It depends. It’s also extremely unlikely.
I have a love-hate relationship with the sleep function. It puts the computer into low-energy use, pausing active tasks and storing open applications and files in memory. People like it because it keeps the computer powered on and ready to work again.
I love the concept, but I hate most implementations. I often find it results in unexpected behavior. Only if a specific device has proven its sleep function to be generally stable will I use it. It’s a determination I make for every single computer that might sleep, because every machine behaves differently.
So, with that little gripe out of the way, can your computer still get hacked if it’s in sleep mode?
Maybe.
Hacked while asleep?
Your computer can’t get hacked when it’s actually sleeping; it’s basically off. But sometimes computers wake themselves up unexpectedly. You’re fine as long as you use the basic protections that keep you safe while using your computer. Don’t worry too much about it.
The issue with sleep: waking up
If your computer is really sleeping, it is inaccessible and can’t get hacked. It’s as close to being turned off as you can get without removing power.
What many people experience, though, is suddenly finding the machine they thought they’d put in sleep mode awake and running normally. They didn’t tell it to wake up, it just did… on its own.1
For example, one of my older laptops would wake itself up from sleep while in my backpack and then proceed to overheat, as there was no ventilation. Not good. I stopped using sleep mode as a result.
So if the machine is actually sleeping, it can’t get hacked. But if it’s woken itself up somehow, then there’s a risk. It’s not a huge risk if you’ve got basic security in place, but it’s a risk.
Help keep it going by becoming a Patron.
Basic protections are enough
To be hacked, a computer generally needs to be running. To oversimplify, that means either:
- It’s on, and you’re using it.
- It’s on, and you’re not using it. Perhaps you walked away without turning it off, perhaps it woke itself up from sleep, perhaps you just leave your machine on 24 hours a day, as I do.
From a security standpoint, you’re just as vulnerable in either case.
If you follow the basic advice to use your computer safely, you are protected from malware and hacking, whether the machine is idle or active.
If you’ve done that, as you should, then your machine is extremely unlikely to be compromised if you leave it on, whether you’re using it or not.
Using it might even be riskier
If your machine is on and idle — say it woke itself up from sleep or you just leave it running all the time — you’re ever so slightly safer than if you were actively using it.
Why? Because most compromises these days require either of two things:
- A user takes action that violates security guidelines, like downloading and opening an attachment.
- A user falls for a phishing scam and visits a malicious website.
If the machine is idle, there’s no user to take those actions.
What about remaining connected to the internet?
The same argument applies: you’re constantly connected to the internet while you use your computer. As a result, you take steps to ensure that the connection is secure — most notably by using a NAT router. That protects your computer whether you’re actively using it or not.
If the machine wakes up from sleep for some reason, it wakes up protected.
What about hibernation mode?
Everything I’ve described above applies equally to hibernation with one exception: in my experience, computers are somewhat less likely to come out of hibernation on their own.
- If the machine is truly hibernating, then the hardware is literally turned off, and it cannot be compromised.
- If it comes out of hibernation, either accidentally or on purpose, then it’s just a running machine. All of your existing protections are automatically in place, and you’re still extremely unlikely to suffer a random external hack.
Do this
If you use sleep mode, pay attention to whether your device seems to wake up on its own. If it does, factor that possibility into your expectations — maybe don’t put it in a backpack where it could wake up and overheat.
But you don’t really have to worry about it being hacked one way or another. The protections you already have in place to use the machine safely will protect the machine when it is idle.
Subscribe to Confident Computing! Less frustration and more confidence, solutions, answers, and tips in your inbox every week.
“you’re ever so slightly safer than if you were actively using it.
I’d remove “ever so slightly” and have it say “you’re much safer than if you were actively using it.
Most hacks are the result of the PEBCAK, the Problem Existing Between Chair and Keyboard. Phishing and other social engineering account for between 60 and 90% of all hacks.
If you have a computer with an SSD system drive, there’s little reason to use sleep. My computers all start up in between half a minute to a minute. Sleep works, but every so often it messes up.
Sleep keeps RAM powered, so any flaky driver state or memory corruption just carries over. A reboot resets everything, which is why it’s usually more stable
For me it’s worth the extra few extra seconds at boot time to keep things running smoothly.
Thank you! This is a really great article. I have a desktop that I always put into hibernation mode. But, what happens when you just close the lid on a laptop? Does it go into sleep or hibernation mode? Should I be actually putting it into hibernation instead of just closing the lid? I love your daily info newsletters as well as the happy news ones!
Normally the default is to sleep, but it’s controlled by settings in the Power options section of the settings app. It typically can be configured to sleep, hibernate, shut down, or do nothing at all.
1. Leo, you wrote:
“It’s a determination I make for every single computer…”
Share with us, Leo! What steps do you take to make that determination?
2. Several times, I’ve come ou of my bedroom to find my computer on and sitting at the logon screen after I had fully SHUT DOWN!!!
What could cause this?! And (more importantly) what the “H” do I do about it?!??!?!?!?!?
Help!!!
1: I try it for a while.
2: Check wake on (power, lan, network, whatever) settings in UEFI/BIOS.
“What steps do you take to make that determination?”
I can’t speak for Leo, but I can tell you what I do. I uses sleep until there’s a problem with a computer and then I disable sleep on those computers that have issues. I’ve turned of sleep on most of my computers now that all my computers have SSDs, they all start up in 30 to 60 seconds.
I had that problem with a computer. I couldn’t find the source of the problem, so I plugged the machine into an extension cord with a switch and switched it of after I shut down the computer. If the plug is easy to access, you can pull it out.
I disable sleep on all my computers when plugged in, because, like Mark, all my devices have SSDs rather than HDs, and the cost of keeping them constantly active has made little difference in my electric bill. For my desktop device, I disable sleep entirely. For both my laptops, I disable it entirely when plugged in, although I have noticed that sleep extends battery life when not plugged in, so I set it to go to sleep when the lid’s closed. For security purposes, I have both laptops set to do nothing when they’re plugged in and I close the lid, but I have a small app that watches for the lid being closed, and locks the computer for me, so I never have to remember to do it manually. The app’s named ‘LidLock’, and you can get it free from C-Net at https://download.cnet.com/lid-lock/3000-2094_4-76464070.html.
I hope this helps others,
Ernie