Hackers Can Access Laptop Webcams - why this is neither new nor complete. In the last few days, reports have been making the rounds that #hackers can access #webcams without triggering the #LED indicator. This is quite true, but anything but new - exactly such an example as demonstrated, manipulating an LED controlled via General Purpose I/O (#GPIO) by changing the #firmware, was already demonstrated a decade ago, e.g., at 23rd USENIX Association Security Symposium 2014 (link in the comments). So whether this specific hack works depends on the design of the targeted #webcam and its integration and control including its LED indicator. The use of GPIO signal pins is common there, but some cameras also have the LED directly integrated, so that a power supply and activation of the camera always causes the LED to light up - no GPIO hacking possible. But be careful: even in this case, sophisticated hackers can avoid the LED lighting up, because it can be possible, for example, to activate the camera briefly for a #photo and switch it off again immediately before the LED lights up recognizably. If you repeat this with a suitable #frequency, you can create a (naturally somewhat choppy) “video” without the LED being visibly activated for the user. In several penetration tests in the past, this was always the goal of my great team - not just access, but #undetected #access, regardless of the camera's design. Source: https://lnkd.in/e9HnZiqX #cybersecurity #cyberattack #cyber #security #pentesting Bundeswehr Bundeswehr Wir. Dienen. Deutschland. Forschungsinstitut Cyber Defence (CODE)
Dr. Robert Koch的动态
最相关的动态
-
Hackers Can Access Laptop Webcams Without Activating LED Indicator A critical vulnerability affecting laptop webcams, specifically on ThinkPad X230 models has been recently discovered as demonstrated by the Andrey Konovalov. This vulnerability allows attackers to covertly access the webcam without triggering the LED indicator light, raising significant privacy concerns for laptop users. Konovalov’s research began with USB fuzzing experiments on his ThinkPad X230 laptop. However, besides this, the researcher observed that through careful analysis and reverse engineering, it is possible to uncover several critical issues:- The webcam’s firmware could be overwritten via USB vendor requests The LED indicator was controlled by a GPIO pin, separate from the camera sensor power A memory-mapped GPIO allowed software control of the LED Stay Connected to Sidharth Sharma, CPA, CISA, CISM, CFE, CDPSE for content related to Cyber Security. #CyberSecurity #JPMC #Technology #InfoSec #DataProtection #DataPrivacy #ThreatIntelligence #CyberThreats #NetworkSecurity #CyberDefense #SecurityAwareness #ITSecurity #SecuritySolutions #CyberResilience #DigitalSecurity #SecurityBestPractices #CyberRisk #SecurityOperations?
-
Tenured Cybersecurity, Resiliency, and Technology Risk Professional | ITGC | SOX | BCP | DR
Hackers Can Access Laptop Webcams Without Activating LED Indicator A critical vulnerability affecting laptop webcams, specifically on ThinkPad X230 models has been recently discovered as demonstrated by the Andrey Konovalov. This vulnerability allows attackers to covertly access the webcam without triggering the LED indicator light, raising significant privacy concerns for laptop users. Konovalov’s research began with USB fuzzing experiments on his ThinkPad X230 laptop. However, besides this, the researcher observed that through careful analysis and reverse engineering, it is possible to uncover several critical issues:- The webcam’s firmware could be overwritten via USB vendor requests The LED indicator was controlled by a GPIO pin, separate from the camera sensor power A memory-mapped GPIO allowed software control of the LED Stay Connected to Nishan Singh, CISA, MBA for latest cyber security information. #EXL #Exlservice #linkedin #cybersecurity #technologycontrols #infosec #informationsecurity #GenAi #linkedintopvoices #cybersecurityawareness #innovation #techindustry #VulnerabilityAssessment #ApplicationSecurity #SecureCoding #cyber #communitysupport #womenintech #technology #security #cloud #infosec #riskassessment #informationsecurity #auditmanagement #informationprotection #securityaudit #cyberrisks #cloudsecurity #trends #grc #leadership #socialmedia #digitization #education #Hacking #privacy #datasecurity #passwordmanagement #identitytheft #phishingemails #holidayseason #bankfraud #personalinformation #creditfraud
-
Latest News: Hackers Can Use HDMI Cables to Capture Your Passwords: A new cybersecurity threat has emerged where hackers exploit HDMI cables to capture sensitive information, including passwords. This method takes advantage of the way HDMI cables transmit data between devices. How It Works: The attack involves a malicious HDMI device that can intercept signals sent through the cable. This means that any data transmitted, such as keystrokes or login credentials, can be captured without the user's knowledge. Vulnerable Devices: Devices that connect via HDMI, such as laptops, gaming consoles, and TVs, are at risk. If a hacker gains physical access to these devices, they can easily implement this attack. Preventive Measures: To protect against this threat, users should be cautious about their device's physical security. Avoid leaving devices unattended in public spaces and consider using security locks. Stay Informed: Keeping up with cybersecurity news is crucial. Awareness of emerging threats can help users take proactive steps to safeguard their information. #cybersecurity #cyberthreats #cyberattack #news #hackers #cybertrust #cybersolution #safeguard
-
-
In a presentation at the POC 2024 conference, cybersecurity expert Andrey Konovalov revealed a novel method for covertly disabling the LED indicator of the ThinkPad X230’s webcam, highlighting ongoing vulnerabilities in USB-connected devices. Like many laptops, the ThinkPad X230 has a built-in webcam that connects via USB. During his presentation, Konovalov detailed his journey of curiosity-driven experimentation with USB fuzzing—a process used to discover hidden device functions by sending unexpected inputs. #noble1 TOM SHAW
-
In a presentation at the POC 2024 conference, cybersecurity expert Andrey Konovalov revealed a novel method for covertly disabling the LED indicator of the ThinkPad X230’s webcam, highlighting ongoing vulnerabilities in USB-connected devices. Like many laptops, the ThinkPad X230 has a built-in webcam that connects via USB. https://lnkd.in/d5HYG_4A
-
A critical vulnerability affecting laptop webcams, specifically on ThinkPad X230 models has been recently discovered. For daily news and analysis subscribe to the?https://lnkd.in/gZsiTT2x newsletter. #CyberSecurity #Tech #DataProtection
-
We talk about cloud and AI threats every day and forget the importance of USB memory sticks. According to a recent study by Honeywell, USB devices still pose a major threat. Last year, Mandiant observed more attacks using infected USB drives to steal data, such as the SOGU and SNOWYDRIVE malware. Honeywell's work focuses on malware found on USB devices used to transfer files in and out of industrial facilities, analyzed by their Secure Media Exchange (SMX) product. Key takeaways: ?? Cyberattackers have a strong understanding of how industrial environments operate.? ?? Many attackers are using USB devices to establish silent residency in industrial control systems. ?? Malware is increasingly targeting systems specifically used by devices in industrial facilities.? ?? Malware can cause serious issues like loss of visibility, loss of control, or system outages in OT environments. ?? 51% of malware attacks are designed for USB devices, according to 2024 data. "Continued diligence is necessary to defend against the growing USB threat," wrote Honeywell "and strong USB security controls are highly recommended. In addition, an assessment of internal operations, with a focus on document handling and file sharing, is also recommended." Read more here ?? https://lnkd.in/dZEbrHJw and get the PDF here ?? https://lnkd.in/d95P9683 #OT #USB #malware
-
-
Cybersecurity needs to be a primary concern when upgrading and replacing IoMT devices. It can inform whether the device should be replaced, or if a new device will increase your attack surface. Get the facts ?
Protecting the Past, Present and the Future with Digital Forensics, eDiscovery, Cyber Security Solutions and Managed Services
??| The Cost of Upgrading IoMT Devices Internet of Medical Things (IoMT) devices can me seen all around hospitals and are crucial in improving the patient experience. However, their importance also makes them prime targets for cyber attacks that can have devastating effects. This Asimily blog delves further into IoMT and their importance in hospital life. The blog talks about the complexities and hidden costs of upgrading IoMT devices. Whether it’s compatibility issues, compliance hurdles, or cybersecurity concerns, each upgrade comes with its own set of challenges. Read more here: https://lnkd.in/eS8WdrSs #Cybersecurity #Asimily #IoMT #MedicalDeviceSecurity
-
-
Universal Serial Bus (USB) drives are today's most convenient portable data storage devices. But watch out for that innocent-looking USB drive?? It can carry malware and might also be a USB killer, posing severe risks to your PC. How does a USB killer work? It delivers a high-voltage power surge to your device's USB port, which is designed to handle only 5 volts. This can permanently damage the host device's electrical system. Are you curious about the origins? The first USB killer was developed by a Russian researcher known as "Dark Purple," intended to test device resilience against power surges. However, today, cybercriminals use USB killers to intentionally damage computers. These devices, which can even be disguised as innocent items like USB ionic air purifiers, are readily available online for as low as $3. How to Protect Yourself: ? Never use unknown USB drives. ? Cover USB ports physically to prevent unauthorized use. ? Disable USB ports when not in use. Remember, the best defense is awareness and caution. Stay updated on cybersecurity practices to protect your devices from these covert attacks. #Cybersecurity #TechTips #USBKillers #DataProtection
-
Technology Leader - Cyber Security | Emerging Technologies | Solution Architecture ????
PIXHELL exploits air-gapped systems, which are those isolated from external networks, by using malware to manipulate an LCD screen's pixel patterns. These patterns generate inaudible noises that a nearby microphone can pick up. The malware then modulates the stolen data into these inaudible sound waves. Alarmingly, attackers can then demodulate this data to retrieve sensitive information. What's particularly concerning is how difficult it is to detect PIXHELL. The low-brightness or invisible pixel patterns make it nearly impossible to spot with the naked eye, and the sounds themselves are inaudible to humans. Here are some key takeaways from this article for cybersecurity professionals: * Be aware of the existence of PIXHELL and its potential to target air-gapped systems. * Implement additional security measures beyond physical isolation for sensitive systems. This could include soundproofing or regularly monitoring for unusual electromagnetic emissions. * Educate staff about the importance of cybersecurity and how to identify suspicious activity. By staying informed about the latest threats and implementing robust security protocols, we can help mitigate the risks posed by novel attacks like PIXHELL. #cybersecurity #infosec #pixhell #acousticattack #airgappedsystems https://lnkd.in/gPzZ2gd6
General Staff Officer | Scientist | Cyber Expert | Hacker (Private Account)
3 个月Presentation at USENIX Security Symposium 2014: https://www.usenix.org/conference/usenixsecurity14/technical-sessions/presentation/brocker Great paper: https://www.usenix.org/system/files/conference/usenixsecurity14/sec14-paper-brocker.pdf