On the news tonight.


An 'expert' gave a demonstration of hacking into folks computers and then videoing the owners' antics.

They made the unequivocal statement that it could be done while the computer was in sleep mode.

I can only assume this means it can be woken up, but can even this be true? I use sleep mode a lot, and in the Texas heat would hate anyone to see into my den.:\

They made the unequivocal statement that it could be done while the computer was in sleep mode.

Nonsense.

You need the computer to be powered up because without the thing being alive and kicking, the network card won't be fully powered and there won't be much processing taking place taking the bits and bytes from the camera and pushing them down the network link.

In sleep mode, the only thing the computer handles are the low-level activities necessary to awake it from its slumber (i.e. mouse movements, keyboard button presses, specific network card packets).

Technically, "sleep mode" is defined by the industry standard ACPI S3 ... what happens is that the RAM is kept powered in a special low-power mode , but the CPU,cache, chipset and peripherals are powered down (context data from the CPU being saved to the RAM in the form of a "resume handler"). Google "ACPI S3" if you want more nitty gritty detail....

Probably what he meant was that you can wake a sleeping computer and by extension either send no signal to the display or tell it to remain dimmed to zero.

But to wake a computer, you have to be doing it from another device on the same local network (so called "magic packets" are strictly OSI layer 2) ... which means they would have hacked into your infrastructure pretty deeply and so them peering at your bedroom antics would be the least of your concerns.

P.S. Incase you are wondering, for ACPI S4 (or "hibernate") the CPU context gets saved to disk instead of RAM. The RAM then gets powered off too, making hibernate an extra low power standby mode.

When I lived in a country inhabited by straightforward, God-fearing people with no imagination I started a rumour that TV broadcasters could watch you through your TV screen.* This resulted in a number of G---s, whoops, mustn't say which nationality, draping a towel over the TV screen before going to bed.

* Yes I know that some flatscreen TV's now have cameras built in, but this was way back in catholic ray tube days.

I regard this present story as in the same category. BS.

Thank goodness the Rivetess still has a memory,

However, it may have been the announcer that mentioned the sleep mode. Haven't got time to run it through all the way.


Rossen Reports: Criminals use webcams for spying - Video on TODAY.com (http://video.today.msnbc.msn.com/today/50572646#50572646)


The guy doing the pretend hacking for the TV company was well-spoken. They got the teenage girls to show shock horror when he played their bedroom scenes back.

Certainly a message to be careful.



The offending software it seems, or one of them, was some kiddy cartoon picture with ducks and trees. Load that, and the system is compromised.

Problems with the story in that link:

1. activating a laptop webcam puts the light on - it's why the video of the daughters has them looking directly at the camera, they are wondering why the light is on.

2. the sleep mode stuff probably comes from the wake on lan (or wowlan for wireless) confusion - where you can wake a computer up with a magic packet. If it isn't activated in bios it isn't going to work, you also have the 'trying to get through the firewall in the router' issue.

3. The installation vector seems to be a dodgy link and/or flash video. So it also assumes no antivirus software detection.

4. As people are usually assigned a non-static IP address on the internet then the dodgy software would have to connect to the viewer to establish comms. Once again a bit difficult if in sleep mode.

It seems to be a sensationalist version of what the US school was caught doing - where they issued students with laptops already fitted with spying software, disabling any indication of the cam being activated etc. School settles laptop spying case to “protect taxpayers” | Ars Technica (http://arstechnica.com/tech-policy/2010/10/school-settles-laptop-spying-case-to-protect-taxpayers/)

OK guys.....time to wake up to reality

Malware to do this has been around for years - I've even seen it demonstrated at a security exhibition something like ten years ago.
Its a relatively trivial matter to plant malware through some kind of crafted spear fishing on a machine, malware which can create a server on the machine which can activate and control the camera, and in some cases suppress the camera light, and even the front panel LED lights on the PC.
Obviously the machine is not in standby when this happens, but it looks like its in standby

wake on lan (or wowlan for wireless) confusion - where you can wake a computer up with a magic packet. If it isn't activated in bios it isn't going to work, you also have the 'trying to get through the firewall in the router' issue.

As I said.... WoL is OSI Layer 2. You have to be on the same LAN (Local Area Network) subnet in order to send the packets.... the packets are targetted by MAC address. MAC addresses are strictly LAN subnet based....

The only way to get WoL to work accross different subnets and accross the internet is by getting an intermediary device (e.g. server, other PC... whatever) sitting on the target subnet to send the WoL packet on your behalf.

Therefore as I said.... if they manage to send a WoL remotely.... then you've got bigger things to worry about than your bedroom antics being seen .... i.e. completely reformatting and resetting everything on the compromised subnet because you don't know what they hacked into and what can be trusted, as well as doing a thourough security review to prevent it happening again.

One of my children has a ThinkCentre for space-saving reasons.

The built-in camera is switched off in the BIOS (and access to the BIOS is password-protected). I don't really want a teenager having a camera on the PC in their bedroom. :uhoh:

The camera also has a physical cover that can be slid across, so one always has the option of blanking it if it is enabled - beats draping a blanket over it!

SD

Microsoft admits millions of computers could be infected with malware before they're even out of the box - News - Gadgets & Tech - The Independent (http://www.independent.co.uk/life-style/gadgets-and-tech/news/microsoft-admits-millions-of-computers-could-be-infected-with-malware-before-theyre-even-out-of-the-box-8139437.html)

New Android Malware App Turns Phone into Surveillance Device | threatpost (http://threatpost.com/en_us/blogs/new-android-malware-app-turns-phone-surveillance-device-100112)

Scary New Malware Uses Your Smartphone To Map Your House for Robbers (http://gizmodo.com/5947385/scary-new-malware-uses-your-smartphone-to-make-a-map-of-your-house-for-robbers)

One of the guy's from the old days (when we used to hammer the rivet) who took the concept of watching too far... Timperley pervert filmed sex acts as he ogled girls in park - Manchester Evening News (http://www.manchestereveningnews.co.uk/news/local-news/timperley-pervert-filmed-sex-acts-1210206)

But most teenagers webcam themselves and post on *******tube for all to see...



...over 18 of course :\