Risk
6/27/2013
10:02 AM
50%
50%

Sextortion Warning: Masking Tape Time For Webcams

"Camjacking" attacks activate your webcam and record your every move. Female images are in demand.

Furthermore, RATs aren't the only potential attack vector, with researchers having recently identified ways of remotely hijacking camera feeds by using a malicious iFrame attack to create a transparent Flash layer. This month, Russian security researcher Egor Homakov released a proof-of-concept attack -- dubbed "Click and say cheese" -- that exploited the Adobe Flash plug-in for the Chrome browser, running on OS X, that he says has been known since 2011. (His script-based attack was blockable using extensions such as NotScript and ScriptSafe.)

"This works precisely like regular clickjacking -- you click on a transparent flash object, it allows access to Camera/Audio channel. Voila, attacker sees and hears you," Homakov said in a blog post. Furthermore, with a bit of automation and distribution of malware that exploited this vulnerability, attackers could harvest thousands of webcam feeds or stills at once. "Your photo can be saved on our servers but we don't do this in the [proof of concept]," he said.

Since then, Google fixed the underlying bug in Chrome, which Russian security researcher Oleg Filippov (aka typicalrabbit) said affected not just Mac OS X but also Windows 7 and 8. Now, clicking the play button in Homakov's proof of concept attack -- slightly not safe for work -- instead of executing outright, first trips an alert in Chrome, asking if access should be granted to the webcam.

When weighing webcam security risks, note that a number of information security professionals cover up. For example, a photograph of Martin Muench, managing director of Gamma International and head of its FinFisher product portfolio, shows a piece of tape -- or perhaps cut-down Post-It note -- over his MacBook Pro laptop's webcam lens. That's notable because his company sells FinSpy software -- and related command-and-control networks -- to governments that want to spy on political activists. Based on teardowns of the software, it can surreptitiously intercept voice, video and other data from a variety of devices, including Android smartphones, iOS (iPhone, iPad) and BlackBerry devices.

On the other side of the sinister surveillance spectrum, cryptographer Whitfield Diffie also tapes over the camera on his MacBook. But my webcam cover-up chic award goes to Mikko Hypponen, chief research officer at F-Secure, who blocks his webcam with a band-aid. Give his solution extra points, because it won't leave gunk on the webcam lens for when you do need to hold a videoconference.

Software exists to alert users when their webcams have been activated, but Hypponen prefers a low-tech approach. "I trust the tape more than I trust any program," he told ZDNet at an Australian security conference. "I figure if there's a piece of tape over it, it isn't taking pictures of things."

As with so many technological innovations, webcams -- while enabling revolutionary services such as Skype -- carry information security and cybercrime risks. Best invest in some tape.

Previous
2 of 2
Next
Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2015-1009
Published: 2015-07-31
Schneider Electric InduSoft Web Studio before 7.1.3.5 Patch 5 and Wonderware InTouch Machine Edition through 7.1 SP3 Patch 4 use cleartext for project-window password storage, which allows local users to obtain sensitive information by reading a file.

CVE-2015-1486
Published: 2015-07-31
The management console in Symantec Endpoint Protection Manager (SEPM) 12.1 before 12.1-RU6-MP1 allows remote attackers to bypass authentication via a crafted password-reset action that triggers a new administrative session.

CVE-2015-1487
Published: 2015-07-31
The management console in Symantec Endpoint Protection Manager (SEPM) 12.1 before 12.1-RU6-MP1 allows remote authenticated users to write to arbitrary files, and consequently obtain administrator privileges, via a crafted filename.

CVE-2015-1488
Published: 2015-07-31
An unspecified action handler in the management console in Symantec Endpoint Protection Manager (SEPM) 12.1 before 12.1-RU6-MP1 allows remote authenticated users to read arbitrary files via unknown vectors.

CVE-2015-1489
Published: 2015-07-31
The management console in Symantec Endpoint Protection Manager (SEPM) 12.1 before 12.1-RU6-MP1 allows remote authenticated users to gain privileges via unspecified vectors.

Dark Reading Radio
Archived Dark Reading Radio
What’s the future of the venerable firewall? We’ve invited two security industry leaders to make their case: Join us and bring your questions and opinions!