Can an ISP Remotely Access My Computer without My Knowledge?

//
In a live chat session that I instigated, my cable ISP technician support wanted to remotely access my PC. “Connect to your computer and share your screen” to troubleshoot my inability to change some account information on their website. I was flabbergasted that they would suggest it and I told them no. As it turned out, my third attempt to change the information worked. The previous attempts brought a cryptic error message. What I’d like to know is whether an ISP can access our PCs without our knowing it? I guess not, but being paranoid is prudent these days.

I agree. Prudent paranoia is actually a good thing.

In this case, an ISP cannot access our PCs without us allowing it. The problem is that there are nuances that you might not realize.

Become a Patron of Ask Leo! and go ad-free!

Is remote access bad?

In general, remote control is something that you must initiate at your end. When you contact your ISP or some other tech system that you trust, remote access is actually a viable and useful way to give the tech person access to your computer. This helps them resolve issues that are more complex than could be clearly explained in a series of spoken instructions.

I have been through this multiple times myself. As the person trying to help someone solve a problem, it’s just so much easier to say, “Let me do it.” So remote access is not necessarily a bad thing, if you initiate it and it’s with someone you trust.

I’ve used a tool called Team Viewer. I’ll have a friend or family member download and run a little utility. They then give me some information and poof, I can remotely access their machine.

What does make me a little uncomfortable are live chat sessions. These are perfectly fine on their own and I use this tool from time to time. My concern is the person (or robot) on the other end. How do we know that they’re reliable? And technically when you’re in a chat, you’re running software on your machine that – if malicious – could allow the person at the other end to “do things” that you might not want.

Hacker's HandRemote access scams

Unfortunately, there is a scam where someone contacts you, claiming to be some kind of tech support, and they ask you to give them remote access. When you do, they install malicious software and more. The key here is that rather than you reaching out for help, someone randomly contacts you – that’s a sign that it’s a scam.

The scam doesn’t invalidate the technology. It just means that you have to be careful about who you trust.

Now, your ISP can’t just randomly shove something at your machine and have it start running. As long as you have a firewall up and running, only software that you download can run on your machine.

But if someone does contact you and directs you to download software, or tricks you into downloading software that could be malicious and has a remote access feature, then you could be in trouble.

Remember, you are the one that runs the remote access program; you have your machine connect to the remote control service and give the other person access.

Knowing who you’re dealing with and whether or not you can trust them is critical, and all part of that prudent paranoia. This helps you make sure that you invite only the software that you want on your machine.

10 comments on “Can an ISP Remotely Access My Computer without My Knowledge?”

  1. Dear Mr. Leo, Thank you so much for your enjoying and informative articles on Digital World , which we deal with every moment and second in our life. I enjoy very much learning from you. Thank you ounce again

  2. So Leo in another article has suggested that you don’t need to run the Windows firewall when you are connected to your home network, assuming that your NAT router acts as your hardware firewall.

    Suppose that your router is supplied by your ISP. Is it possible that there is an additional user name and password that they can use to troubleshoot and configure your router (besides the one that you use yourself to configure the router)? If there could be, wouldn’t that mean that a rogue employee of the ISP could log into your router. Could a rogue employee then be able to hack into your computer?

    • Well, I suppose so, but that’s a lot of “ifs” that have to line up for it to be a problem. If there’s a rogue employee I’d be more concerned about them monitoring the data that flows through the ISP servers or your email stored there. That’s MUCH easier than trying to hack into your home network. (And I’ll say again – most of us just aren’t interesting enough to be worth that effort.)

  3. as Leo says never give remote control to anyone who calls you unexpectedly
    only allow remote control in very specific instances where you the user have initiated the call

    I never give remote control even when I initiate the call to a call center

    I have heard so many people say they “got a phone call from MS or bank etc.”

    I giggle and tell them next time tell the scammer who calls, to call you back on my number

    I have never received such a call yet, I’m waiting in anticipation

    I would have so much fun with those bozo scammers, and the longer I could keep them on the phone the better

    Scammer> hi this is Osama from Microsoft, we are receiving messages from your computer about an infection and other errors

    Me > really, well lets do some thing about it, my system is not on right now what do I need to do

    Scammer > please go to your system and start it up, when it’s running I will tell you what to do

    Me > (walks over to a machine that should be in the Smithsonian: powering up an 8088XT)

    Me > OK, the system is booting up,
    … wastes about 20 – 30 minutes with idle chit chat about how slow the system is to start up etc.

    Me > ooops, replace or insert system disk …
    Me > sorry this happens every time it’s a bit cold in the computer room we just have to wait for the HDD to warm up a bit (MFM HDDs with stepper motors can be a drag)
    Me > OK I see a prompt requesting the current date, I’ve entered the date, and see C:> what do I do now
    ….
    Me > oh you want me to run my newer system
    (walks over to an 80486 that runs windows 3.10 WFWG 1992 version, goes through same process)
    scammer > go to the start menu
    me > I don’t have a start menu only program manager & file manager
    scammer > please start internet explorer
    me > I don’t have internet explorer, in fact I have no web browser

    me > oh you mean a newer system
    (walks over to my 80486 windows 95 system)

    (… to my NT4 system)

    (… to my P-III 1GHz win2K system)

    I think they would actually give up before I got to XP or win 7

    oh the fun I would have

    • I wouldn’t give them my phone number either…you are just giving someone whose identity you might not really know the ripe opportunity to use your phone account fraudulently, whether they make calls and charges wholesale or use it to spoof caller IDs for robocalls and scams (and I got such a call that had a number going to a CELLPHONE and furthermore after immediately hanging up I looked and saw that the name was even not likely).

      Simply do not respond . Call or contact a legitimate representative and inquire about the message. I don’t know any ISP that does such things that you could trust anyway. A response only tells somebody you are an actual account and that they have hit paydirt if they are phony.

      If you didn’t initiate the contact, assume it’s fraudulent

  4. Ok, Very interesting article. But what I wanted to find out was Not whether someone could access my Computer but actually more importantly my Internet Router? You see, if I can personally access my router and change it’s settings via a web browser then that means that anyone could effectively do the same from Any web browser as well. and as long as they can find out the ‘admin’ password or factory password, they are effectively In and could change the settings of the router. AM I correct or amd I wrong?!

    Neil
    BEng(Hons)
    Communications Engineer

    • The best answer I can give you is “maybe”. IF your router has it’s remote administration enabled, AND if the router password is default or weak, then anyone could come along and play with the router. Similarly if you have malware on your machine and your router password is weak or default, then there is KNOWN malware that will reconfigure your router from your PC. You need to keep your router and PC secure.

Leave a reply: