60

I've been watching videos of scammers being tricked. Frequently, the scammer makes their scam victim install some weird "remote desktop" program claimed to be for tech support purposes. These programs apparently allow the person connecting to the host (victim) computer to "black the screen" so that it becomes impossible for them to see what's being done.

Why would any legitimate "remote desktop" software have such a feature? What non-scam purpose could there be for that?

schroeder
  • 123,438
  • 55
  • 284
  • 319
Cutter
  • 479
  • 1
  • 3
  • 4

3 Answers3

114

So that passers-by cannot see what you are doing on your computer.

If you are connecting remotely to a computer in an office, then everyone could see everything you type and you would not know.

It is a basic, expected, and legitimate feature. (By the way, that's the top 8 remote desktop programs each with a "blank screen" feature for the express purpose of privacy. I could keep looking up more apps, but that would seem to be redundant.)

schroeder
  • 123,438
  • 55
  • 284
  • 319
  • 4
    But wouldn't such a computer already be in a "locked" state in the office? – Cutter Apr 12 '21 at 10:32
  • 50
    Remote control software works differently from Windows's RDP. RDP opens a virtual session mapped to the remote host, and the screen is stick at login. Remote control software streams screen (output of VGA card) remotely and allows dual control from remote virtual mouse and local physical mouse. Passers-by can't see the screen but their random input works – usr-local-ΕΨΗΕΛΩΝ Apr 12 '21 at 11:38
  • 4
    FWIW, while I acknowledge you very well may be right, your explanation of why such a feature is "basic, expected, and legitimate" I do not find convincing. – whatsisname Apr 12 '21 at 21:32
  • 6
    A related situation arises with machines that are connected to video projectors or other public viewing devices. Someone who is diagnosing such a machine remotely may want to be able to see what would be shown to the public if the screen were enabled, without the risk that one might accidentally let the public see something they shouldn't. – supercat Apr 12 '21 at 22:26
  • 13
    @whatsisname it's not an explanation of why. It is a statement of fact. I'm not trying to convince anyone that it should be there. https://community.teamviewer.com/English/kb/articles/50966-teamviewer-black-screen – schroeder Apr 12 '21 at 22:50
  • 22
    @whatsisname The feature allows a technician to protect secrets from being viewed by someone else. Anecdotally, I have an example. I used to work for an ISP. A subscriber called in because their Internet was not working. Did a trace route, found the troublesome router. I called T2 support, which transferred me to a tech. They remoted into my computer; I watched as they telnetted to the server in question, which echoed the username/password. I now had the domain name, username, and password for a router which I could have crippled. A screen blackout feature would have reduced this risk. – phyrfox Apr 12 '21 at 22:52
  • 20
    @whatsisname, ...remember, in corporate environments, the person who's remoting into a system often has more authority over what software a system runs than the person on whose desk it sits. Doubly so in call centers, retail environments, &c. where many staff members have very little authority at all. A call center tool can often have logs or other features that the call-center worker isn't authorized to see, much less use. – Charles Duffy Apr 12 '21 at 23:03
  • 2
    @schroeder: the OP seems skeptical as to the purpose of such an abused feature. If you don't want to convince the OP, why answer the question at all? – whatsisname Apr 12 '21 at 23:58
  • 1
    @whatsisname I guess the fundamental issue is that many useful features can be abused for bad purposes. – Andrew T. Apr 13 '21 at 03:56
  • 13
    @whatsisname it is a statement of fact. If the OP is still skeptical, then the OP can explain the reasons for the skepticism, and we can adjust the answer. But employing a rhetorically-complete answer is inefficient until we understand the basis for the skepticism. – schroeder Apr 13 '21 at 07:43
  • 1
    @phyrfox: A screen blank feature would just have prevented someone who wasn't actuall trying to get the password for malicious purposes from getting it; someone who wanted it would already have had keylogging or memory inspection software running to grab it. All the blanking would have done was give the technician (stupidly) logging in from an untrusted computer (yours) a false sense of security. – R.. GitHub STOP HELPING ICE Apr 14 '21 at 17:51
  • 3
    @R..GitHubSTOPHELPINGICE: A technician should only trust that a remote computer won't have things like key logging installed if administrative access to that machine is limited to people the technician trusts. Someone using remote desktop software on an untrusted computer shouldn't trust its screen blanking features, but remote desktop programs aren't only used on untrusted computers. – supercat Apr 14 '21 at 22:44
  • 1
    @R..GitHubSTOPHELPINGICE that's nice. How is that relevant? So, because it can be circumvented, it shouldn't exist at all? It has no utility? Nothing is "all or nothing". Things have value even if they aren't perfect. – schroeder Apr 14 '21 at 23:29
  • It's not a matter of "all or nothing". It's a matter of having a feature that provides an illusion it's doing something for security, but doesn't, and thereby trains the user to do fundamentally insecure things. – R.. GitHub STOP HELPING ICE Apr 15 '21 at 01:04
  • 1
    @R..GitHubSTOPHELPINGICE then it's not about the feature at all, is it? It's about training the user to understand the limits of the feature. – schroeder Apr 15 '21 at 06:50
65

Another legitimate use that hasn't been mentioned is for kiosk installations.

At a previous job we operated a fair few unattended kioks and would remote into them for maintenance. Showing a blank screen to random members of the public was much better than letting them see us drag around windows, run scripts or commands on the terminal or whatever else we were doing.

coagmano
  • 541
  • 3
  • 8
30

One primary non-scam feature is to allow a technician to remote in to a desktop and use authentication that should not be viewed by the user. I actually worked for an ISP where a tech actually telnetted into a Cisco router that was misbehaving via my computer remotely, and they didn't blank the screen.

Back then, you could have seen the domain name, username, and password. Had I wanted to, I could have captured this information and used it to cripple large portions of the Internet, and it would be virtually untraceable back to me, and the technician who leaked their credentials would have taken the fall.

The same goes for remote workers. In some versions and types of Remote Desktop, the desktop is visible locally. This means that anyone casually sitting at your computer might see you type in usernames, passwords, credit card numbers, and any other PII that you might wish to have hidden from the general public.

Like many tools we use in real life (knives, guns, lock picks, etc), black screens have intended and unintended uses. Black screens protect data leaks and hacks for sensitive systems, and should definitely be used if you're remoting into a remote device and need to protect some data from casual observation.

It's unclear that there's a clear fix for this, because even if you add a "are you sure you wish to allow the remote user to blank your screen and scam you" prompt, people who are gullible enough to install such apps are just as likely to trust the "technician" on the other end of the line that says "Oh, don't worry about that, just click OK so I can <whatever-scam-here>".

I agree that inherently, this feature clearly will continue to be abused, but there are legitimate reasons why you'd want to have this feature available. Not having this available would lead to many more serious data leaks and havoc that hackers could use to bring down entire infrastructures.

phyrfox
  • 5,724
  • 20
  • 24
  • 8
    I think working on a user his computer is already a big flaw in the system. Anyone could install any screen record software to remove the "black screen" feature and see what the technician was doing or not – Timberman Apr 13 '21 at 14:11
  • 12
    @Timberman Or ya know... A keylogger. You can't assume anything about the system you're logged into. Frankly, the black screen is a band aid solution, and not a real solution for real security anyway – Cruncher Apr 13 '21 at 14:34
  • 2
    @Cruncher The problem is the system in my opionion. Either use one use access tokens, or not login to the user at all. The end user's system cannot be trusted. – Timberman Apr 13 '21 at 17:48
  • 6
    @Timberman: Some systems are used primarily by users who would not have the access necessary to install such things. If the only people who would have such access are trusted by the person using the remote-access software, then screen blanking would offer meaningful security. – supercat Apr 13 '21 at 18:56
  • 1
    @Cruncher : not necessarily. You might have a workstation in your office only you can log in to. But if you need to log in remotely for any reason (you're away on a conference, or doing home office due to covid) and suddenly you need to access something from your office computer, you don't have to fear keyloggers, but you might have to fear someone casually glancing on your screen and seeing sensitive information. – vsz Apr 14 '21 at 12:40
  • 1
    This is an antifeature reason - it's providing a false sense of security to do something that's fundamentally very insecure and wrong to do. – R.. GitHub STOP HELPING ICE Apr 14 '21 at 17:52
  • 1
    Many scammers seek to trick their victims into sending them gift cards or cash, with ruses that any technically competent person would see through in a millisecond. If someone won't notice that a "warning message" is simply something a scammer typed at the command prompt, would they notice if a scammer downloaded and ran a covert-access program with a reasonable sounding name? – supercat Apr 14 '21 at 22:52