InformAction Forums

Clickjacking - A very good VISUAL read.

Flash Bug Allows Miscreants to Remotely Operate Your Web Cam

One solution is not to have a webcam.

Seriously, consider putting a sticky note over it, or duct tape some paper over it, or whatever, when not in use.

There was a scandal a few months ago when a school in the US allowed students to take school laptops home. Then someone (janitor, IIRC? teacher?) remotely activated the web cams. Caught a lot of kids showering, dressing, undressing, mating...

Would the NoScript addon protect us from this?

Also: Wouldn't turning on the cam like explained above also turn on my cam's indicator light?

welly wrote:Would the NoScript addon protect us from this?

Yes, of course.

welly wrote:Also: Wouldn't turning on the cam like explained above also turn on my cam's indicator light?

I can't tell, It depends on your cam's features

welly wrote:Also: Wouldn't turning on the cam like explained above also turn on my cam's indicator light?

I would guess that doing that is ingrained into the firmware of most cams.

Although I will not elaborate on the how, yes there is the ability and possibility to turn on the webcam WITHOUT triggering the light indicator. However, for the average consumer or the 99% of the population, not likely an option to get your hands on the tool firmware/SDK BUT you might find enough rudimentary tools on the underground sites to zombie a machine if you searched hard enough for it.

I recommend you permanently disable flash access to your webcam using the control panel tool provided in the recent flash releases that allow you to make choices that will stick regardless of LSO and in browser deletions or per site permissions. This is one of the reasons why adobe finally got off their ass provided a more robust control panel tool like java and quicktime have done for a long time. Before you could only use in browser control panel for it to set your options but depending on your browser, NS settings, next reload you were back to default. Now it sticks using the control panel. Not sure if there is a Mac equivalent for it, don't really care, but there is a Linux panel for it as well (although its community made).

Tom my friend, although I agree with you in spirit, given that 99.9% if not all laptops nowadays ship with a webcam, not having one is sometimes not really an option. And, although covering the webcam might stop the visual peaking, it does nothing for the microphone attached to it, so still can be recorded. Unless you go into your mixer or sound panel and disable the hardware (aka your mic) to be sure and if you don't use your webcam and want to make sure it NEVER becomes an issue, you can also disable the hardware permanently in the device manager.