Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Vulnerabilities / Threats

6 Tips To Secure Webcams, Stop Keyloggers

If the FBI can activate webcams silently and record keystrokes, so can attackers. Here's how to defend yourself.

If malware remotely activated a webcam -- without turning on the light -- or silently logged keystrokes and infected a PC, would it be detected?

Don't be so sure. Marcus Thomas, a former assistant director with the FBI, recently told The Washington Post that, for the past several years, the bureau has been able to infect targeted systems with malware that lets it activate webcams remotely, record the video feeds, and log keystrokes. The capabilities reportedly have mostly been used for investigating terrorism and other serious crimes.

But if the FBI can launch camjacking attacks, so can others, including peeping Toms and sextortion practitioners. Furthermore, such attacks aren't rare. A Finnish hacker told the BBC in June that webcam access on the underground market went for $1 per target for a woman's webcam -- and just $0.01 per target for a man's webcam.

Keystroke recording has long been a feature of crimeware toolkits. Hackers seek any information they might turn to their financial gain. Take the stash of 2 million stolen passwords -- from Facebook, Google, Twitter, Yahoo, and other services -- recovered last week by Trustwave researchers. Neal O'Farrell, executive director of the Identity Theft Council, said the stolen access credentials were most likely harvested with keylogging malware.

[Will two-factor authentication be the demise of passwords? See 2013: Rest In Peace, Passwords.]

How can camjacking and keylogging software be stopped? Here are six tips.

1. Antivirus tools alone won't save you
You should always use antivirus antimalware products, but their success rate at spotting keylogging and webcam-hijacking software (whether developed by the FBI or criminals) isn't great. The security vendor OPSWAT recently took a sample of malware designed to log keystrokes, known as winpe/KeyLogger.SYK (a.k.a. PhrozenKeyloggerLite1-0R3_setup.zip), installed it on a test system, and scanned it using 40 different antivirus engines. As of last Thursday, only Norman's antivirus engine had detected the keylogger, OPSWAT's Alec Stokes wrote in a blog post. On Saturday, Virus Total reported that Comodo's antivirus engine had added a detection signature for the keylogger, but 46 other engines still weren't detecting it.

The results were even worse it came to testing whether 16 different antivirus engines could spot signs related to the malware running on a test system. "After a quick scan of running processes, none of the engines flagged the keylogger's process," Stokes wrote. In addition, one behavioral analysis engine also failed to sound alarms.

2. Employ anti-keylogging software
Instead of simply attempting to detect keyloggers, O'Farrell recommends trying to disrupt them. KeyScrambler (which is free) and Guarded ID (which costs $30 annually for two computers) are among the many good options available, he told us via email. "Some work by instantly encrypting or scrambling all your keystrokes so that they're unusable to hackers. They won't protect you against every type of keylogging, but are a good defense against the more common software."

3. Beware phishing attacks
How does camjacking or keylogging software get on to PCs? One typical infection vector is phishing, which is designed to trick an email recipient into opening a malicious executable. In fact, according to The Washington Post, that's the FBI's favored technique for infecting a system. However, the bureau uses it sparingly -- in part to keep references to the capability out of news stories -- and only after obtaining permission from a judge (which has not always been granted).

One defense against phishing is to ensure that systems remain fully updated and patched against all known vulnerabilities. A number of crimeware toolkits continue to exploit large numbers of systems that run outdated browser plugins (especially Java) with known vulnerabilities. Every successful exploit, of course, enables an attacker to install malware on the targeted PC.

4. Watch where you use passwords
Avoid typing sensitive information in public locations, especially if you're using a wireless keyboard. "More advanced keyloggers can intercept data from wireless keyboards, and even collect and decipher the electromagnetic radiation or electrical signals given off by a keyboard," said O'Farrell.

Of course, sensitive data can also be intercepted by anyone with the right technology and tools to sniff nearby WiFi data -- for example when users are logged into a public hotspot or a rogue hotspot disguised as one. Accordingly, think twice before sending sensitive information via the Internet when connected to a public hotspot.

5. Cover your webcam
Worried about someone hacking into your webcam? Cover it up with a piece of tape. That's
long been the advice of leading information security professionals, including the cryptographer Whitfield Diffie. Mikko Hypponen, chief research officer at F-Secure, who recommends using a Band-Aid, since it won't gunk up the webcam lens.

6. Keep reviewing your countermeasures
The above aside, someone -- say, an intelligence agency with deep pockets -- really, who really wants to capture your passwords will do so. "More than 25 years ago, a couple of former spooks showed me how they could capture a user's ATM PIN, from a van parked across the street, simply by capturing and decoding the electromagnetic signals generated by every keystroke," O'Farrell said. "They could even capture keystrokes from computers in nearby offices, but the technology wasn't sophisticated enough to focus in on any specific computer."

Of course, the technological state of the art has continued to advance from then. But when it comes to keylogging, your most likely foe will still be incidental attacks -- of the malware variety -- that attempt to harvest information from as many PCs as possible. Putting the above tools and practices in place will help block or disrupt these automated attacks.

Advanced persistent threats are evolving in motivation, malice, and sophistication. Are you ready to stop the madness? Also in the new, all-digital The Changing Face Of APTs issue of Dark Reading: Governments aren't the only victims of targeted intelligence gathering. Enterprises need to be on guard, too (free registration required).

Mathew Schwartz is a freelance writer, editor, and photographer, as well the InformationWeek information security reporter.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
SheaS183
50%
50%
SheaS183,
User Rank: Apprentice
11/21/2016 | 2:27:39 PM
You should block cams AND microphones
I use CreepBlockers because they block both cams and mics, last forever and their designs cover the whole family's individual style. 

www.safertech.com
WKash
50%
50%
WKash,
User Rank: Apprentice
1/3/2014 | 4:18:06 PM
Re: Stop data from leaving PC
I cerntainly agree, tools lthat stop data from leaving your PC are preferrable.  But how many individuals have the time or technical know how to run the kind of scans you're referring to. Is there really no product that can sit on your desktop (and not be hacked) that tells you someone's messing with your PC/laptop? And that makes it simple lock them out?
MaxB491
50%
50%
MaxB491,
User Rank: Apprentice
1/3/2014 | 2:52:21 PM
Re: Spying
Band Aid and Post its are sub optimal products for this purpose.

 

What we need is a something that looks professional, or invisible, leaves no residue (I'm looking at you, Bandages) and will stay on. Something cheaper than a roll of tape or a pack of Post its. Something that can be cleaned and reused basically forever.

I think that webcamera blocker, www.webcamerablocker.com is the best product out there right now.
sedson
50%
50%
sedson,
User Rank: Apprentice
12/16/2013 | 7:22:59 AM
Stop data from leaving PC
As an alternative to disrupting keyloggers, how about stopping data from leaving the PC?  I recently detected the Win64/Alureon trojan on a client machine by installing Malwarebytes and detecting the flow of data the trojan was trying to send out of the PC.  It took 3 days of running several scanners before detecting and identifying Win64/Alureon, but after running the removal tool the messages were stopped.  Blocking unauthorized traffic from leaving the PC could work for keyloggers, trojans, and other forms of malware by stopping delivery of the data.
WKash
50%
50%
WKash,
User Rank: Apprentice
12/12/2013 | 3:39:17 PM
Re: Spying
OK... now what do we do to muffle those microphones on our laptops? 
David D.
50%
50%
David D.,
User Rank: Apprentice
12/12/2013 | 12:32:00 PM
Re: Spying
Have you tried 3M Post-it Flags?  Variable width, re-usable, cheap, and no adhesive on the opaque section.

http://bit.ly/IRB2y1

 
JoshLuft
50%
50%
JoshLuft,
User Rank: Apprentice
12/11/2013 | 11:45:31 AM
Re: Spying
There already is a product out there that is designed exactly for this reason.

Look up camJAMR Webcam Covers ( www.camjamr.com ), or watch this video.

http://www.youtube.com/watch?v=h8utQ5eXa5c

Cheers!
ChrisMurphy
50%
50%
ChrisMurphy,
User Rank: Strategist
12/10/2013 | 7:04:59 PM
Re: Spying
Agree, Wyatt, though we need something subtle that covers the camera but blends in -- so we can be paranoid without broadcasting to everyone around us that we're paranoid.
WKash
50%
50%
WKash,
User Rank: Apprentice
12/10/2013 | 4:33:57 PM
Re: Spying
I'm surprised the makers of 3M Post-Its or even Band-Aids haven't come out with a Web Cam CoverAll product by now.

 
anon4453030347
50%
50%
anon4453030347,
User Rank: Apprentice
12/10/2013 | 3:12:37 PM
Spying
Great tips. Now we have the ability to stop keyloggers or spammers. But i have a question how can we stop government to stop spying us. :)

 

Blog: Tech Lives 

Youtube: News Headlines
COVID-19: Latest Security News & Commentary
Dark Reading Staff 9/25/2020
Hacking Yourself: Marie Moe and Pacemaker Security
Gary McGraw Ph.D., Co-founder Berryville Institute of Machine Learning,  9/21/2020
Startup Aims to Map and Track All the IT and Security Things
Kelly Jackson Higgins, Executive Editor at Dark Reading,  9/22/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Special Report: Computing's New Normal
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
How IT Security Organizations are Attacking the Cybersecurity Problem
How IT Security Organizations are Attacking the Cybersecurity Problem
The COVID-19 pandemic turned the world -- and enterprise computing -- on end. Here's a look at how cybersecurity teams are retrenching their defense strategies, rebuilding their teams, and selecting new technologies to stop the oncoming rise of online attacks.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-15208
PUBLISHED: 2020-09-25
In tensorflow-lite before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, when determining the common dimension size of two tensors, TFLite uses a `DCHECK` which is no-op outside of debug compilation modes. Since the function always returns the dimension of the first tensor, malicious attackers can ...
CVE-2020-15209
PUBLISHED: 2020-09-25
In tensorflow-lite before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, a crafted TFLite model can force a node to have as input a tensor backed by a `nullptr` buffer. This can be achieved by changing a buffer index in the flatbuffer serialization to convert a read-only tensor to a read-write one....
CVE-2020-15210
PUBLISHED: 2020-09-25
In tensorflow-lite before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, if a TFLite saved model uses the same tensor as both input and output of an operator, then, depending on the operator, we can observe a segmentation fault or just memory corruption. We have patched the issue in d58c96946b and ...
CVE-2020-15211
PUBLISHED: 2020-09-25
In TensorFlow Lite before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, saved models in the flatbuffer format use a double indexing scheme: a model has a set of subgraphs, each subgraph has a set of operators and each operator has a set of input/output tensors. The flatbuffer format uses indices f...
CVE-2020-15212
PUBLISHED: 2020-09-25
In TensorFlow Lite before versions 2.2.1 and 2.3.1, models using segment sum can trigger writes outside of bounds of heap allocated buffers by inserting negative elements in the segment ids tensor. Users having access to `segment_ids_data` can alter `output_index` and then write to outside of `outpu...