Security risk? - Bluetooth device paired with Windows even though onboard Bluetooth is disabled in BIOS

[Guest]

Hi!

 

I had a really weird experience with my desktop computer. Even though Bluetooth was disabled in BIOS, I started hearing audio playback from Momentum 4 wireless Bluetooth headphones after connecting them to Samsung S23. I could also control YouTube playback (start & stop) with the headphones.

 

Background info (Desktop)

 

Windows 11 Pro: Latest updates installed
Asus Z790 Creator: Onboard Bluetooth disabled in BIOS (Bios version 0816)
Asus z790 Creator: Onboard WiFi disabled in Bios (I don't other WiFi devices, either)
Connected devices: Logitech Bolt (Mouse & Keyboard), RME Audio Interface, Kingston SD Reader
Monitor: LG 40WP95C-W, connected via mini Displayport - USB-C cable from RTX 4070 Ti

 

Background info (S23)

 

Latest firmware installed
Latest updates installed

 

What happened?

 

1) Paired Momentum 4 headphones with Samsung S23
2) Installed Sennheiser Smart control app on Samsung S23
3) Updated Momentum 4 firmware

4) Went to my desktop and wondered why I cannot hear the sound
5) Realized that audio playback is coming from Momentum 4 headphones

 

I don't know at which point Windows connected to Momentum 4 headphones

 

Findings

 

Asus Z790: Onboard Bluetooth still disabled
Asus Z790: Onboard WiFi still disabled
Windows 11: Bluetooth on-off switch  not shown
Windows 11: Momentum 4 shown under "Bluetooth & Devices > Devices > Audio"
Windows 11: "System > Sound > Volume Mixer" Momentum 4 shown as Output device and Input device
Smart Control App (S23): "Momentum 4 > Connection Management" Only Galaxy S23 shown, Desktop not shown.

Thus, Sennhaiser Smart Control App doesn't know that Momentum 4 is connected to Windows 11.

 

Replication

 

4) Removed Momentum 4 from Windows 11 "Bluetooth & Devices > Devices > Audio"
5) Could not replicate steps 1-3

 

Notes

 

I should have removed Logitech Bolt receiver while the audio was playing from the headphones just to what happens. However, it was too late when I realized this. I also should have tested what happens if I put other Bluetooth devices in pairing mode.

 

Turning Bluetooth on

 

6) ASUS Z790: Enabled onboard Bluetooth
7) Restarted
8) Connected Momentum 4 to Desktop

 

Findings

 

Windows 11: Momentum 4 shown under "Bluetooth & Devices > Devices > Audio"
Windows 11: Bluetooth on-off switch is shown
Windows 11: "System > Sound > Volume Mixer" Momentum 4 shown as Output device and Input device
Smart Control App (S23): "Momentum 4 > Connection Management" Both Galaxy S23 and Desktop are shown
Windows 11: Audio playback from Momentum 4 headphones works fine

 

Possible diagnosis

 

The following devices don't have a Bluetooth connection: RME Audio Interface, Kingston SD Reader, LG 40WP95C-W1

Thus, there are pretty much only three of explanations that I can think of and all of them seem very unlikely.

 

a) The Bluetooth connection has been formed with Logitech Bolt receiver
b) The onboard Bluetooth device could be on even though it's disabled in BIOS

c) Magic, Voodoo, Aliens or DMT Elves
 

There are no other Bluetooth receivers connected to my desktop.
Samsung S23 and the desktop should not be connected in any other way, either.

 

a) Bolt receiver should not work with other Bluetooth peripherals. "Likewise, both Unifying and Bolt are proprietary technologies from Logitech. Therefore, they're not compatible with wireless peripherals from other brands." (makeuseof.com)
b) I've never heard that devices that are disabled in BIOS could work.

c) Seriously speaking not.

 

Security Risk

 

If peripherals are able to connect to Windows 11 even though Bluetooth is off, this sounds like a security risk.

 

Bios Update

 

I updated Z790 Bios from version 8016 to 0904. I'll be reinstalling Windows 11 in a few days. I will check if I'm able to replicate this issue.

 

Questions

 

1) Do you have any idea how Momentum 4 was able to connect to Windows 11? It there something obvious that I'm just missing?

2) f I don't want my desktop to connect to Bluetooth devices automatically which one of these is a safer option?

a) Enable onboard Bluetooth device and disable Bluetooth from Windows.
b) Disable onboard Bluetooth and hope that this kind of situation doesn't happen again.

 

Thank you!
TK

[OddOod]

Welcome to the forums!
 

1) Windows is still SUPER fucky about BT

2) a is your best option I think. 

3) probably reach out to ASUS and let them know about this. I'm sure they have loads of time because they are definitely not currently trying to put out literal fires /s but still, this is a significant flaw in their design

 

As for "is this a security risk"?
Weeeeeeeeeeell, probably. But when evaluating security risk, always remember to take your threat landscape into account. BT range is pretty short, so an adversary has to be well within 100ft of your tower, so a hacker has to physically visit your property. On top of that they'd have to *know* you had this issue, then develop an exploit for it and use one of the likely many zero days in windows BT to establish presence and persistence in your system.
So, sure, it's doable, but you'd have to be a high value target. Either a criminal kingpin or worth minimum 8 figures. Another risk factor would be being a human rights activist (hit up the EFF, they're pretty good at fighting this for such a small org) or loudly working against RU/NK/CN/IL/IR/SA. But those make you a target of Nation State Actors and, as the saying goes, if Mossad wants into your devices, they are already there. 

[OddOod]

Also, thanks for the significant writeup. You could consider kicking a message to Tech Jesus (Steve from GamersNexus) and see if he's interested in digging deeper. Unlikely, but still worth a shot. 

[Agall]

1 hour ago, TK_24816 said:

Hi!

 

I had a really weird experience with my desktop computer. Even though Bluetooth was disabled in BIOS, I started hearing audio playback from Momentum 4 wireless Bluetooth headphones after connecting them to Samsung S23. I could also control YouTube playback (start & stop) with the headphones.

 

Background info (Desktop)

 

Windows 11 Pro: Latest updates installed
Asus Z790 Creator: Onboard Bluetooth disabled in BIOS (Bios version 0816)
Asus z790 Creator: Onboard WiFi disabled in Bios (I don't other WiFi devices, either)
Connected devices: Logitech Bolt (Mouse & Keyboard), RME Audio Interface, Kingston SD Reader
Monitor: LG 40WP95C-W, connected via mini Displayport - USB-C cable from RTX 4070 Ti

 

Background info (S23)

 

Latest firmware installed
Latest updates installed

 

What happened?

 

1) Paired Momentum 4 headphones with Samsung S23
2) Installed Sennheiser Smart control app on Samsung S23
3) Updated Momentum 4 firmware

4) Went to my desktop and wondered why I cannot hear the sound
5) Realized that audio playback is coming from Momentum 4 headphones

 

I don't know at which point Windows connected to Momentum 4 headphones

 

Findings

 

Asus Z790: Onboard Bluetooth still disabled
Asus Z790: Onboard WiFi still disabled
Windows 11: Bluetooth on-off switch  not shown
Windows 11: Momentum 4 shown under "Bluetooth & Devices > Devices > Audio"
Windows 11: "System > Sound > Volume Mixer" Momentum 4 shown as Output device and Input device
Smart Control App (S23): "Momentum 4 > Connection Management" Only Galaxy S23 shown, Desktop not shown.

Thus, Sennhaiser Smart Control App doesn't know that Momentum 4 is connected to Windows 11.

 

Replication

 

4) Removed Momentum 4 from Windows 11 "Bluetooth & Devices > Devices > Audio"
5) Could not replicate steps 1-3

 

Notes

 

I should have removed Logitech Bolt receiver while the audio was playing from the headphones just to what happens. However, it was too late when I realized this. I also should have tested what happens if I put other Bluetooth devices in pairing mode.

 

Turning Bluetooth on

 

6) ASUS Z790: Enabled onboard Bluetooth
7) Restarted
8) Connected Momentum 4 to Desktop

 

Findings

 

Windows 11: Momentum 4 shown under "Bluetooth & Devices > Devices > Audio"
Windows 11: Bluetooth on-off switch is shown
Windows 11: "System > Sound > Volume Mixer" Momentum 4 shown as Output device and Input device
Smart Control App (S23): "Momentum 4 > Connection Management" Both Galaxy S23 and Desktop are shown
Windows 11: Audio playback from Momentum 4 headphones works fine

 

Possible diagnosis

 

The following devices don't have a Bluetooth connection: RME Audio Interface, Kingston SD Reader, LG 40WP95C-W1

Thus, there are pretty much only three of explanations that I can think of and all of them seem very unlikely.

 

a) The Bluetooth connection has been formed with Logitech Bolt receiver
b) The onboard Bluetooth device could be on even though it's disabled in BIOS

c) Magic, Voodoo, Aliens or DMT Elves
 

There are no other Bluetooth receivers connected to my desktop.
Samsung S23 and the desktop should not be connected in any other way, either.

 

a) Bolt receiver should not work with other Bluetooth peripherals. "Likewise, both Unifying and Bolt are proprietary technologies from Logitech. Therefore, they're not compatible with wireless peripherals from other brands." (makeuseof.com)
b) I've never heard that devices that are disabled in BIOS could work.

c) Seriously speaking not.

 

Security Risk

 

If peripherals are able to connect to Windows 11 even though Bluetooth is off, this sounds like a security risk.

 

Bios Update

 

I updated Z790 Bios from version 8016 to 0904. I'll be reinstalling Windows 11 in a few days. I will check if I'm able to replicate this issue.

 

Questions

 

1) Do you have any idea how Momentum 4 was able to connect to Windows 11? It there something obvious that I'm just missing?

2) f I don't want my desktop to connect to Bluetooth devices automatically which one of these is a safer option?

a) Enable onboard Bluetooth device and disable Bluetooth from Windows.
b) Disable onboard Bluetooth and hope that this kind of situation doesn't happen again.

 

Thank you!
TK

It sounds like the WLAN/BT module isn't disabled in the UEFI. If they both still show up in device manager, then there's something improper with the UEFI. If they don't show up in device manager and are somehow still active, then that's a major issue.

[Guest]

Thank you for the reply, OddOod! Do you think that Asus is the most likely culprit even though the onboard device should be off? Do you see any other possibilities? P.S. I'll contact Steve. Thank you for the idea!
 

[Guest]

3 minutes ago, Agall said:

It sounds like the WLAN/BT module isn't disabled in the UEFI. If they both still show up in device manager, then there's something improper with the UEFI. If they don't show up in device manager and are somehow still active, then that's a major issue.

Both WLAN and BT modules were disabled in BIOS when I had this issue

[Agall]

2 minutes ago, TK_24816 said:

Both WLAN and BT modules were disabled in BIOS when I had this issue

The WLAN and BT should be the same module, its usually the same controller. I point out Device Manager since any recongized device should be listed there with its accompanying driver, so if its showing up there, then the UEFI isn't disabling that device.

[jaslion]

1 hour ago, Timo Korhonen said:

) Bolt receiver should not work with other Bluetooth peripherals. "Likewise, both Unifying and Bolt are proprietary technologies from Logitech. Therefore, they're not compatible with wireless peripherals from other brands." (makeuseof.com)

So I've seen this from multiple brands where there is a bt module for a first handshake and sometimes through some magic fuckery and all planets aligning they take over the connection from a totally different device that somehow at that moment matched enough of a signature and handshake to complete it.

 

 

[Guest]

23 minutes ago, OddOod said:

Welcome to the forums!
 

1) Windows is still SUPER fucky about BT

2) a is your best option I think. 

3) probably reach out to ASUS and let them know about this. I'm sure they have loads of time because they are definitely not currently trying to put out literal fires /s but still, this is a significant flaw in their design

 

As for "is this a security risk"?
Weeeeeeeeeeell, probably. But when evaluating security risk, always remember to take your threat landscape into account. BT range is pretty short, so an adversary has to be well within 100ft of your tower, so a hacker has to physically visit your property. On top of that they'd have to *know* you had this issue, then develop an exploit for it and use one of the likely many zero days in windows BT to establish presence and persistence in your system.
So, sure, it's doable, but you'd have to be a high value target. Either a criminal kingpin or worth minimum 8 figures. Another risk factor would be being a human rights activist (hit up the EFF, they're pretty good at fighting this for such a small org) or loudly working against RU/NK/CN/IL/IR/SA. But those make you a target of Nation State Actors and, as the saying goes, if Mossad wants into your devices, they are already there. 

P.S. Would you also suggest disabling Bluetooth devices in Device manager in addition to switching Bluetooth off in Windows?

[OddOod]

This is *absolutely* an ASUS issue. Windows isn't seeing BT on the board because the board. But Win is also willing to take whatever it can which is a feature, so if the mobo tells it that there is a connected device, it will assume that it's supposed to be there

[OddOod]

1 minute ago, TK_24816 said:

P.S. Would you also suggest disabling Bluetooth devices in Device manager in addition to switching Bluetooth off in Windows?

If it's causing a problem where you aren't getting audio where you want it? Yes. But you should be able to just disable the M4s in Sound > Playback and set your normal as default and it shouldn't happen again

 

[Guest]

9 minutes ago, OddOod said:

If it's causing a problem where you aren't getting audio where you want it? Yes. But you should be able to just disable the M4s in Sound > Playback and set your normal as default and it shouldn't happen again

 

I had no issues with setting back the proper audio playback device. Thank you, though!

[Guest]

16 minutes ago, OddOod said:

This is *absolutely* an ASUS issue. Windows isn't seeing BT on the board because the board. But Win is also willing to take whatever it can which is a feature, so if the mobo tells it that there is a connected device, it will assume that it's supposed to be there

Do you know how this happens in a more technical level? I'd like to understand the details. I'll contact Asus, though.

[Guest]

27 minutes ago, OddOod said:

If it's causing a problem where you aren't getting audio where you want it? Yes. But you should be able to just disable the M4s in Sound > Playback and set your normal as default and it shouldn't happen again

 

I mean that if I try to protect myself from unwanted connections in the future would it be safer to disable the devices? Or is it safer to keep Bluetooth devices on in Device manager and keep Bluetooth switched off in Windows settings?

[Agall]

33 minutes ago, TK_24816 said:

I mean that if I try to protect myself from unwanted connections in the future would it be safer to disable the devices? Or is it safer to keep Bluetooth devices on in Device manager and keep Bluetooth switched off in Windows settings?

If the UEFI is disabling the WLAN/BT module, then you won't see them in Device Manager. If they're showing up as a Bluetooth device and Network adapter in Device Manager, then the UEFI isn't disabling them.

[Guest]

6 minutes ago, Agall said:

If the UEFI is disabling the WLAN/BT module, then you won't see them in Device Manager. If they're showing up as a Bluetooth device and Network adapter in Device Manager, then the UEFI isn't disabling them.

When Momentum 4 was originally connected to Win 11 the first time the on-off switch for Bluetooth in Windows was missing. I assume that Bluetooth devices were not shown in device manager but I'm not 100 % sure. I have Bluetooth disabled at the moment and I'm not seeing any Bluetooth devices in device manager.

[Guest]

This is what's shown in Bluetooth settings once the onboard Bluetooth device is enabled

[Agall]

39 minutes ago, TK_24816 said:

This is what's shown in Bluetooth settings once the onboard Bluetooth device is enabled

Then you should also see in Device Manager under Bluetooth the same Intel device, as well as an Intel WIFI network adapter in the Network Adapter section. If those still show whenever you're 'disabling bluetooth and wifi in the UEFI' then its likely not applying or working properly. Those devices shouldnt show up in Device Manager if they're properly disabled in the UEFI.

[Guest]

20 hours ago, Agall said:

Then you should also see in Device Manager under Bluetooth the same Intel device, as well as an Intel WIFI network adapter in the Network Adapter section. If those still show whenever you're 'disabling bluetooth and wifi in the UEFI' then its likely not applying or working properly. Those devices shouldnt show up in Device Manager if they're properly disabled in the UEFI.

The weird thing is that the devices don't show up in Device manager when onboard Bluetooth is disabled in BIOS. However, the headphones still somehow magically paired with my desktop.

[Agall]

On 5/13/2023 at 8:16 AM, TK_24816 said:

The weird thing is that the devices don't show up in Device manager when onboard Bluetooth is disabled in BIOS. However, the headphones still somehow magically paired with my desktop.

If you have no bluetooth device connected and a bluetooth only headset is connecting, then its connecting via another method. So you either have a rogue bluetooth device that doesn't show in Device Manager, or its something related to your phone and PC.

 

Did you do any of the pairing your phone to your PC?

[OddOod]

12 minutes ago, TK_24816 said:

I had no issues with setting back the proper audio playback device. Thank you, though!

I mean specifically disabling them in that screen, not just setting default back to what you normally use. Then Windows shouldn't ever try to output through them.... in theory.... because windows is sooooo good at audio devices.... smdh. Friggin windows....

 

7 minutes ago, TK_24816 said:

Do you know how this happens in a more technical level? I'd like to understand the details. I'll contact Asus, though.

Know? No. Guess? Sure. 
I think that what is happening is that when you disable it in BIOS, the firmware is like "okay, we won't tell windows about this device", so when windows boots and it asks the chipset "hey, what devices do you have?" it gives the whole list and leaves out the BT adapter. But it doesn't *actually* disable anything by, like, cutting power to it. And there is some watchdog in the firmware that basically watches for any incoming connections and when it sees one it doesn't even stop to check if the adapter is enabled or disabled, it just straight up forwards the handshake to the OS. Windows, being the helpful friendly neighborhood OS it is, say's "Oh cool, a handshake? I know what to do with those" and just establishes the connection and, it being a new audio device, starts using it.

Again, a guess, and I actually had this all typed up on friday but forgot to send it so I'll be eager to see what others say