Webcam security

[Anakunda]

Hello,
How to find out if webcam installed in my notebook is imune against any hijhacking or unwanted remote control, i.e. if it at least can't be fooled to keep off the LED control while of eventual misuse. I have seen something about some webcam models firmwares can be altered this way, not knowing much about it tho. So is my model affected by this weakness, any information?

[TheWindBringeth]

I think answering such a question would require specialized knowledge, particularly of the hardware design of the camera and/or indicator. You could google for information and visit the manufacturer's forum, hoping to get lucky. If you do so you might also consider the microphone if it is separate. Perhaps you could disable that which concerns you (via BIOS, or electrically if you know what you are doing) and utilize a USB camera/mic on an as needed basis.

I would say that no piece of equipment is immune. However the liklihood can be extremely low.

So it's not a very high-tech solution, but you could always put a piece of tape/paper over the lens when you're not using the camera. At least you wouldn't feel watched.

[EncryptedBytes]

Quote:

Originally Posted by Anakunda

Hello,
How to find out if webcam installed in my notebook is imune against any hijhacking or unwanted remote control, i.e. if it at least can't be fooled to keep off the LED control while of eventual misuse. I have seen something about some webcam models firmwares can be altered this way, not knowing much about it tho. So is my model affected by this weakness, any information?

Short answer it is not. The most likely way someone will use your webcam against you is if they sneak spying software onto your laptop though would require you to lose physical control of your device. Additionally there have been documented cases of backdoor malware and proof of concept 'games' (-http://www.youtube.com/watch?v=gxyLbpldmuU-) that have gone after webcams. Though this type of attack is rare. You would ideally need to be the victim of a targeted attack.

[Hungry Man]

Yeah, it's kind of like worrying about BIOS viruses. It can happen but they have to be going after a very specific set of hardware.

[Anakunda]

I assume firewall is is not powerfull enough to prevent a spyware installing unattended but it should be sufficient to block a keylogger or spyware from hijacking a webcam or microphone and stream a/v channel outside? I'm using Comodo Pers. Firewall.

[CGuard]

Isn't disabling the webcam's drivers -when it's not needed- a solution?

[EncryptedBytes]

Quote:

Originally Posted by Anakunda

I assume firewall is is not powerfull enough to prevent a spyware installing unattended but it should be sufficient to block a keylogger or spyware from hijacking a webcam or microphone and stream a/v channel outside? I'm using Comodo Pers. Firewall.

I feel you are mixing up a firewall and a HIPS (host intrusion prevention system) . A firewall is simply a device or software that permits or denies network traffic based upon a set of rules defined by the user. The firewall will not stop software from being installed or alert of potential threats.

CGuard yes...I suppose uninstalling the drivers for the webcam and disabling the microphone is one way though overkill if you plan to use the devices at regular intervals.

[Hungry Man]

The attacker can just reenable them or provide their own drivers.

[EncryptedBytes]

Quote:

Originally Posted by Hungry Man

The attacker can just reenable them or provide their own drivers.

That would be easier said than done, and if done then refer to my original remark on targeted attacks. Though that scenario is even more remote than the remote chance that a remote attacker would take over the webcam...remotely.

[Hungry Man]

Well, reenabling would be easy unless you uninstalled the drivers. Providing their own would be, again, as you say a directed attack. lol