Question:
Webcam security question, what would it take for remote access?
i like cereal
2009-07-06 20:15:12 UTC
I was wondering how a webcam could be successfully accessed remotely either by an attacker or others in legal agencies. I was monitoring how my logitech cam software was being installed but the only part that asked for other "connections" was something known as "logitech vid" - a skype-like app that you can make free calls to other people. I also noticed it installed a background service that allowed pretty much any application to control the hardware so I would imagine that internal security is as strong as the client's softwares. I would see a hard time getting outbound access since client is behind both ZA firewall (but again based on specific application trusts) and router with UPnP disabled so definitely no ports are getting opened. ZA has a low-level hook (pretty much first app installed on the Windows box) so there's pretty much 0 chance of that being disabled. But, "Windows Generic Host Process" pretty much controls everything (and its code is closed) so I wouldn't be surprised if complete takeover was possible if sophisticated enough command could be issued from Redmond, albeit a spotty (hoppy) connection due to all the bounces. Anyone else like to conjure up some more conspiracies?

P.S. Do you think that little LED need to be on for the cam to be actually recording or do you think that's logitech's prop code?
Four answers:
?
2009-07-06 20:24:15 UTC
The only thing i can tell you is...to prevent from possibly being spied on with your own webcam...just close the cover over the lens when no in use..and if you ever see the green light on when your walking around or working on the computer ...then you know your being watched...hackers and spy criminals are getting more and more sophisticated and know they have created a way to hack your Logitech webcam...and for that very reason...i uninstalled mine 2 months ago and will not use it again unless absolutely necessary....
anonymous
2016-03-03 12:17:39 UTC
Well okay. Let's just say, if a hacker were to get on your network, they would have to of gotten in as administrator of THAT network. If he were to hack...lets say your room's computer and that's not the center computer that runs your network, then you really shouldn't fret...much...they could only be able to hack that computer's webcam. -Here it gets complicated, so read on if you want to be secure: The only way you can make a network secure is by having a WPSK2-personal (I think that's what it's called) password securing your network, the more letters the password has the longer it would take for it to be cracked. WEP can be cracked in seconds so please don't use WEP passphrases.
anonymous
2009-07-06 20:21:26 UTC
One way this can work is through a 'clickjack'

(from the "NoScript" webpage)

"with "Clickjacking" we designate a class of attacks (also known as "UI Redressing") which consist in hiding or disguising an user interface element from a site you trust (e.g. the "Send" button of your webmail site or a pre-configured "Donate" Paypal button) in a way which leads you to click it without knowledge of what you're exactly doing. In the impressive proof of concept by RSnake and Jeremiah, you clicked anywhere in their apparently innocuous page, believing you were doing nothing dangerous, but in reality you were activating your microphone and/or your webcam for Flash access, allowing the remote attacker to spy on you instantaneously. More in general, an attacker can frame a portion of a certain web page you trust inside a different page under his control, decontextualizing it or making it transparent: this way he can easily trick you into interacting with it, and you end to perform a financial transaction or allow him special permissions, without remotely suspecting that something evil is going on."



End 'Clickjacks' with Firefox and 'NoScript' add-on.



http://noscript.net/?ver=1.9.0.6&prev=1.9.0.5
bizboy13
2009-07-06 20:21:15 UTC
LogMeIn would allow this, and yes, the light will be on when recording to any source. Easy answer is to cover lense when not in use.


This content was originally posted on Y! Answers, a Q&A website that shut down in 2021.
Loading...