Flex Helps Catch A Thief!

Last week, Adobe Platform Evangelist James Ward, attended the Java Posse Roundup 2009 conference in Colorado. James just wrote up a report on this trip, and I just had to share the following excerpt (this is a straight copy and paste, no editing):
The highlight of the trip was a lightning talk about how one of the attendees used a Flex app to recover a friend’s stolen laptop. The presenter discovered that the friend’s stolen laptop was signed into Skype so he sent a message to the thief pretending to think that he was sending a message to his friend. The message asked him to click on a link which took him to a Flex app that started up the webcam and recorded the thief’s face for a few minutes using Red5. They sent the video to the police who recognized the thief and apprehended him and recovered the stolen laptop. That couldn’t have been done with Silverlight, JavaFX, or Ajax!

10 responses to “Flex Helps Catch A Thief!”

  1. John Dowdell Avatar
    John Dowdell

    Howdy Ben, do we know how the webcam was activated without throwing up a permissions dialog? (More info: )
    tx, jd/adobe

  2. Shigeru Avatar

    Good news. But I’m just curious. How did the thief login to the OS?

  3. Ben Forta Avatar
    Ben Forta

    JD, I wondered that too. Would be a good question for James.
    — Ben

  4. Rick Winscot Avatar
    Rick Winscot

    Probably used the privacy settings panel or FP settings manager… and had previously granted permissions for the website to access the camera.

  5. James Ward Avatar
    James Ward

    It did throw up the webcam security dialog but some clever social engineering helped to convince the thief to click the allow button.
    I think the laptop was a Mac so there wasn’t a login required when the lid was opened.
    Just a warning to all the laptop thieves out there: I require a password on my computer when it boots, when it comes out of suspend, and when the screensaver is deactivated. 🙂

  6. Jack Wong Avatar
    Jack Wong

    Glad you got your laptop – but this is a double edged sword. If apps can be made so insecure that a camera can be remotely activated – then this is just ripe for misuse.

  7. James Ward Avatar
    James Ward

    The camera was not remotely activated. The thief had to click the "Allow" button but the presenter used some clever social engineering to convince the thief it was ok to click the button.

  8. David Avatar

    Hey James – I’d be interested in knowing what the "Social Engineering" aspect of your ruse was . What could pique a thief’s interest?

  9. James Ward Avatar
    James Ward

    The thief thought that he was going to get some money by clicking "Allow". And since the text asking the thief to click the button was much bigger than the text in the button itself the thief didn’t bother to actually read what he was allowing.

  10. rose Avatar

    Thanks for your post.

Leave a Reply