Webcam Hack Rears Its Head Again

A new “proof of concept” is making the rounds recently, that demonstrates how a hacker can snap pictures off your webcam, right through the browser, with no consent required. You may have heard of those crazy people who put tape over their laptop’s webcam to keep people from using it? It seems that they may not be crazy after all.


As Egor Homakov, security consultant outlines in his blog, without going into much detail, the hacker uses a workaround that manipulates Flash’s requirement that a user grants to a website using CSS/HTML to render Flash’s permission prompt in a transparent layer, thus placing the now invisible “Allow” button directly above something the user is likely to click i.e. the “Play” symbol on a video or audio track, so it can now access their microphone or camera.  In other words, a hyperlink is concealed behind something you think is legitimate and when you “click” on that particular button, the hacker can now gain access to your system.

This technique, called Click jacking, is not new, in fact it has been around for a couple of years now and hackers can and do exploit this in browsers such as Google Chrome and Internet Explorer 10.  Apparently, if you are using Mozilla Firefox or Apple’s Safari browser, then you seem to be safe, for now, as the latest versions of these browsers appear to have a security patch to fix the vulnerability.  You can consider using a couple of ways to “fix” the problem yourself…You could either, tape up your webcam and leave duct tape residue all over your nice, shiny, new laptop or you could use Mozilla Firefox or Google Chrome with NoScript disabling it only for your trusted websites.

There are apps out there which monitor your webcam activity, I would assume for instances such as this.

You have been warned people…


[image via apollo-wordvirus]