Sextortion Warning: Masking Tape Time For Webcams

  /     /     /  
Publicated : 22/11/2024   Category : security


Sextortion Warning: Masking Tape Time For Webcams


Camjacking attacks activate your webcam and record your every move. Female images are in demand.



New worries for the always-connected crowd: Attackers may remotely activate your webcam -- without tripping the warning light -- and remotely record your every activity, public and private. Is it time to invest in some masking tape?
For years, malware known as remote-access tools (RATs) have included the ability to
surreptitiously activate microphones and webcams
-- dubbed camjacking -- amongst other nefarious activities, such as sucking up all of your bank account details.
To avoid RAT attacks, security experts already recommend keeping all operating systems and installed applications up to date. But should everyday users -- meaning people who arent information security experts or Syrian dissidents -- be concerned about camjacking attacks? More to the point, should everyone cover up their webcams when not in use?
[ How much do people care about privacy? Read one point of view:
Online Privacy: We Just Dont Care
. ]
On the one hand, the likelihood of a teenage miscreant -- or criminal, or government intelligence analyst -- with too much time on his hands targeting your system with a RAT and harvesting images to share with seedy, like-minded RAT aficionados, or for blackmail purposes or political persecution, is reportedly rare.
On the other hand, the FBI in 2010
accused Luis Mijangos of sextortion attacks
against 230 people, including 44 minors, which involved his compromising their PCs and attempting to extort them into providing sexually explicit videos. Earlier this year, the bureau also arrested Karen Gary Kazaryan, charging him with
running a similar sextortion campaign
against 350 women between 2009 and 2011.
As that suggests, theres a subculture that thrives on trading stolen webcam images. Perusing a section of
HackForums.net
devoted to RATs produces a wealth of images labeled as
hot female slaves and ugly slaves,
reported
Sydney Morning Herald
. Recent posts have promised 150+ slaves over night! while one tutorial was titled, How to keep the slave for as long as possible [ Easy Steps ]. Comments on the post stretched to 19 pages.
The BBC recently interviewed a 17-year-old Finnish hacker, Matti, who said that the going rate on the criminal underground for
access to a womans webcam was $1
, while the same amount would buy access to 100 mens webcams. He claimed to have hacked into and sold access to 500 systems. Theres always pervs on the Internet who want to buy female bots, and most likely if they want a webcam they take photos and sell it, he said.
Rachel Hyndman, 20, a Glasgow-based student who also works in a computer shop, told the BBC that while watching a DVD on her laptop in the bath, the camera active light on her laptop suddenly went on, in an apparent camjacking attack, and when she tried to access the webcam control panel, she couldnt. Programs were opening up and closing by themselves, it was just acting like someone else was using them, she said, which continued until she deactivated her Wi-Fi connection. I was sitting in the bath, trying to relax, and suddenly someone potentially has access to me in this incredibly private moment and its horrifying, she said. To have it happen to you without your consent is horribly violating.
Suddenly, splashing out a few bucks on some masking tape doesnt seem like a bad idea. Furthermore, RATs arent the only potential attack vector, with researchers having recently identified ways of remotely hijacking camera feeds by using a
malicious iFrame attack
to create a transparent Flash layer. This month, Russian security researcher Egor Homakov released a proof-of-concept attack -- dubbed Click and say cheese -- that exploited the Adobe Flash plug-in for the Chrome browser, running on OS X, that he says has been
known since 2011
. (His script-based attack was blockable using extensions such as NotScript and ScriptSafe.)
This works precisely like regular clickjacking -- you click on a transparent flash object, it allows access to Camera/Audio channel. Voila, attacker sees and hears you, Homakov said in a
blog post
. Furthermore, with a bit of automation and distribution of malware that exploited this vulnerability, attackers could harvest thousands of webcam feeds or stills at once. Your photo can be saved on our servers but we dont do this in the [proof of concept], he said.
Since then, Google
fixed the underlying bug in Chrome
, which Russian security researcher Oleg Filippov (aka
typicalrabbit
) said affected not just Mac OS X but also
Windows 7 and 8
. Now, clicking the play button in Homakovs proof of concept attack --
slightly not safe for work
-- instead of executing outright, first trips an alert in Chrome, asking if access should be granted to the webcam.
When weighing webcam security risks, note that a number of information security professionals cover up. For example, a
photograph of Martin Muench
, managing director of Gamma International and head of its FinFisher product portfolio, shows a piece of tape -- or perhaps cut-down Post-It note -- over his MacBook Pro laptops webcam lens. Thats notable because his company sells FinSpy software -- and related command-and-control networks -- to governments that want to
spy on political activists
. Based on teardowns of the software, it can surreptitiously intercept voice, video and other data from a variety of devices, including Android smartphones, iOS (iPhone, iPad) and BlackBerry devices.
On the other side of the sinister surveillance spectrum,
cryptographer Whitfield Diffie
also tapes over the camera on his MacBook. But my webcam cover-up chic award goes to Mikko Hypponen, chief research officer at F-Secure, who
blocks his webcam with a band-aid
. Give his solution extra points, because it wont leave gunk on the webcam lens for when you do need to hold a videoconference.
Software exists to alert users when their webcams have been activated, but Hypponen prefers a low-tech approach. I trust the tape more than I trust any program, he
told ZDNet
at an Australian security conference. I figure if theres a piece of tape over it, it isnt taking pictures of things.
As with so many technological innovations, webcams -- while enabling revolutionary services such as Skype -- carry information security and cybercrime risks. Best invest in some tape.

Last News

▸ New threat discovered: Mobile phone ownership compromised. ◂
Discovered: 23/12/2024
Category: security

▸ Some DLP Products Vulnerable to Security Holes ◂
Discovered: 23/12/2024
Category: security

▸ Scan suggests Heartbleed patches may not have been successful. ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
Sextortion Warning: Masking Tape Time For Webcams