Risk
6/27/2013
10:02 AM
Connect Directly
RSS
E-Mail
50%
50%

Sextortion Warning: Masking Tape Time For Webcams

"Camjacking" attacks activate your webcam and record your every move. Female images are in demand.

Furthermore, RATs aren't the only potential attack vector, with researchers having recently identified ways of remotely hijacking camera feeds by using a malicious iFrame attack to create a transparent Flash layer. This month, Russian security researcher Egor Homakov released a proof-of-concept attack -- dubbed "Click and say cheese" -- that exploited the Adobe Flash plug-in for the Chrome browser, running on OS X, that he says has been known since 2011. (His script-based attack was blockable using extensions such as NotScript and ScriptSafe.)

"This works precisely like regular clickjacking -- you click on a transparent flash object, it allows access to Camera/Audio channel. Voila, attacker sees and hears you," Homakov said in a blog post. Furthermore, with a bit of automation and distribution of malware that exploited this vulnerability, attackers could harvest thousands of webcam feeds or stills at once. "Your photo can be saved on our servers but we don't do this in the [proof of concept]," he said.

Since then, Google fixed the underlying bug in Chrome, which Russian security researcher Oleg Filippov (aka typicalrabbit) said affected not just Mac OS X but also Windows 7 and 8. Now, clicking the play button in Homakov's proof of concept attack -- slightly not safe for work -- instead of executing outright, first trips an alert in Chrome, asking if access should be granted to the webcam.

When weighing webcam security risks, note that a number of information security professionals cover up. For example, a photograph of Martin Muench, managing director of Gamma International and head of its FinFisher product portfolio, shows a piece of tape -- or perhaps cut-down Post-It note -- over his MacBook Pro laptop's webcam lens. That's notable because his company sells FinSpy software -- and related command-and-control networks -- to governments that want to spy on political activists. Based on teardowns of the software, it can surreptitiously intercept voice, video and other data from a variety of devices, including Android smartphones, iOS (iPhone, iPad) and BlackBerry devices.

On the other side of the sinister surveillance spectrum, cryptographer Whitfield Diffie also tapes over the camera on his MacBook. But my webcam cover-up chic award goes to Mikko Hypponen, chief research officer at F-Secure, who blocks his webcam with a band-aid. Give his solution extra points, because it won't leave gunk on the webcam lens for when you do need to hold a videoconference.

Software exists to alert users when their webcams have been activated, but Hypponen prefers a low-tech approach. "I trust the tape more than I trust any program," he told ZDNet at an Australian security conference. "I figure if there's a piece of tape over it, it isn't taking pictures of things."

As with so many technological innovations, webcams -- while enabling revolutionary services such as Skype -- carry information security and cybercrime risks. Best invest in some tape.

Previous
2 of 2
Next
Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Flash Poll
Current Issue
Cartoon
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-0640
Published: 2014-08-20
EMC RSA Archer GRC Platform 5.x before 5.5 SP1 allows remote authenticated users to bypass intended restrictions on resource access via unspecified vectors.

CVE-2014-0641
Published: 2014-08-20
Cross-site request forgery (CSRF) vulnerability in EMC RSA Archer GRC Platform 5.x before 5.5 SP1 allows remote attackers to hijack the authentication of arbitrary users.

CVE-2014-2505
Published: 2014-08-20
EMC RSA Archer GRC Platform 5.x before 5.5 SP1 allows remote attackers to trigger the download of arbitrary code, and consequently change the product's functionality, via unspecified vectors.

CVE-2014-2511
Published: 2014-08-20
Multiple cross-site scripting (XSS) vulnerabilities in EMC Documentum WebTop before 6.7 SP1 P28 and 6.7 SP2 before P14 allow remote attackers to inject arbitrary web script or HTML via the (1) startat or (2) entryId parameter.

CVE-2014-2515
Published: 2014-08-20
EMC Documentum D2 3.1 before P24, 3.1SP1 before P02, 4.0 before P11, 4.1 before P16, and 4.2 before P05 does not properly restrict tickets provided by D2GetAdminTicketMethod and D2RefreshCacheMethod, which allows remote authenticated users to gain privileges via a request for a superuser ticket.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Dark Reading continuing coverage of the Black Hat 2014 conference brings interviews and commentary to Dark Reading listeners.