CLEVELAND — Internet users are becoming vulnerable to hackers who can infiltrate software and gain access to webcams.
“The main thing to worry about is when software is able to turn on your camera without notifying you, without the user explicitly turning it on, that’s the main issue,” said Feross Aboukhadijeh, a student at Stanford University in California.
Via Skype, Feross told FOX 8 about his online discovery last year that criminals were able to “clickjack” – or trick – computer users into handing over control of their webcams via Adobe Flash Player. The move enabled hackers to turn on cameras and watch people without permission.
“There’s a whole underground on the internet that does this sort of stuff, so it’s basically an arms race,” said Feross. “There’s the hackers on one side trying to figure out new ways to exploit software and there’s the companies on the other side trying really hard to patch-up their software and make sure it’s not vulnerable to this type of stuff.”
Feross found the loophole in Adobe, which is used by millions of people around the world. The security breach was fixed and in a statement, Abobe told FOX 8 News: “Adobe is aware of a report describing a clickjacking issue related to the online Flash Player Settings Manager. We have resolved the issue with a change to the Flash Player Settings Manager SWF file hosted on the Adobe website. No user action or Flash Player product update are required.”
Webcam voyeur cases in Florida, Pennsylvania and other states prove how hackers can easily gain access to webcams through various avenues, programs and loopholes. Ron Frey is a Cleveland-based defense attorney who said webcam hackers can pay a price, but that’s only if they’re caught.
“Any type of hacking, any type of unauthorized use of a computer – or computer system – can be considered a crime on both the state and federal level and it could carry with it serious consequences,” said Frey.
Computer users, like Angela Nardolillo, rely heavily on the web for work.
“It’s my everything. I’m basically on here between four and 12 hours a day,” said Angela. She’s a graphics designer for video games and is very careful about protecting herself from anyone trying to gain access to her software.
“I make sure that I’m constantly changing my passwords – every 30 days – that goes with my mobile, as well, in the event that I do lose it,” said Angela. “With people logging on sometimes they can access your computer if they’re under the same internet – wifi.”
Computer users can protect themselves by installing updates, regularly scanning their computers for malicious software – or malware – and keep anti-virus software up-to-date. Derek Meister with the Geek Squad warns people to watch for a change in how their PC operates, including speed, error messages and random website pop-ups.
“Usually, the very first thing that we hear a lot of is – my computer is running slow,” said Meister. “Once somebody gets software onto your computer, depending on the kind of malicious software that gets on there, there’s always that potential for them to have access to your system.”
According to Feross, there’s an easy remedy for anyone concerned about whether they’re being watched.
“The safest thing to do is – and this is what I do – is, I put, like a little Post-It note over my camera,” said Feross. Safety experts also recommend computer users turn their webcam away or just keep it unplugged when it’s not in use.
“I’m a good guy so I didn’t use this for evil but I know that if I can do that, if I have the skills to do it, then I’m sure that people – criminals who’ve been sitting around all day thinking about how they’re going to do this type of stuff will surely know about more ways to do this,” said Feross.
For more information on Adobe’s response to the clickjacking investigation in 2011, click here.