Risk
6/27/2013
10:02 AM
50%
50%

Sextortion Warning: Masking Tape Time For Webcams

"Camjacking" attacks activate your webcam and record your every move. Female images are in demand.

Furthermore, RATs aren't the only potential attack vector, with researchers having recently identified ways of remotely hijacking camera feeds by using a malicious iFrame attack to create a transparent Flash layer. This month, Russian security researcher Egor Homakov released a proof-of-concept attack -- dubbed "Click and say cheese" -- that exploited the Adobe Flash plug-in for the Chrome browser, running on OS X, that he says has been known since 2011. (His script-based attack was blockable using extensions such as NotScript and ScriptSafe.)

"This works precisely like regular clickjacking -- you click on a transparent flash object, it allows access to Camera/Audio channel. Voila, attacker sees and hears you," Homakov said in a blog post. Furthermore, with a bit of automation and distribution of malware that exploited this vulnerability, attackers could harvest thousands of webcam feeds or stills at once. "Your photo can be saved on our servers but we don't do this in the [proof of concept]," he said.

Since then, Google fixed the underlying bug in Chrome, which Russian security researcher Oleg Filippov (aka typicalrabbit) said affected not just Mac OS X but also Windows 7 and 8. Now, clicking the play button in Homakov's proof of concept attack -- slightly not safe for work -- instead of executing outright, first trips an alert in Chrome, asking if access should be granted to the webcam.

When weighing webcam security risks, note that a number of information security professionals cover up. For example, a photograph of Martin Muench, managing director of Gamma International and head of its FinFisher product portfolio, shows a piece of tape -- or perhaps cut-down Post-It note -- over his MacBook Pro laptop's webcam lens. That's notable because his company sells FinSpy software -- and related command-and-control networks -- to governments that want to spy on political activists. Based on teardowns of the software, it can surreptitiously intercept voice, video and other data from a variety of devices, including Android smartphones, iOS (iPhone, iPad) and BlackBerry devices.

On the other side of the sinister surveillance spectrum, cryptographer Whitfield Diffie also tapes over the camera on his MacBook. But my webcam cover-up chic award goes to Mikko Hypponen, chief research officer at F-Secure, who blocks his webcam with a band-aid. Give his solution extra points, because it won't leave gunk on the webcam lens for when you do need to hold a videoconference.

Software exists to alert users when their webcams have been activated, but Hypponen prefers a low-tech approach. "I trust the tape more than I trust any program," he told ZDNet at an Australian security conference. "I figure if there's a piece of tape over it, it isn't taking pictures of things."

As with so many technological innovations, webcams -- while enabling revolutionary services such as Skype -- carry information security and cybercrime risks. Best invest in some tape.

Previous
2 of 2
Next
Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2015-4231
Published: 2015-07-03
The Python interpreter in Cisco NX-OS 6.2(8a) on Nexus 7000 devices allows local users to bypass intended access restrictions and delete an arbitrary VDC's files by leveraging administrative privileges in one VDC, aka Bug ID CSCur08416.

CVE-2015-4232
Published: 2015-07-03
Cisco NX-OS 6.2(10) on Nexus and MDS 9000 devices allows local users to execute arbitrary OS commands by entering crafted tar parameters in the CLI, aka Bug ID CSCus44856.

CVE-2015-4234
Published: 2015-07-03
Cisco NX-OS 6.0(2) and 6.2(2) on Nexus devices has an improper OS configuration, which allows local users to obtain root access via unspecified input to the Python interpreter, aka Bug IDs CSCun02887, CSCur00115, and CSCur00127.

CVE-2015-4237
Published: 2015-07-03
The CLI parser in Cisco NX-OS 4.1(2)E1(1), 6.2(11b), 6.2(12), 7.2(0)ZZ(99.1), 7.2(0)ZZ(99.3), and 9.1(1)SV1(3.1.8) on Nexus devices allows local users to execute arbitrary OS commands via crafted characters in a filename, aka Bug IDs CSCuv08491, CSCuv08443, CSCuv08480, CSCuv08448, CSCuu99291, CSCuv0...

CVE-2015-4239
Published: 2015-07-03
Cisco Adaptive Security Appliance (ASA) Software 9.3(2.243) and 100.13(0.21) allows remote attackers to cause a denial of service (device reload) by sending crafted OSPFv2 packets on the local network, aka Bug ID CSCus84220.

Dark Reading Radio
Archived Dark Reading Radio
Marc Spitler, co-author of the Verizon DBIR will share some of the lesser-known but most intriguing tidbits from the massive report