Last week, Adobe Platform Evangelist James Ward, attended the Java Posse Roundup 2009 conference in Colorado. James just wrote up a report on this trip, and I just had to share the following excerpt (this is a straight copy and paste, no editing):
The highlight of the trip was a lightning talk about how one of the attendees used a Flex app to recover a friend’s stolen laptop. The presenter discovered that the friend’s stolen laptop was signed into Skype so he sent a message to the thief pretending to think that he was sending a message to his friend. The message asked him to click on a link which took him to a Flex app that started up the webcam and recorded the thief’s face for a few minutes using Red5. They sent the video to the police who recognized the thief and apprehended him and recovered the stolen laptop. That couldn’t have been done with Silverlight, JavaFX, or Ajax!
Flex Helps Catch A Thief!
10 responses to “Flex Helps Catch A Thief!”
-
Howdy Ben, do we know how the webcam was activated without throwing up a permissions dialog? (More info: http://kb.adobe.com/selfservice/viewContent.do?externalId=tn_16748 )
tx, jd/adobe -
Good news. But I’m just curious. How did the thief login to the OS?
-
JD, I wondered that too. Would be a good question for James.
— Ben -
Probably used the privacy settings panel or FP settings manager… and had previously granted permissions for the website to access the camera.
http://www.macromedia.com/support/documentation/en/flashplayer/help/help05.html#117121 -
It did throw up the webcam security dialog but some clever social engineering helped to convince the thief to click the allow button.
I think the laptop was a Mac so there wasn’t a login required when the lid was opened.
Just a warning to all the laptop thieves out there: I require a password on my computer when it boots, when it comes out of suspend, and when the screensaver is deactivated. 🙂 -
Glad you got your laptop – but this is a double edged sword. If apps can be made so insecure that a camera can be remotely activated – then this is just ripe for misuse.
-
Jack,
The camera was not remotely activated. The thief had to click the "Allow" button but the presenter used some clever social engineering to convince the thief it was ok to click the button.
-James -
Hey James – I’d be interested in knowing what the "Social Engineering" aspect of your ruse was . What could pique a thief’s interest?
Cheers,
David -
The thief thought that he was going to get some money by clicking "Allow". And since the text asking the thief to click the button was much bigger than the text in the button itself the thief didn’t bother to actually read what he was allowing.
-
Thanks for your post.
Leave a Reply