From this Quora answer:
Years ago when I was in China I was getting updated on cyber security from one of our partnerships.
We were going over everything from basic hacks a 9 year old could do to more sophisticated ones that professional blackhats do. (…)
One of the first things they showed me was how easy it is to get access a camera remotely. And over a dozen different methods of doing it.
Back at my hotel where I was staying at the time, I had a laptop on my desk by my bed which I always left on, but locked.
As well as at my home office in Canada, I had a few laptops there as well I had plugged into a backup battery power bar, so they had about 42 hours total of backup battery should power ever go out. I was using these as self cloud storage’s. So they were on as well.
Within 5 minutes of the lesson just knowing my IP address (for my Canada office) and my QQ chat account on my hotel laptop they had access to my cameras in both my hotel room, and my home office. I was able to see my rooms from the board meeting through the eyes of my camera. And this was an amateur hack, something a 12 year old could learn online. The laptops did all have anti virus.
Not only with cameras. We did microphone as well as other windows processes as well. All basic methods. They were able to push software onto the devices through vulnerabilities in the router/network and other means. (…)
We did some advanced security lessons by which one of the professional consultants showed us how easily he can obtain direct access to devices, not just amateur stuff like cameras.
He was able to get full remote access to my home office laptops in under 4 minutes of his demonstration. Which then he had full mouse/keyboard and screen share on. He was able to access emails, web browser, and over a dozen external harddrives and all contents connected to my network. Prior to that meeting I wasn’t even aware that was possible.
We also did a safety test on my VPS (virtual private server) that I had hosted with Hostmonster and Godaddy at the time. This was a few years ago. I got permission to test our VPS’s security. The consultant wouldn’t do it without permission, which we got from a live chat agent.
Within 4 minutes again he had access to our root VPS server. He bypassed the hosting servers basic security that was loaded by default on our virtual server. He was able to show me the root files of all of my CPANEL accounts that hosted our websites on Magento and WordPress and we were able to make live changes to my sites. To that, I was not happy. I was expecting a lot more security from those hosting companies, not with them anymore though.
This is scary, but apparently this is not an isolated case:
From another Quora answer:
I once took a cyber security course in which one of the instructors hacked into six or seven laptop cameras in the class before the lunch break on the first day. The computers in question were brought by the students, not supplied by the training facility. By the second day, every student in that class had tape over their laptop cameras.
From yet another Quora answer:
Our cyber security team has demonstrated how easy it is to remotely do this [hack a camera], even to an anti-malware & anti-virus protected devices.
If these answers are to be believed, security consultants routinely demonstrate hacking into attendees’ PCs within minutes.
And yet, whenever on this site (SecuritySE) someone says something along the lines of “it takes approximately a few minutes to hack into a device” they’re getting downvoted and/or told they’re wrong (example 1, example 2 is a now deleted answer to this question). Is there not discrepancy here?
Therefore let me ask my question: Do security experts / consultants routinely hack into attendees’ PCs within minutes?