Can hackers enable the camera after the user disabled it? [on hold]Are there any webcams which can take camera-quality photos?Flash Player crashes after accessing to cameraCan I use a Canon SX 30 camera as webcam?Can I use the iSight Camera as a mirror?How is it possible for a person to upload files to a site they don't have credentials to?Change the camera that the Windows 10 camera app uses.I got a strange banner on Chrome asking me to “update my account”. Is it legitimate, or is it some sort of malware?Clean Windows 10 install assigns my account name as the first 5 characters of my email addressDisabled Cortana, how to enable it now?Enable Sony camera and mic unit for Mac
Who filmed the Apollo 11 trans-lunar injection?
Execute command on shell command output
Hostile Divisor Numbers
Gerrymandering Puzzle - Rig the Election
How did the Apollo guidance computer handle parity bit errors?
weird pluperfect subjunctive in Eutropius
How to pass query parameters in URL in Salesforce Summer 19 Release?
What's the 2-minute timer on mobile Deutsche Bahn tickets?
Which US defense organization would respond to an invasion like this?
My large rocket is still flipping over
Has the United States ever had a non-Christian President?
Copy previous line to current line from text file
Dihedral group D4 composition with custom labels
Can my 2 children, aged 10 and 12, who are US citizens, travel to the USA on expired American passports?
Is 'contemporary' ambiguous and if so is there a better word?
How to deal with employer who keeps me at work after working hours
Switch Function Not working Properly
Clarification of algebra in moment generating functions
How do I allocate more memory to an app on Sheepshaver running Mac OS 9?
All superlinear runtime algorithms are asymptotically equivalent to convex function?
How to remap repeating commands i.e. <number><command>?
Endgame puzzle: How to avoid stalemate and win?
Table coloring doesn't extend all the way with makecell
Drawing an hexagonal cone in TikZ 2D
Can hackers enable the camera after the user disabled it? [on hold]
Are there any webcams which can take camera-quality photos?Flash Player crashes after accessing to cameraCan I use a Canon SX 30 camera as webcam?Can I use the iSight Camera as a mirror?How is it possible for a person to upload files to a site they don't have credentials to?Change the camera that the Windows 10 camera app uses.I got a strange banner on Chrome asking me to “update my account”. Is it legitimate, or is it some sort of malware?Clean Windows 10 install assigns my account name as the first 5 characters of my email addressDisabled Cortana, how to enable it now?Enable Sony camera and mic unit for Mac
.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty height:90px;width:728px;box-sizing:border-box;
A person I know got a spam email saying to pay a ransom of 1000$ for his personal information. The spammer sent him an old password he used in an old email as proof; the email is linked to his facebook account.
He is afraid the hacker had access to his camera and his personal information and info related to work. Is there a way the hacker could have enabled the camera and started recording after the user disabled it?
Note that the laptop doesn't have any real protection, just Windows Defender and firewall. He found the webcam was enabled after disabling it. Also, can windows enable the camera on its own after an update?
windows-10 security webcam
edited 2 days ago
Stormblessed
1087
asked May 1 at 21:07
SG_MTSSG_MTS
4514
New contributor
SG_MTS is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
put on hold as off-topic by Ramhound, Jason, Dmitry Grigoryev, Dave M, DavidPostill♦ 2 days ago
This question appears to be off-topic. The users who voted to close gave this specific reason:
- "This question is not about computer hardware or software, within the scope defined in the help center." – Ramhound, Dmitry Grigoryev, Dave M, DavidPostill
|
show 3 more comments
A person I know got a spam email saying to pay a ransom of 1000$ for his personal information. The spammer sent him an old password he used in an old email as proof; the email is linked to his facebook account.
He is afraid the hacker had access to his camera and his personal information and info related to work. Is there a way the hacker could have enabled the camera and started recording after the user disabled it?
Note that the laptop doesn't have any real protection, just Windows Defender and firewall. He found the webcam was enabled after disabling it. Also, can windows enable the camera on its own after an update?
windows-10 security webcam
edited 2 days ago
Stormblessed
1087
asked May 1 at 21:07
SG_MTSSG_MTS
4514
New contributor
SG_MTS is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
put on hold as off-topic by Ramhound, Jason, Dmitry Grigoryev, Dave M, DavidPostill♦ 2 days ago
This question appears to be off-topic. The users who voted to close gave this specific reason:
- "This question is not about computer hardware or software, within the scope defined in the help center." – Ramhound, Dmitry Grigoryev, Dave M, DavidPostill
2
I'm voting to close this question as off-topic because its a fake scenario.
– Jason
May 1 at 23:19
8
@Jason, yes this is a common scam, but is it a legitimate question? Can hackers enable the camera after the user has disabled it?
– Jay
May 2 at 1:48
2
"laptop doesn't have any real protection. just windows defender and firewall." Sounds real to me. What do you want? A security guard patrolling?
– sbecker
2 days ago
2
@Jason I don’t understand your comment. What makes you think this is a fake scenario? Do you not believe that SG_MTS has an acquaintance who received one of these very common scam mails and is nervous? Do you not believe that he found the camera enabled in the settings after previously disabling it? Nothing about the scenario seems likely to be fake to me.
– Janus Bahs Jacquet
2 days ago
"The spammer sent him an old password he used in an old email as proof" Used in or used for?
– Acccumulation
2 days ago
|
show 3 more comments
A person I know got a spam email saying to pay a ransom of 1000$ for his personal information. The spammer sent him an old password he used in an old email as proof; the email is linked to his facebook account.
He is afraid the hacker had access to his camera and his personal information and info related to work. Is there a way the hacker could have enabled the camera and started recording after the user disabled it?
Note that the laptop doesn't have any real protection, just Windows Defender and firewall. He found the webcam was enabled after disabling it. Also, can windows enable the camera on its own after an update?
windows-10 security webcam
edited 2 days ago
Stormblessed
1087
asked May 1 at 21:07
SG_MTSSG_MTS
4514
New contributor
SG_MTS is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
A person I know got a spam email saying to pay a ransom of 1000$ for his personal information. The spammer sent him an old password he used in an old email as proof; the email is linked to his facebook account.
He is afraid the hacker had access to his camera and his personal information and info related to work. Is there a way the hacker could have enabled the camera and started recording after the user disabled it?
Note that the laptop doesn't have any real protection, just Windows Defender and firewall. He found the webcam was enabled after disabling it. Also, can windows enable the camera on its own after an update?
windows-10 security webcam
windows-10 security webcam
edited 2 days ago
Stormblessed
1087
asked May 1 at 21:07
SG_MTSSG_MTS
4514
New contributor
SG_MTS is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
edited 2 days ago
Stormblessed
1087
asked May 1 at 21:07
SG_MTSSG_MTS
4514
New contributor
SG_MTS is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
edited 2 days ago
Stormblessed
1087
edited 2 days ago
Stormblessed
1087
edited 2 days ago
Stormblessed
1087
1087
asked May 1 at 21:07
SG_MTSSG_MTS
4514
New contributor
SG_MTS is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
asked May 1 at 21:07
SG_MTSSG_MTS
4514
asked May 1 at 21:07
SG_MTSSG_MTS
4514
4514
New contributor
SG_MTS is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
New contributor
SG_MTS is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
SG_MTS is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
put on hold as off-topic by Ramhound, Jason, Dmitry Grigoryev, Dave M, DavidPostill♦ 2 days ago
This question appears to be off-topic. The users who voted to close gave this specific reason:
- "This question is not about computer hardware or software, within the scope defined in the help center." – Ramhound, Dmitry Grigoryev, Dave M, DavidPostill
put on hold as off-topic by Ramhound, Jason, Dmitry Grigoryev, Dave M, DavidPostill♦ 2 days ago
This question appears to be off-topic. The users who voted to close gave this specific reason:
- "This question is not about computer hardware or software, within the scope defined in the help center." – Ramhound, Dmitry Grigoryev, Dave M, DavidPostill
2
I'm voting to close this question as off-topic because its a fake scenario.
– Jason
May 1 at 23:19
8
@Jason, yes this is a common scam, but is it a legitimate question? Can hackers enable the camera after the user has disabled it?
– Jay
May 2 at 1:48
2
"laptop doesn't have any real protection. just windows defender and firewall." Sounds real to me. What do you want? A security guard patrolling?
– sbecker
2 days ago
2
@Jason I don’t understand your comment. What makes you think this is a fake scenario? Do you not believe that SG_MTS has an acquaintance who received one of these very common scam mails and is nervous? Do you not believe that he found the camera enabled in the settings after previously disabling it? Nothing about the scenario seems likely to be fake to me.
– Janus Bahs Jacquet
2 days ago
"The spammer sent him an old password he used in an old email as proof" Used in or used for?
– Acccumulation
2 days ago
|
show 3 more comments
2
I'm voting to close this question as off-topic because its a fake scenario.
– Jason
May 1 at 23:19
8
@Jason, yes this is a common scam, but is it a legitimate question? Can hackers enable the camera after the user has disabled it?
– Jay
May 2 at 1:48
2
"laptop doesn't have any real protection. just windows defender and firewall." Sounds real to me. What do you want? A security guard patrolling?
– sbecker
2 days ago
2
@Jason I don’t understand your comment. What makes you think this is a fake scenario? Do you not believe that SG_MTS has an acquaintance who received one of these very common scam mails and is nervous? Do you not believe that he found the camera enabled in the settings after previously disabling it? Nothing about the scenario seems likely to be fake to me.
– Janus Bahs Jacquet
2 days ago
"The spammer sent him an old password he used in an old email as proof" Used in or used for?
– Acccumulation
2 days ago
2
2
I'm voting to close this question as off-topic because its a fake scenario.
– Jason
May 1 at 23:19
I'm voting to close this question as off-topic because its a fake scenario.
– Jason
May 1 at 23:19
8
8
@Jason, yes this is a common scam, but is it a legitimate question? Can hackers enable the camera after the user has disabled it?
– Jay
May 2 at 1:48
@Jason, yes this is a common scam, but is it a legitimate question? Can hackers enable the camera after the user has disabled it?
– Jay
May 2 at 1:48
2
2
"laptop doesn't have any real protection. just windows defender and firewall." Sounds real to me. What do you want? A security guard patrolling?
– sbecker
2 days ago
"laptop doesn't have any real protection. just windows defender and firewall." Sounds real to me. What do you want? A security guard patrolling?
– sbecker
2 days ago
2
2
@Jason I don’t understand your comment. What makes you think this is a fake scenario? Do you not believe that SG_MTS has an acquaintance who received one of these very common scam mails and is nervous? Do you not believe that he found the camera enabled in the settings after previously disabling it? Nothing about the scenario seems likely to be fake to me.
– Janus Bahs Jacquet
2 days ago
@Jason I don’t understand your comment. What makes you think this is a fake scenario? Do you not believe that SG_MTS has an acquaintance who received one of these very common scam mails and is nervous? Do you not believe that he found the camera enabled in the settings after previously disabling it? Nothing about the scenario seems likely to be fake to me.
– Janus Bahs Jacquet
2 days ago
"The spammer sent him an old password he used in an old email as proof" Used in or used for?
– Acccumulation
2 days ago
"The spammer sent him an old password he used in an old email as proof" Used in or used for?
– Acccumulation
2 days ago
|
show 3 more comments
3 Answers
3
active
oldest
votes
These emails are all scams. I get them and I don't even have a webcam on my desktop.
In theory a dedicated attacker could have done this, if they got in and used a privilege-escalation exploit to get kernel access.
But AFAIK typically randomly-targeted attacks for extortion purposes aren't going to be worth the risk of burning an unknown / unpatched 0-day exploit, so unless your computer doesn't get security updates, the chances of a casual attacker actually getting in are basically zero. And the amount of effort they'd have to put in (downloading watching videos of random people from the camera) to actually find people doing anything embarrassing is way higher than just making stuff up!
So the real risk is if you are a high-value target for some attacker, like maybe they want to read papers on your desk near your computer. Or the screen of another nearby device. They wouldn't be sending you blackmail emails about it.
There are no physical interlocks that would prevent the camera from being enabled without a physical keyboard press or physical mouse click. It's all software. AFAIK it's usually fairly secure software, behind multiple layers of protection (like it would require a kernel exploit to silently enable the camera without user interaction).
The only way to be sure is to physically cover the lens of your camera, and/or not point it at yourself when not using it. Just like the only way to be sure your computer isn't cracked is to keep it powered off (physically unplugged), and preferably encased in concrete, at the bottom of the ocean.
I think I've seen some laptops with a flap you can slide over the camera, possibly to protect the lens from dirt, or maybe privacy was one of the intended uses. Some stand-alone USB webcams have a physical lens-cover slider or iris.
Built-in microphones are more insidious because they're not directional.
answered May 2 at 2:39
Peter CordesPeter Cordes
2,7451623
1
The only way to be sure is to physically cover the lens of your camera, or unplug it (tricky but possible inside a laptop). That disables the microphone as well.
– Chris H
2 days ago
Just like the only way to be sure your computer isn't cracked it is to keep it powered off (physically unplugged), and preferably encased in concrete, at the bottom of the ocean. Wouldn't a vulcano's lava do the job either?
– Barrosy
yesterday
1
@Barrosy: no, that's how you securely delete your data once you no longer want the computer.
– Peter Cordes
yesterday
Oh you want to retrieve the device by fishing it up again from the deepest of oceans and pull it out of the concrete? Got it.
– Barrosy
yesterday
1
@Barrosy: I believe the optimal deletion procedure is to throw it in the volcano still in the concrete, so it stays protected until the heat penetrates the concrete and melts the silicon and/or iron oxide that were storing your data. (After first demagnetizing it at the Curie temperature). Fun fact: I don't think concrete actually melts at lava temperatures like 800 to 1200 Celsius. en.wikipedia.org/wiki/Concrete_degradation#Thermal_damage says it turns brown over ~1000 °C and is weakened. reference.com/science/melting-point-concrete-ac28d5cb2b50ed99 says thousands.
– Peter Cordes
yesterday
|
show 1 more comment
This is a well-known scam. as uSlackr describes. But that doesn't mean it can't be done. People are always finding new exploits. Everything can't be done until someone figures out how to do it. With hacking, the safe assumption is to assume almost anything is, or will be, possible, so take precautions.
For example, no hacker can make the camera see through painter's or gaffer's tape if you leave a flap of it in place when you don't actually need the camera.
But taking precautions is different from reacting to a claim that somebody actually did it to you.
Some scams work because there actually is such an exploit, making it seem more credible even if it wasn't used on you. There are lots of things that can be done by a very proficient, motivated, hacker. Intelligence agencies, with the resources of a government behind them, can pull off some pretty fancy spy craft.
When you have been told that someone hacked your system, part of evaluating the potential truth of it is to weigh the scenarios. You can never completely rule out that someone might potentially have done it, but you can compare likelihoods. If you aren't a valuable target (foreign dignitary, owner of really valuable secrets, a terrorist, etc.), it isn't too likely that someone is going to invest serious time, money, and effort to hack your system. If you're going to be a "hacking" victim, it's much more likely that it will be some simple target of opportunity or just a scam, where there wasn't actually any hack.
The scam you mention relies on easily available information, the human nature of the victim, and requires no actual hacking. Why would anyone go to the trouble of hacking your system when they can fake out a lot of people without really doing anything?
When a well-known scam like this is going around, the odds heavily favor that you're a scam victim rather than an actual hacking victim. There's an old aphorism coined by a medical school professor about not jumping to an exotic medical diagnosis when a more commonplace explanation is more likely: "When you hear hoofbeats, think of horses not zebras."
answered May 2 at 2:57
fixer1234fixer1234
20k145085
"The scam you mention relies on easily available information" Passwords are easily available information?
– Acccumulation
2 days ago
@Acccumulation, unfortunately, yes. See forest's comment on uSlackr's answer. And while that person doesn't use the data troves available on "darknet" sites, there have been huge hacks of personal data from major Internet players, and it is available. It isn't necessarily current info (after people have been affected by a breach, hopefully they change their passwords). But when they get a notice from a scammer containing an old password or other personal data, people forget that the breaches were in the news and fall for the story of it having been obtained by hacking the user's computer.
– fixer1234
2 days ago
add a comment |
There are a lot of factors that could be at play here. The short answer is yes, malware can enable a camera on a laptop even if the user disabled it. While Windows defender provides SOME protection, I would recommend getting some true anti-malware software such as Kaspersky or Trend Micro and scan the computer.
Seeing as the scammer sent an old password, my guess is there is a key logger on the computer (a piece of malicious code that records what buttons are pressed) and that's how the information was harvested
answered May 1 at 21:14
r0ninr0nin
111
New contributor
r0nin is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
7
There is little real risk here of a keylogger. I have received a hundred threatening email in the past year that references an ancient password.
– uSlackr
May 1 at 21:54
4
It is much more likely that this password was decrypted from one of thousands of leaked user databases. Plugging the email into haveibeenpwned.com should confirm that your password/email combo is in fact public knowledge.
– Aron
May 2 at 1:25
add a comment |
3 Answers
3
active
oldest
votes
3 Answers
3
active
oldest
votes
active
oldest
votes
active
oldest
votes
These emails are all scams. I get them and I don't even have a webcam on my desktop.
In theory a dedicated attacker could have done this, if they got in and used a privilege-escalation exploit to get kernel access.
But AFAIK typically randomly-targeted attacks for extortion purposes aren't going to be worth the risk of burning an unknown / unpatched 0-day exploit, so unless your computer doesn't get security updates, the chances of a casual attacker actually getting in are basically zero. And the amount of effort they'd have to put in (downloading watching videos of random people from the camera) to actually find people doing anything embarrassing is way higher than just making stuff up!
So the real risk is if you are a high-value target for some attacker, like maybe they want to read papers on your desk near your computer. Or the screen of another nearby device. They wouldn't be sending you blackmail emails about it.
There are no physical interlocks that would prevent the camera from being enabled without a physical keyboard press or physical mouse click. It's all software. AFAIK it's usually fairly secure software, behind multiple layers of protection (like it would require a kernel exploit to silently enable the camera without user interaction).
The only way to be sure is to physically cover the lens of your camera, and/or not point it at yourself when not using it. Just like the only way to be sure your computer isn't cracked is to keep it powered off (physically unplugged), and preferably encased in concrete, at the bottom of the ocean.
I think I've seen some laptops with a flap you can slide over the camera, possibly to protect the lens from dirt, or maybe privacy was one of the intended uses. Some stand-alone USB webcams have a physical lens-cover slider or iris.
Built-in microphones are more insidious because they're not directional.
answered May 2 at 2:39
Peter CordesPeter Cordes
2,7451623
1
The only way to be sure is to physically cover the lens of your camera, or unplug it (tricky but possible inside a laptop). That disables the microphone as well.
– Chris H
2 days ago
Just like the only way to be sure your computer isn't cracked it is to keep it powered off (physically unplugged), and preferably encased in concrete, at the bottom of the ocean. Wouldn't a vulcano's lava do the job either?
– Barrosy
yesterday
1
@Barrosy: no, that's how you securely delete your data once you no longer want the computer.
– Peter Cordes
yesterday
Oh you want to retrieve the device by fishing it up again from the deepest of oceans and pull it out of the concrete? Got it.
– Barrosy
yesterday
1
@Barrosy: I believe the optimal deletion procedure is to throw it in the volcano still in the concrete, so it stays protected until the heat penetrates the concrete and melts the silicon and/or iron oxide that were storing your data. (After first demagnetizing it at the Curie temperature). Fun fact: I don't think concrete actually melts at lava temperatures like 800 to 1200 Celsius. en.wikipedia.org/wiki/Concrete_degradation#Thermal_damage says it turns brown over ~1000 °C and is weakened. reference.com/science/melting-point-concrete-ac28d5cb2b50ed99 says thousands.
– Peter Cordes
yesterday
|
show 1 more comment
These emails are all scams. I get them and I don't even have a webcam on my desktop.
In theory a dedicated attacker could have done this, if they got in and used a privilege-escalation exploit to get kernel access.
But AFAIK typically randomly-targeted attacks for extortion purposes aren't going to be worth the risk of burning an unknown / unpatched 0-day exploit, so unless your computer doesn't get security updates, the chances of a casual attacker actually getting in are basically zero. And the amount of effort they'd have to put in (downloading watching videos of random people from the camera) to actually find people doing anything embarrassing is way higher than just making stuff up!
So the real risk is if you are a high-value target for some attacker, like maybe they want to read papers on your desk near your computer. Or the screen of another nearby device. They wouldn't be sending you blackmail emails about it.
There are no physical interlocks that would prevent the camera from being enabled without a physical keyboard press or physical mouse click. It's all software. AFAIK it's usually fairly secure software, behind multiple layers of protection (like it would require a kernel exploit to silently enable the camera without user interaction).
The only way to be sure is to physically cover the lens of your camera, and/or not point it at yourself when not using it. Just like the only way to be sure your computer isn't cracked is to keep it powered off (physically unplugged), and preferably encased in concrete, at the bottom of the ocean.
I think I've seen some laptops with a flap you can slide over the camera, possibly to protect the lens from dirt, or maybe privacy was one of the intended uses. Some stand-alone USB webcams have a physical lens-cover slider or iris.
Built-in microphones are more insidious because they're not directional.
answered May 2 at 2:39
Peter CordesPeter Cordes
2,7451623
1
The only way to be sure is to physically cover the lens of your camera, or unplug it (tricky but possible inside a laptop). That disables the microphone as well.
– Chris H
2 days ago
Just like the only way to be sure your computer isn't cracked it is to keep it powered off (physically unplugged), and preferably encased in concrete, at the bottom of the ocean. Wouldn't a vulcano's lava do the job either?
– Barrosy
yesterday
1
@Barrosy: no, that's how you securely delete your data once you no longer want the computer.
– Peter Cordes
yesterday
Oh you want to retrieve the device by fishing it up again from the deepest of oceans and pull it out of the concrete? Got it.
– Barrosy
yesterday
1
@Barrosy: I believe the optimal deletion procedure is to throw it in the volcano still in the concrete, so it stays protected until the heat penetrates the concrete and melts the silicon and/or iron oxide that were storing your data. (After first demagnetizing it at the Curie temperature). Fun fact: I don't think concrete actually melts at lava temperatures like 800 to 1200 Celsius. en.wikipedia.org/wiki/Concrete_degradation#Thermal_damage says it turns brown over ~1000 °C and is weakened. reference.com/science/melting-point-concrete-ac28d5cb2b50ed99 says thousands.
– Peter Cordes
yesterday
|
show 1 more comment
These emails are all scams. I get them and I don't even have a webcam on my desktop.
In theory a dedicated attacker could have done this, if they got in and used a privilege-escalation exploit to get kernel access.
But AFAIK typically randomly-targeted attacks for extortion purposes aren't going to be worth the risk of burning an unknown / unpatched 0-day exploit, so unless your computer doesn't get security updates, the chances of a casual attacker actually getting in are basically zero. And the amount of effort they'd have to put in (downloading watching videos of random people from the camera) to actually find people doing anything embarrassing is way higher than just making stuff up!
So the real risk is if you are a high-value target for some attacker, like maybe they want to read papers on your desk near your computer. Or the screen of another nearby device. They wouldn't be sending you blackmail emails about it.
There are no physical interlocks that would prevent the camera from being enabled without a physical keyboard press or physical mouse click. It's all software. AFAIK it's usually fairly secure software, behind multiple layers of protection (like it would require a kernel exploit to silently enable the camera without user interaction).
The only way to be sure is to physically cover the lens of your camera, and/or not point it at yourself when not using it. Just like the only way to be sure your computer isn't cracked is to keep it powered off (physically unplugged), and preferably encased in concrete, at the bottom of the ocean.
I think I've seen some laptops with a flap you can slide over the camera, possibly to protect the lens from dirt, or maybe privacy was one of the intended uses. Some stand-alone USB webcams have a physical lens-cover slider or iris.
Built-in microphones are more insidious because they're not directional.
answered May 2 at 2:39
Peter CordesPeter Cordes
2,7451623
These emails are all scams. I get them and I don't even have a webcam on my desktop.
In theory a dedicated attacker could have done this, if they got in and used a privilege-escalation exploit to get kernel access.
But AFAIK typically randomly-targeted attacks for extortion purposes aren't going to be worth the risk of burning an unknown / unpatched 0-day exploit, so unless your computer doesn't get security updates, the chances of a casual attacker actually getting in are basically zero. And the amount of effort they'd have to put in (downloading watching videos of random people from the camera) to actually find people doing anything embarrassing is way higher than just making stuff up!
So the real risk is if you are a high-value target for some attacker, like maybe they want to read papers on your desk near your computer. Or the screen of another nearby device. They wouldn't be sending you blackmail emails about it.
There are no physical interlocks that would prevent the camera from being enabled without a physical keyboard press or physical mouse click. It's all software. AFAIK it's usually fairly secure software, behind multiple layers of protection (like it would require a kernel exploit to silently enable the camera without user interaction).
The only way to be sure is to physically cover the lens of your camera, and/or not point it at yourself when not using it. Just like the only way to be sure your computer isn't cracked is to keep it powered off (physically unplugged), and preferably encased in concrete, at the bottom of the ocean.
I think I've seen some laptops with a flap you can slide over the camera, possibly to protect the lens from dirt, or maybe privacy was one of the intended uses. Some stand-alone USB webcams have a physical lens-cover slider or iris.
Built-in microphones are more insidious because they're not directional.
answered May 2 at 2:39
Peter CordesPeter Cordes
2,7451623
edited May 2 at 2:44
answered May 2 at 2:39
Peter CordesPeter Cordes
2,7451623
answered May 2 at 2:39
Peter CordesPeter Cordes
2,7451623
answered May 2 at 2:39
Peter CordesPeter Cordes
2,7451623
2,7451623
1
The only way to be sure is to physically cover the lens of your camera, or unplug it (tricky but possible inside a laptop). That disables the microphone as well.
– Chris H
2 days ago
Just like the only way to be sure your computer isn't cracked it is to keep it powered off (physically unplugged), and preferably encased in concrete, at the bottom of the ocean. Wouldn't a vulcano's lava do the job either?
– Barrosy
yesterday
1
@Barrosy: no, that's how you securely delete your data once you no longer want the computer.
– Peter Cordes
yesterday
Oh you want to retrieve the device by fishing it up again from the deepest of oceans and pull it out of the concrete? Got it.
– Barrosy
yesterday
1
@Barrosy: I believe the optimal deletion procedure is to throw it in the volcano still in the concrete, so it stays protected until the heat penetrates the concrete and melts the silicon and/or iron oxide that were storing your data. (After first demagnetizing it at the Curie temperature). Fun fact: I don't think concrete actually melts at lava temperatures like 800 to 1200 Celsius. en.wikipedia.org/wiki/Concrete_degradation#Thermal_damage says it turns brown over ~1000 °C and is weakened. reference.com/science/melting-point-concrete-ac28d5cb2b50ed99 says thousands.
– Peter Cordes
yesterday
|
show 1 more comment
1
The only way to be sure is to physically cover the lens of your camera, or unplug it (tricky but possible inside a laptop). That disables the microphone as well.
– Chris H
2 days ago
Just like the only way to be sure your computer isn't cracked it is to keep it powered off (physically unplugged), and preferably encased in concrete, at the bottom of the ocean. Wouldn't a vulcano's lava do the job either?
– Barrosy
yesterday
1
@Barrosy: no, that's how you securely delete your data once you no longer want the computer.
– Peter Cordes
yesterday
Oh you want to retrieve the device by fishing it up again from the deepest of oceans and pull it out of the concrete? Got it.
– Barrosy
yesterday
1
@Barrosy: I believe the optimal deletion procedure is to throw it in the volcano still in the concrete, so it stays protected until the heat penetrates the concrete and melts the silicon and/or iron oxide that were storing your data. (After first demagnetizing it at the Curie temperature). Fun fact: I don't think concrete actually melts at lava temperatures like 800 to 1200 Celsius. en.wikipedia.org/wiki/Concrete_degradation#Thermal_damage says it turns brown over ~1000 °C and is weakened. reference.com/science/melting-point-concrete-ac28d5cb2b50ed99 says thousands.
– Peter Cordes
yesterday
1
1
The only way to be sure is to physically cover the lens of your camera, or unplug it (tricky but possible inside a laptop). That disables the microphone as well.
– Chris H
2 days ago
The only way to be sure is to physically cover the lens of your camera, or unplug it (tricky but possible inside a laptop). That disables the microphone as well.
– Chris H
2 days ago
Just like the only way to be sure your computer isn't cracked it is to keep it powered off (physically unplugged), and preferably encased in concrete, at the bottom of the ocean. Wouldn't a vulcano's lava do the job either?
– Barrosy
yesterday
Just like the only way to be sure your computer isn't cracked it is to keep it powered off (physically unplugged), and preferably encased in concrete, at the bottom of the ocean. Wouldn't a vulcano's lava do the job either?
– Barrosy
yesterday
1
1
@Barrosy: no, that's how you securely delete your data once you no longer want the computer.
– Peter Cordes
yesterday
@Barrosy: no, that's how you securely delete your data once you no longer want the computer.
– Peter Cordes
yesterday
Oh you want to retrieve the device by fishing it up again from the deepest of oceans and pull it out of the concrete? Got it.
– Barrosy
yesterday
Oh you want to retrieve the device by fishing it up again from the deepest of oceans and pull it out of the concrete? Got it.
– Barrosy
yesterday
1
1
@Barrosy: I believe the optimal deletion procedure is to throw it in the volcano still in the concrete, so it stays protected until the heat penetrates the concrete and melts the silicon and/or iron oxide that were storing your data. (After first demagnetizing it at the Curie temperature). Fun fact: I don't think concrete actually melts at lava temperatures like 800 to 1200 Celsius. en.wikipedia.org/wiki/Concrete_degradation#Thermal_damage says it turns brown over ~1000 °C and is weakened. reference.com/science/melting-point-concrete-ac28d5cb2b50ed99 says thousands.
– Peter Cordes
yesterday
@Barrosy: I believe the optimal deletion procedure is to throw it in the volcano still in the concrete, so it stays protected until the heat penetrates the concrete and melts the silicon and/or iron oxide that were storing your data. (After first demagnetizing it at the Curie temperature). Fun fact: I don't think concrete actually melts at lava temperatures like 800 to 1200 Celsius. en.wikipedia.org/wiki/Concrete_degradation#Thermal_damage says it turns brown over ~1000 °C and is weakened. reference.com/science/melting-point-concrete-ac28d5cb2b50ed99 says thousands.
– Peter Cordes
yesterday
|
show 1 more comment
This is a well-known scam. as uSlackr describes. But that doesn't mean it can't be done. People are always finding new exploits. Everything can't be done until someone figures out how to do it. With hacking, the safe assumption is to assume almost anything is, or will be, possible, so take precautions.
For example, no hacker can make the camera see through painter's or gaffer's tape if you leave a flap of it in place when you don't actually need the camera.
But taking precautions is different from reacting to a claim that somebody actually did it to you.
Some scams work because there actually is such an exploit, making it seem more credible even if it wasn't used on you. There are lots of things that can be done by a very proficient, motivated, hacker. Intelligence agencies, with the resources of a government behind them, can pull off some pretty fancy spy craft.
When you have been told that someone hacked your system, part of evaluating the potential truth of it is to weigh the scenarios. You can never completely rule out that someone might potentially have done it, but you can compare likelihoods. If you aren't a valuable target (foreign dignitary, owner of really valuable secrets, a terrorist, etc.), it isn't too likely that someone is going to invest serious time, money, and effort to hack your system. If you're going to be a "hacking" victim, it's much more likely that it will be some simple target of opportunity or just a scam, where there wasn't actually any hack.
The scam you mention relies on easily available information, the human nature of the victim, and requires no actual hacking. Why would anyone go to the trouble of hacking your system when they can fake out a lot of people without really doing anything?
When a well-known scam like this is going around, the odds heavily favor that you're a scam victim rather than an actual hacking victim. There's an old aphorism coined by a medical school professor about not jumping to an exotic medical diagnosis when a more commonplace explanation is more likely: "When you hear hoofbeats, think of horses not zebras."
answered May 2 at 2:57
fixer1234fixer1234
20k145085
"The scam you mention relies on easily available information" Passwords are easily available information?
– Acccumulation
2 days ago
@Acccumulation, unfortunately, yes. See forest's comment on uSlackr's answer. And while that person doesn't use the data troves available on "darknet" sites, there have been huge hacks of personal data from major Internet players, and it is available. It isn't necessarily current info (after people have been affected by a breach, hopefully they change their passwords). But when they get a notice from a scammer containing an old password or other personal data, people forget that the breaches were in the news and fall for the story of it having been obtained by hacking the user's computer.
– fixer1234
2 days ago
add a comment |
This is a well-known scam. as uSlackr describes. But that doesn't mean it can't be done. People are always finding new exploits. Everything can't be done until someone figures out how to do it. With hacking, the safe assumption is to assume almost anything is, or will be, possible, so take precautions.
For example, no hacker can make the camera see through painter's or gaffer's tape if you leave a flap of it in place when you don't actually need the camera.
But taking precautions is different from reacting to a claim that somebody actually did it to you.
Some scams work because there actually is such an exploit, making it seem more credible even if it wasn't used on you. There are lots of things that can be done by a very proficient, motivated, hacker. Intelligence agencies, with the resources of a government behind them, can pull off some pretty fancy spy craft.
When you have been told that someone hacked your system, part of evaluating the potential truth of it is to weigh the scenarios. You can never completely rule out that someone might potentially have done it, but you can compare likelihoods. If you aren't a valuable target (foreign dignitary, owner of really valuable secrets, a terrorist, etc.), it isn't too likely that someone is going to invest serious time, money, and effort to hack your system. If you're going to be a "hacking" victim, it's much more likely that it will be some simple target of opportunity or just a scam, where there wasn't actually any hack.
The scam you mention relies on easily available information, the human nature of the victim, and requires no actual hacking. Why would anyone go to the trouble of hacking your system when they can fake out a lot of people without really doing anything?
When a well-known scam like this is going around, the odds heavily favor that you're a scam victim rather than an actual hacking victim. There's an old aphorism coined by a medical school professor about not jumping to an exotic medical diagnosis when a more commonplace explanation is more likely: "When you hear hoofbeats, think of horses not zebras."
answered May 2 at 2:57
fixer1234fixer1234
20k145085
"The scam you mention relies on easily available information" Passwords are easily available information?
– Acccumulation
2 days ago
@Acccumulation, unfortunately, yes. See forest's comment on uSlackr's answer. And while that person doesn't use the data troves available on "darknet" sites, there have been huge hacks of personal data from major Internet players, and it is available. It isn't necessarily current info (after people have been affected by a breach, hopefully they change their passwords). But when they get a notice from a scammer containing an old password or other personal data, people forget that the breaches were in the news and fall for the story of it having been obtained by hacking the user's computer.
– fixer1234
2 days ago
add a comment |
This is a well-known scam. as uSlackr describes. But that doesn't mean it can't be done. People are always finding new exploits. Everything can't be done until someone figures out how to do it. With hacking, the safe assumption is to assume almost anything is, or will be, possible, so take precautions.
For example, no hacker can make the camera see through painter's or gaffer's tape if you leave a flap of it in place when you don't actually need the camera.
But taking precautions is different from reacting to a claim that somebody actually did it to you.
Some scams work because there actually is such an exploit, making it seem more credible even if it wasn't used on you. There are lots of things that can be done by a very proficient, motivated, hacker. Intelligence agencies, with the resources of a government behind them, can pull off some pretty fancy spy craft.
When you have been told that someone hacked your system, part of evaluating the potential truth of it is to weigh the scenarios. You can never completely rule out that someone might potentially have done it, but you can compare likelihoods. If you aren't a valuable target (foreign dignitary, owner of really valuable secrets, a terrorist, etc.), it isn't too likely that someone is going to invest serious time, money, and effort to hack your system. If you're going to be a "hacking" victim, it's much more likely that it will be some simple target of opportunity or just a scam, where there wasn't actually any hack.
The scam you mention relies on easily available information, the human nature of the victim, and requires no actual hacking. Why would anyone go to the trouble of hacking your system when they can fake out a lot of people without really doing anything?
When a well-known scam like this is going around, the odds heavily favor that you're a scam victim rather than an actual hacking victim. There's an old aphorism coined by a medical school professor about not jumping to an exotic medical diagnosis when a more commonplace explanation is more likely: "When you hear hoofbeats, think of horses not zebras."
answered May 2 at 2:57
fixer1234fixer1234
20k145085
This is a well-known scam. as uSlackr describes. But that doesn't mean it can't be done. People are always finding new exploits. Everything can't be done until someone figures out how to do it. With hacking, the safe assumption is to assume almost anything is, or will be, possible, so take precautions.
For example, no hacker can make the camera see through painter's or gaffer's tape if you leave a flap of it in place when you don't actually need the camera.
But taking precautions is different from reacting to a claim that somebody actually did it to you.
Some scams work because there actually is such an exploit, making it seem more credible even if it wasn't used on you. There are lots of things that can be done by a very proficient, motivated, hacker. Intelligence agencies, with the resources of a government behind them, can pull off some pretty fancy spy craft.
When you have been told that someone hacked your system, part of evaluating the potential truth of it is to weigh the scenarios. You can never completely rule out that someone might potentially have done it, but you can compare likelihoods. If you aren't a valuable target (foreign dignitary, owner of really valuable secrets, a terrorist, etc.), it isn't too likely that someone is going to invest serious time, money, and effort to hack your system. If you're going to be a "hacking" victim, it's much more likely that it will be some simple target of opportunity or just a scam, where there wasn't actually any hack.
The scam you mention relies on easily available information, the human nature of the victim, and requires no actual hacking. Why would anyone go to the trouble of hacking your system when they can fake out a lot of people without really doing anything?
When a well-known scam like this is going around, the odds heavily favor that you're a scam victim rather than an actual hacking victim. There's an old aphorism coined by a medical school professor about not jumping to an exotic medical diagnosis when a more commonplace explanation is more likely: "When you hear hoofbeats, think of horses not zebras."
answered May 2 at 2:57
fixer1234fixer1234
20k145085
answered May 2 at 2:57
fixer1234fixer1234
20k145085
answered May 2 at 2:57
fixer1234fixer1234
20k145085
answered May 2 at 2:57
fixer1234fixer1234
20k145085
20k145085
"The scam you mention relies on easily available information" Passwords are easily available information?
– Acccumulation
2 days ago
@Acccumulation, unfortunately, yes. See forest's comment on uSlackr's answer. And while that person doesn't use the data troves available on "darknet" sites, there have been huge hacks of personal data from major Internet players, and it is available. It isn't necessarily current info (after people have been affected by a breach, hopefully they change their passwords). But when they get a notice from a scammer containing an old password or other personal data, people forget that the breaches were in the news and fall for the story of it having been obtained by hacking the user's computer.
– fixer1234
2 days ago
add a comment |
"The scam you mention relies on easily available information" Passwords are easily available information?
– Acccumulation
2 days ago
@Acccumulation, unfortunately, yes. See forest's comment on uSlackr's answer. And while that person doesn't use the data troves available on "darknet" sites, there have been huge hacks of personal data from major Internet players, and it is available. It isn't necessarily current info (after people have been affected by a breach, hopefully they change their passwords). But when they get a notice from a scammer containing an old password or other personal data, people forget that the breaches were in the news and fall for the story of it having been obtained by hacking the user's computer.
– fixer1234
2 days ago
"The scam you mention relies on easily available information" Passwords are easily available information?
– Acccumulation
2 days ago
"The scam you mention relies on easily available information" Passwords are easily available information?
– Acccumulation
2 days ago
@Acccumulation, unfortunately, yes. See forest's comment on uSlackr's answer. And while that person doesn't use the data troves available on "darknet" sites, there have been huge hacks of personal data from major Internet players, and it is available. It isn't necessarily current info (after people have been affected by a breach, hopefully they change their passwords). But when they get a notice from a scammer containing an old password or other personal data, people forget that the breaches were in the news and fall for the story of it having been obtained by hacking the user's computer.
– fixer1234
2 days ago
@Acccumulation, unfortunately, yes. See forest's comment on uSlackr's answer. And while that person doesn't use the data troves available on "darknet" sites, there have been huge hacks of personal data from major Internet players, and it is available. It isn't necessarily current info (after people have been affected by a breach, hopefully they change their passwords). But when they get a notice from a scammer containing an old password or other personal data, people forget that the breaches were in the news and fall for the story of it having been obtained by hacking the user's computer.
– fixer1234
2 days ago
add a comment |
There are a lot of factors that could be at play here. The short answer is yes, malware can enable a camera on a laptop even if the user disabled it. While Windows defender provides SOME protection, I would recommend getting some true anti-malware software such as Kaspersky or Trend Micro and scan the computer.
Seeing as the scammer sent an old password, my guess is there is a key logger on the computer (a piece of malicious code that records what buttons are pressed) and that's how the information was harvested
answered May 1 at 21:14
r0ninr0nin
111
New contributor
r0nin is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
7
There is little real risk here of a keylogger. I have received a hundred threatening email in the past year that references an ancient password.
– uSlackr
May 1 at 21:54
4
It is much more likely that this password was decrypted from one of thousands of leaked user databases. Plugging the email into haveibeenpwned.com should confirm that your password/email combo is in fact public knowledge.
– Aron
May 2 at 1:25
add a comment |
There are a lot of factors that could be at play here. The short answer is yes, malware can enable a camera on a laptop even if the user disabled it. While Windows defender provides SOME protection, I would recommend getting some true anti-malware software such as Kaspersky or Trend Micro and scan the computer.
Seeing as the scammer sent an old password, my guess is there is a key logger on the computer (a piece of malicious code that records what buttons are pressed) and that's how the information was harvested
answered May 1 at 21:14
r0ninr0nin
111
New contributor
r0nin is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
7
There is little real risk here of a keylogger. I have received a hundred threatening email in the past year that references an ancient password.
– uSlackr
May 1 at 21:54
4
It is much more likely that this password was decrypted from one of thousands of leaked user databases. Plugging the email into haveibeenpwned.com should confirm that your password/email combo is in fact public knowledge.
– Aron
May 2 at 1:25
add a comment |
There are a lot of factors that could be at play here. The short answer is yes, malware can enable a camera on a laptop even if the user disabled it. While Windows defender provides SOME protection, I would recommend getting some true anti-malware software such as Kaspersky or Trend Micro and scan the computer.
Seeing as the scammer sent an old password, my guess is there is a key logger on the computer (a piece of malicious code that records what buttons are pressed) and that's how the information was harvested
answered May 1 at 21:14
r0ninr0nin
111
New contributor
r0nin is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
There are a lot of factors that could be at play here. The short answer is yes, malware can enable a camera on a laptop even if the user disabled it. While Windows defender provides SOME protection, I would recommend getting some true anti-malware software such as Kaspersky or Trend Micro and scan the computer.
Seeing as the scammer sent an old password, my guess is there is a key logger on the computer (a piece of malicious code that records what buttons are pressed) and that's how the information was harvested
answered May 1 at 21:14
r0ninr0nin
111
New contributor
r0nin is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
answered May 1 at 21:14
r0ninr0nin
111
New contributor
r0nin is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
answered May 1 at 21:14
r0ninr0nin
111
answered May 1 at 21:14
r0ninr0nin
111
111
New contributor
r0nin is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
New contributor
r0nin is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
r0nin is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
7
There is little real risk here of a keylogger. I have received a hundred threatening email in the past year that references an ancient password.
– uSlackr
May 1 at 21:54
4
It is much more likely that this password was decrypted from one of thousands of leaked user databases. Plugging the email into haveibeenpwned.com should confirm that your password/email combo is in fact public knowledge.
– Aron
May 2 at 1:25
add a comment |
7
There is little real risk here of a keylogger. I have received a hundred threatening email in the past year that references an ancient password.
– uSlackr
May 1 at 21:54
4
It is much more likely that this password was decrypted from one of thousands of leaked user databases. Plugging the email into haveibeenpwned.com should confirm that your password/email combo is in fact public knowledge.
– Aron
May 2 at 1:25
7
7
There is little real risk here of a keylogger. I have received a hundred threatening email in the past year that references an ancient password.
– uSlackr
May 1 at 21:54
There is little real risk here of a keylogger. I have received a hundred threatening email in the past year that references an ancient password.
– uSlackr
May 1 at 21:54
4
4
It is much more likely that this password was decrypted from one of thousands of leaked user databases. Plugging the email into haveibeenpwned.com should confirm that your password/email combo is in fact public knowledge.
– Aron
May 2 at 1:25
It is much more likely that this password was decrypted from one of thousands of leaked user databases. Plugging the email into haveibeenpwned.com should confirm that your password/email combo is in fact public knowledge.
– Aron
May 2 at 1:25
add a comment |
2
I'm voting to close this question as off-topic because its a fake scenario.
– Jason
May 1 at 23:19
8
@Jason, yes this is a common scam, but is it a legitimate question? Can hackers enable the camera after the user has disabled it?
– Jay
May 2 at 1:48
2
"laptop doesn't have any real protection. just windows defender and firewall." Sounds real to me. What do you want? A security guard patrolling?
– sbecker
2 days ago
2
@Jason I don’t understand your comment. What makes you think this is a fake scenario? Do you not believe that SG_MTS has an acquaintance who received one of these very common scam mails and is nervous? Do you not believe that he found the camera enabled in the settings after previously disabling it? Nothing about the scenario seems likely to be fake to me.
– Janus Bahs Jacquet
2 days ago
"The spammer sent him an old password he used in an old email as proof" Used in or used for?
– Acccumulation
2 days ago