. If you believe that they can visually see my monitor's screen without any browser open, has anyone ever shown a way that this could be achieved? In other words, is it 'really' known that someone can see my monitor's screen when there is no active browser? Thank you.
Take your pick from https://attack.mitre.org/techniques/T1113/ although as you don't actually want to believe what I've told you I'm sure you won't believe the other 100 sources mentioned on that page.
Take your pick from https://attack.mitre.org/techniques/T1113/ although as you don't actually want to believe what I've told you I'm sure you won't believe the other 100 sources mentioned on that page.
I'm just trying to discern what is proven, and what is theory, plus, I have different experts telling me different things. Basically, by asking, I am researching to come to a conclusion. Thanks.
update: I did look at the link - very interesting.
I think the key aspect is what any piece of malware is designed to do. It might be that to visually see what is on your screen, a piece of malware could be written to send images back to base - that would not necessarily require root privileges (would it?). So if you can take screenshots or record your desktop without root - perhaps malware can also.
Probably a more pragmatic approach is to learn how to monitor your own system, you could then keep an eye on things and it should become quite apparent if anything dodgy is happening.
By "under X", I meant, when running X Windows, which is the traditional graphics system for Unix-like OSes. Wayland is a newer replacement, optionally used in some Linux distributions.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
