Clickjacking: who's watching you through your webcam?
It's no urban legend: big brother, or any old pervert, may be watching you! A recently discovered cross-platform exploit can turn any browser -yes, even Firefox and Safari- into a "surveillance zombie" without you noticing. The technique is called Clickjacking.
"A malicious website and the attacker is able to take control of the links that your browser visits. The problem affects all of the different browsers except something called lynx..... It’s a fundamental flaw with the way your browser works and cannot be fixed with a simple patch. With this exploit, once you’re on the malicious web page, the bad guy can make you click on any link, any button, or anything on the page without you even seeing it happening"
One of the attacker's possible goals is to take control of your webcam. As a proof-of-concept, Guya created a simple Flash game exploiting the scary vulnerability. The playable version has been removed, but there's still a
Until all vendors patch their products (eg. Adobe will have a patch ready by the end of this month), you can do the following to protect yourself:
- Change your Flash Player settings according to the instructions in Adobe's security advisory.
- Use Firefox as your browser and install NoScript 220.127.116.11.
- Unplug your external webcam when not in use or use its lens cap if available.
- Cover your built-in webcam with something like nontransparent tape.
- Never sit naked or do silly dance moves in front of your computer. Ever. (SPECIAL INSTRUCTIONS FOR YOU KNOW WHO )
Read more about it here: Click Jacking