The biggest threat to date with clickjacking and cybercrime was that you could lose information, but a new form of clickjacking could steal your privacy. Information Week is reporting that a new technique can be used to hijack a computer’s Webcam and microphone to create a malicious surveillance platform.
Let Bright Hub be the first to label this really scary version of clickjacking “Spyware 2.0.” This hacking technique sounds like something straight out of movies, where a hacker can remotely access a security camera. But in reality, this is very freighting stuff. Hackers could covertly watch and listen in on people, and it goes well beyond mere voyeurism.
So not only will a hacker be able to know where you’re surfing, but they can watch you do so. And what is very alarming is how the article describes that Flash developer Guy Aharonoysky was able to use a Javascript game with some malware code to access a user’s camera and microphone. Clickjacking is hard to defend against because it encompasses a very wide range of attack methods and further affects a multitude of software applications. These include plug-ins such as Adobe Flash, while clickjacking can take advantage of the very way that most major Web browsers are build.
For small businesses this is worrisome because the same technology that allowed greater connectivity between offices – such as making real-time meetings via video chat possible – can also be hacked. What good is a virtual meeting if you have to worry that the competition could be listening in!
In the mean time the solution, beyond unplugging the camera and microphone, might be to install NoScript and to disable the various plug-ins. As we reported previously this essentially means turning back the clock to 1995 to a much more “streamlined” Worldwide Web. If that’s not an option, maybe watch what you do in front of the Webcam!