The other night one of my friend\u2019s asked me about the webcam in her laptop. She was concerned about people gaining access to it and spying on her. Her fears got me to thinking about this problem.<\/p>\n
Integrated webcams are becoming the norm in most laptops. The privacy implications of unauthorized access are staggering. A lot of us take changing in the secrecy of our own room for granted, but what if that wasn\u2019t the case? In this security review I look at the possible weaknesses and defenses this class of products has. Webcams used to come as stand alone peripherals that could be used by plugging into a USB slot, and placing somewhere on top of the computer monitor. But as of late, more and more laptops are coming with webcams built in, and it\u2019s an oft sought after feature. In fact I think all Mac laptops (And some desktop computers) in the past few years have come with webcams.<\/p>\n Assets -Corporate or national secrets. This can include physical location, printed information, or even identity of personnel in the vicinity of the laptop.<\/p>\n Adversaries<\/strong><\/p>\n -Peeping Toms: Looking for voyeuristic pleasure. Pedophiles and their ilk can fall under this category.<\/p>\n -Blackmailers: They might be seeking incriminating data in order to extort money or favors from the users. One man in Cyprus tried to blackmail a teenager into posing nude for him. (http:\/\/itmanagement.earthweb.com\/secu\/article.php\/3499571)<\/p>\n -Corporate or national spies: Might be trying to identify secret locations and facilities, or the identities of secret employees or customers.<\/p>\n Weaknesses -Backdoor programs: An adversary can slip a Trojan onto a laptop granting unauthorized access to various aspects such as passwords, and files, and since the webcam is integrated hardware, the webcam\u2026<\/p>\n Potential Defenses -Run multiple levels of firewalls and spyware detection, such that if one is disabled, ports are still blocked.<\/p>\n -Keep up to date on latest Trojans and systematically check start-up programs and running processes<\/p>\n -Avoid installing software with known security holes.<\/p>\n -And most elegant solution devised by my friend: tape a piece of paper over the webcam.<\/p>\n Conclusion and Evaluation Because of the fact the webcam is now considered integrated hardware, there isn\u2019t really a simple software solution to disable it completely, provided a backdoor program can reverse most software changes.<\/p>\n In the past, with conventional webcams, you could always unplug the device when not in use. But now it\u2019s always there\u2026staring at you\u2026unblinking\u2026How do you know it\u2019s not on now? http:\/\/www.sophos.com\/virusinfo\/analyses\/w32rbotgr.html<\/p>\n http:\/\/www.theregister.co.uk\/2004\/08\/23\/peeping_tom_worm\/<\/p>\n http:\/\/www.technewsworld.com\/story\/36096.html?welcome=1202699594<\/p>\n http:\/\/www.wackyb.co.nz\/vb\/showthread.php?t=112<\/p>\n","protected":false},"excerpt":{"rendered":" The other night one of my friend\u2019s asked me about the webcam in her laptop. She was concerned about people gaining access to it and spying on her. Her fears got me to thinking about this problem. Integrated webcams are … Continue reading
\n
\nProduct Summary
\n<\/strong>
\nA webcam is usually a small video camera used for the purpose of transmitting images or videos over a local network or the internet. It\u2019s typically used for videoconferencing in a corporate or personal setting. It can also be used for recording utter crap to put on youTube, and anyone who does that deserves to die an ignominious e-death. But that\u2019s beside the point.<\/p>\n
\n<\/strong>
\n-Users\u2019 physical privacy, specifically visual privacy. The right to choose when to show themselves to the rest of the world is an important asset.<\/p>\n
\n<\/strong>
\n-Faulty web-conferencing programs: Many programs take advantage of webcams now, such as instant messengers like Skype and Yahoo! If these programs are written with security flaws, they can be exploited.<\/p>\n
\n<\/strong>
\n-Disable webcam driver when not in use.<\/p>\n
\n<\/strong>
\nThe biggest problem is if an adversary installs a backdoor program on a user\u2019s machine. This program could do more than just compromise the webcam, it has access to various other aspects of the computer. These backdoor programs are relatively easy to customize and deploy, in fact some disreputable companies and groups offer to sell or distribute these Trojan makers, resulting in various programs, W32\/Rbot-GR, MyDoom, and Optix. The best way to avoid them is not to install any suspicious software or accept files from unstrusted users.<\/p>\n
\nSources<\/strong><\/p>\n