Thursday, October 9, 2008

Hackers can remotely control your webcam & mic

"Detective, covering the camera with your hand does not turn off the microphone." --quoted from Thomas Gabriel (Die Hard 4 movie)

When I was watching Die Hard 4 movie, I thought it's just for a show off to the audience that nowadays computer nerds are capable to hack into any kind modern-computerized devices; including our webcam & mic. Apparently it is becoming into a reality...

Adobe has issued a critical security alerts to Flash users, where hackers can mislead people into clicking on links to launch Javascript codes which then remotely control the user’s webcam and microphone. The trick isn't new at all and has been around for a long time on the net, only this time it's targeting Adobe's most used product on the net: Flash player.

According to TG Daily, the attack dubbed as ClickJacking uses Javascript and other scripting language to fool a user into clicking on invisible links that are obscured by graphic elements or other windows. The user thinks he’s clicking on an innocuous box or game element, but in fact that click is being transmitted to another frame. There's a video demo embedded below this post, which comes from a computer expert Guy Aharonovsky, where he demonstrates how the ClickJacking process works.

Adobe says the Flash Player v9.0.124.0 and earlier are vulnerable and the company advises people to go in the Flash Player setting menu and select “Always deny” in the Global Privacy Settings panel. Well, it's not like in the movie where hackers are so darn good that they can hack into a passive system. This ClickJacking trick requires users to actively click or visit cloaked links, before hacker can mount the control attacks.

"Can somebody turn off the damn webcam and the microphone now..?" --me, whispering while covering the webcam with one of my hands. ~LOL~

[blogged with my Treo 750v]

No comments: