Feeds

back to article Flash flaw potentially makes every webcam or laptop a peephole

A security flaw thought to have been fixed by Adobe in October 2011 has reappeared thanks to a new vulnerability involving Flash Player browser plug-ins. The as yet unpatched vulnerability creates a means to seize control of webcams without permission before siphoning off video and audio from victims' PCs. The clickjack-style …

COMMENTS

This topic is closed for new posts.

Page:

Alert

Wonder how

Does this exploit cope with the piece of black insulating tape stuck over the webcam?

8
2
Anonymous Coward

Re: Wonder how

How do you masturbate on Chat Roulette?

2
0
Happy

Re: Wonder how

Be even safer, never turn your computer on!

1
0
Silver badge
Headmaster

Re: Wonder how

As per the article:

"Tinfoil hatters who tape over webcams when they aren't in use have been vindicated by the discovery of the problem."

3
0

Re: Wonder how

Black tape doesn't stop the mic from working.

4
0
Bronze badge
Thumb Up

Re: Wonder how

Not needed if you don't use the USB hub on the monitor.

Laptop users, however may have a problem doing that.

0
0
Bronze badge

Re: Wonder how

Well I have an HP "Elitebook". The mic failed in 3 months.. so maybe the answer is "buy crap".

15
0
Anonymous Coward

Re: Wonder how

It didn't fail, HP travelled back in time, bought the microphone company and then wound it down like every other acquisition and so the mic ceased to exist.

HP - Your trusty technology terminator.

5
0
Anonymous Coward

Re: Wonder how

Has anyone got some 'sample' exploited user links I can click on for a proof of concept? Preferably used by nubile females so that I can feel appropriately sympathetic.....

1
2
Bronze badge

Re: Wonder how re: anon@08:20

with one hand

1
1
Anonymous Coward

Re: Wonder how

Why don't laptop manufacturers all:

1. Have a little plastic door which slides across the front of the webcam; and

2. Combine this with a switch which isolates the microphone (directly in the signal path, not via the CPU)

Problem solved in 99% of cases.

Just my 2¢, which is approximately what this would cost to implement.

2
1
Anonymous Coward

Re: Wonder how

Disable the Mic and Webcam in Device Mangler! Its the easiest option and its fast to undo.

1
0

Re: Wonder how

It'll add a couple of mm to the depth of the bezel, which is a no-no in the current MacBook Air led style market.

I'm pretty sure I had a Compaq in the early 2000's which had a slide cover, nothing new under the sun!

1
2
Bronze badge

Re: Black tape doesn't stop the mic from working.

Superglue does.

0
0
Anonymous Coward

Re: Wonder how

+1, but remember that duct tape does nothing to disable microphones.

0
0
Bronze badge

NSA conversation

"Hello Sir? This is X, technical press monitoring service"

"OK X, what you got"

"We can access webcams now, apparently there's a flash flaw"

"Well done, X. We didn't have that yet. It's one small webcam for each man, one giant leap for electronic surveillance."

4
0
Bronze badge
Devil

Re: NSA conversation

>"Well done, X. We didn't have that yet. It's one small webcam for each man, one giant leap for electronic surveillance."

I'm thinking the reply would actually be along the lines of:

"Is that it? We've had that for years, Adobe is an American company after all, we got them to put a back door in.

Keep me informed if it turns out this is the back door being discovered rather than a bug."

10
0
Anonymous Coward

Surprise!

Why is it that when we see the word "exploit" or the phrase "security problems/issues", the article is always about Microsoft.

People need to give themselves a shake and stop using MS products!

3
29
FAIL

Re: Surprise!

Really?

I mean, come on! Nobody can be this stupid, surely?!?

You sir, have to be trolling, but in case you aren't, I shall explain for the hard-of-thinking. Flash is Adobe, Chrome is Google.

No Micorosft products listed here, good sir!

Wow. They walk among us!

21
2
Silver badge
Linux

Re: Surprise!

Sadly, that is not the case.

1
0
Anonymous Coward

Re: Surprise!

The article doesn't mention Microsoft even once, so I can only assume you were reading something different

8
1
Bronze badge
FAIL

Re: Surprise!

Eadon, you seem to have ticked the AC box by mistake.

21
0
Silver badge
Coat

@AC 09:01 GMT Re: Surprise!

The article doesn't mention Microsoft even once, so I can only assume you were reading something different

No, all you can assume is that the comment was posted by Eadon.

1
0
Anonymous Coward

Re: @AC 09:01 GMT Surprise!

Let's be realistic. They specifically mention PC's, Chrome and Flash. Almost all users of this combination are going to be running Windows.

5
7
Bronze badge

Re: Surprise!

The article doesn't state that this exploit is limited to chrome on windows, though it most certainly won't work on my Mac. (Because chrome isn't available for it.)

1
7
Anonymous Coward

Re: Surprise!

Lighten up! That's a classic "The Register" comment from a few years ago that I like to post on any security related article. It emphasises the point that it is popular things that get hacked, not buggy things. For years MS were held up as being crap with security because of bad design or poor programming. Now Google are popular we're starting to see that it's nothing to do with how well you design or code something and all to do with how much hackers want to hack you.

In ten years MS will be nowhere, Google will the new, incumbent monopoly abusing mega corporation and some new company will have all the tech fan boys salivating. The more things change....

2
3
Silver badge

Re: Surprise!

But it's not an MS exploit, it's an Adobe Flash exploit. Flash still runs on GNU/Linux when using Chrome.

GNU/Linux has exploits too (which is why we get kernel updates etc). Almost all beyond trivial "Hello World" programs will have exploits.

A PC is only secure as the monkey who configured it.

That said, I do prefer GNU/Linux. That is partly personal preference, partly the fact I enjoy freedom and partly because I want to keep off the enforced upgrade-cycle. I can't afford a new PC every couple of years.

As for webcams....

1) They should have a physical cover; and

2) They should have an indicator light hard-wired to the webcam power and beyond software control (cam is on? That light is on, no way to bypass without a soldering iron).

9
0
Bronze badge
Facepalm

Re: Surprise!

"The article doesn't state that this exploit is limited to chrome on windows, though it most certainly won't work on my Mac. (Because chrome isn't available for it.)"

Oh yeah? Strange as I when I wander along to the official Chrome download link via Safari it seems to recognise my Hackintosh box and offers me the latest version of Chrome of OSX!

0
0
Bronze badge

Re: Surprise! > Chrome

Chrome on Mac requires 10.6 and up, there are a lot of old PPC machines still running 10.5

3
0

Re: 2) They should have an indicator light hard-wired to the webcam power

Some do - my Logitech Pro 9000 has an orange ring that fades up and glows round the lens. Never really thought of it as a security feature before - neither I suspect did the designer who did it because it looks "cool"!

1
0
Silver badge

Re: 2) They should have an indicator light hard-wired to the webcam power

A lot of those lights are software controlled though. Aye you 100% sure that Logitech one is hardwired to power?

1
0
Happy

Re: Surprise!

Chrome is available on Macs. I use it. But maybe will use Safari now until this is fixed...

1
2
Anonymous Coward

Re: Surprise!

"Why is it that when we see the word "exploit" or the phrase "security problems/issues", the article is always about Microsoft."

Because Microsoft software is ubiquitous! Not difficult to understand is it?

Why waste your time trying to attack a platform with a handful of users (in comparison).

People don't need to stop using MS products. They need to realise that everyone out there is trying to get your cash, and if you're stupid enough to ignore a threat, you deserve to be hit.

Platform has F-all to do with it. If OSX was the ubiquitous OS, OSX would be hit just as hard.

W O W. Never thought that one through! Hardly surprising, I encounter this everyday from 100's of people.

0
2
Anonymous Coward

@Obviously!

No, I refuse to use sarcasm tags, even when people like you make it so, so obvious that they are needed.

This is an article about a bug with Flash on Chrome. MS don't make either product.

To be fair, I often post ill thought out rants on the register if I'm having a shit day. Can I suggest a dinner time beverage? It may make the afternoon less fraught.

0
1
FAIL

Re: Popular, not Buggy things get hacked.

Whilst it's true that without the popularity, nobody would bother, without the bugs it wouldn't be possible

So have a nice big 'fail' for your [il]logic.

1
1
Anonymous Coward

Re: 2) They should have an indicator light hard-wired to the webcam power

"neither I suspect did the designer who did it because it looks "cool"!"

Designer fail... "cool" features are implemented with blue LEDs, everyone knows that!

2
0
Bronze badge

@The BigYin

Let's make it much easier:

1. Use GNU Linux or *BSD, always check for and install updates whenever those are available (just click on that red button!)

2. Make sure to have flashclock, adblock plugins and turn off java plugin on the browser (not only it is a matter of security but also a threat of getting annoyed by stupid ads)

3. I prefer Firefox, it has a noscript plugin. Elinks, w3m, lynx and other text browsers still make a lot of sense.

0
1
FAIL

Re: Surprise!

@Jess "though it most certainly won't work on my Mac. (Because chrome isn't available for it.)"

Wow, just wow - what are you running on your mac? Chrome on Mac supported on OSX up to three years old. http://www.google.com/mac/

0
3
Pint

Re: Surprise! > Chrome

I'll grant you that, glad I don;t have one though.

0
0

Re: Surprise!

I suspect Jess has a PowerPC Mac, while it's true that chrome supports 10.6 and above, 10.5 is the last OS X to support non-intel chips.

1
0
Go

Re: Surprise! > Chrome

There are not only PPC but also Intel Macs still running OS 10.5 Leopard, and even 10.4 Tiger. Chrome won't work on those either as it requires OS 10.6 minimum.

Fortunately, however, many of those Macs are still vulnerable to the Java exploit that must be manually dealt with in older OS versions. So while users may not get the exhibitionist enjoyment of being secretly voyeured via webcam, they can still look forward to other forms of clandestine computer control :-D

1
0
Go

Go back to Firefox?

I just switched back to Mozilla Firefox, prompted by diabolical Flash performance and the fact that Chrome was bloated beyond belief. I still had the same flash problem on FF, unable to even play 420p youtube videos smoothly, until I happened upon the solution of disabling protected mode in Flash (disabling hardware acceleration made no difference). Thankfully I'm sensible when it comes to NoScript permissions, but I would hesitate when it comes to a non-technical user's system.

0
0
Bronze badge

@Suburban Inmate

Although I have no problem watching flash videos in Firefox or Chromium and html5 performance is better than that of flashplayer, 720/1080p on both the older and low end hardware. I'd still recommend watching videos with a video player. I use mplayer or vlc. Try watching youtube videos in vlc.

0
0
Silver badge
Boffin

"Tinfoil hatters who tape over webcams when they aren't in use"

Or sensible people who have webcams with a manual shutter that's only opened when they're actually using the webcam...

0
0
Anonymous Coward

Re: "Tinfoil hatters who tape over webcams when they aren't in use"

A shutter is hassle.

Get a Microsoft LifeCam Cinema, One of the best USB cameras there is - and it has a nice blue warning light whenever it is active....

0
0
Anonymous Coward

Re:and it has a nice blue warning light whenever it is active....

..that is impossible to hack because?

1
3
Anonymous Coward

Re: Re:and it has a nice blue warning light whenever it is active....

Because unless you are blind, you get a clear warning if it is on when it shouldn't be...

1
1
Anonymous Coward

Re: Re:and it has a nice blue warning light whenever it is active....

FFS! I meant hack it so the light doesn't come on. Security obviously not your strong point....

0
1
Anonymous Coward

Re: Re:and it has a nice blue warning light whenever it is active....

Shit, yeah, sorry. I'm not very clever....

0
1
Anonymous Coward

Re: Re:and it has a nice blue warning light whenever it is active....

Right, so unpack, disassemble and hack the 'on camera' firmware - and somehow bypass Microsoft's codesigning checks, and flash a new copy - just to disable the LED?

Security is my strong point actually, and we are heading into the world of fantasy for effort required versus result versus number of target users...

And as far as I aware, this vulnerability doesn't let you do things like flash USB device firmware...

3
0

Page:

This topic is closed for new posts.