If you do, you should know that hackers, including the Eye of Pres. Lucifer — the National Security Agency (NSA) — can access your webcam and watch you in your own home.
Greg Kumparak writes for TechCrunch that on June 13, 2013, security consultant Egor Homakov gave a demonstration on how a hacker can snap pics off your webcam, right through the browser, with no consent required.
Homakov showed how a hacker can use a few old tricks to work around Flash’s requirement that a user explicitly grants a website permission before it can access their camera or microphone.
The basic technique, Clickjacking, is nothing new and is very well known in the hacking world. TechCrunch even tested the technique on the latest build of Chrome for Mac, and it pulled from their webcam without issue or any visible prompt. When it works, the only evidence that the camera was ever accessed is a near instant and oh-so-easy-to-miss blink of the LED indicator.
You can test the proof of concept yourself here. (Heads Up: The link will take a picture of you, though the author claims he’s not storing them — but clarifies that someone could, if they wanted.)
If your browser doesn’t visibly render the permission box and clicking the play button snaps a picture of you, your browser fails the test. If it shows the permission box or blocks the click, you’re safe (from this specific exploit, at least).
So how can you protect your webcam from being hacked?
- Tape up that webcam.
- Consider using Firefox* with something like NoScript, disabling it only for trusted sites.
- Turn off your webcam when you’re not using it.
- “Obama regime is spying on every phonecall, email, bank transfer, travel record of every American,” June 6, 2013.
- “Big Brother’s secret NSA Data Center in Utah,” June 8, 2013.
- “Why Microsoft is slow to fix the bugs in Windows 8 & Vista,” June 15, 2013.