Take a look at our
ThinkPads.com HOME PAGE
For those who might want to contribute to the blog, start here: Editors Alley Topic
Then contact Bill with a Private Message
ThinkPads.com HOME PAGE
For those who might want to contribute to the blog, start here: Editors Alley Topic
Then contact Bill with a Private Message
Dangers of the Webcam
-
- ThinkPadder
- Posts: 1193
- Joined: Fri Mar 13, 2009 2:47 am
- Location: New Alexandria, Pennsylvania
Dangers of the Webcam
Well I finally got a new ThinkPad (New To me) ThinkPad T420, last of the standard ThinkPad keyboards and reason I got it. I could of got the T420s with a new 1 USB 3.0 port but I wanted the thicker standard T420 and you get the battery in back with optional ext battery pack. I also got it with all the loaded options you could get. Intel Core i7, Finger Print reader, CD/RW/DVD-ROM, 4GB Memory and a built in webcam.
Now this is my first ThinkPad that has a built in webcam, not counting my T20 with the old Webcam mount I sometimes use If I need too. But my worries is I was upgrading my fathers DELL Inspiron 15 from Windows 8.1 to Windows 10 and even with 8.1 The light would come on at random times when on the laptop, I'm guessing it means the camera is on if that light comes on? Windows 10 does it more often. So does that mean their are people trying to get into people's cameras just to look what's going on without the owner knowing?
As for me I always shut down my computers when not in use "I'm not their" being laptop or desktop, I never let them on 24-7.
Update about the DELL webcam: When letting it sit on the desktop, If I move the mouse and move curser on the START icon or make a noise the light comes on. I timed 2min the light stayed on. It some on if I move around too.
Now this is my first ThinkPad that has a built in webcam, not counting my T20 with the old Webcam mount I sometimes use If I need too. But my worries is I was upgrading my fathers DELL Inspiron 15 from Windows 8.1 to Windows 10 and even with 8.1 The light would come on at random times when on the laptop, I'm guessing it means the camera is on if that light comes on? Windows 10 does it more often. So does that mean their are people trying to get into people's cameras just to look what's going on without the owner knowing?
As for me I always shut down my computers when not in use "I'm not their" being laptop or desktop, I never let them on 24-7.
Update about the DELL webcam: When letting it sit on the desktop, If I move the mouse and move curser on the START icon or make a noise the light comes on. I timed 2min the light stayed on. It some on if I move around too.
IBM: 760XD,770Z,600X,240,560X,560Z,570,380Z,390X,i1200,i1400,
A22m,A22e,A30,G40,R31,R40,R50,R60,R61,R400,R500,
T20,T23,T30,T40,T43,T60,T61,T400,T400s,T500,W500,W700,
X21,X30,X41,X41T,X60,X60T,X200,X200T,X300,X120e,Z60m,Z61tT410T410sT510T420T420sT520
T430T430sT430UT530T470T470sT470pT570SL500L470L570
A22m,A22e,A30,G40,R31,R40,R50,R60,R61,R400,R500,
T20,T23,T30,T40,T43,T60,T61,T400,T400s,T500,W500,W700,
X21,X30,X41,X41T,X60,X60T,X200,X200T,X300,X120e,Z60m,Z61tT410T410sT510T420T420sT520
T430T430sT430UT530T470T470sT470pT570SL500L470L570
Re: Dangers of the Webcam
If the light is on, it is best to assume it is on. You can disable the webcam in the bios to give you better peace of mind. It should not come on after.
Current Thinkpads: W530 (functional classic keyboard mod), X301, T61, T60, T43, A31p, T23, 600X, 770
Other: mk5 Toughbook cf-19, mk1 Toughbook cf-53
Other: mk5 Toughbook cf-19, mk1 Toughbook cf-53
Re: Dangers of the Webcam
I just keep a sticky cut from a post-it or packaging tape over it. Easy to take off when I need to do a video conference.
Jane
2015 X1 Carbon, ThinkPad Slate, T410s, X301, X300, X200 Tablet, T60p, HP TouchPad, iPad Air 2, iPhone 5S, IdeaTab A2107A, Yoga 3 Pro
Bill Morrow's thinkpads.com Facebook group
I'm on Twitter
I do NOT respond to PM or e-mail requests for personal tech support.
2015 X1 Carbon, ThinkPad Slate, T410s, X301, X300, X200 Tablet, T60p, HP TouchPad, iPad Air 2, iPhone 5S, IdeaTab A2107A, Yoga 3 Pro
Bill Morrow's thinkpads.com Facebook group
I'm on Twitter
I do NOT respond to PM or e-mail requests for personal tech support.
Re: Dangers of the Webcam
As another note, if the webcam is on, then the mic is also probably listening. Disabling both would be even more secure. I have never encountered this issue under Linux, but it has happened in windows 8 and 7 a few times.
Current Thinkpads: W530 (functional classic keyboard mod), X301, T61, T60, T43, A31p, T23, 600X, 770
Other: mk5 Toughbook cf-19, mk1 Toughbook cf-53
Other: mk5 Toughbook cf-19, mk1 Toughbook cf-53
Re: Dangers of the Webcam
To be perfectly honest... Disabling them by software or even in BIOS has (probably) very little effect on stopping curious and well-equipped trespassers.brchan wrote:As another note, if the webcam is on, then the mic is also probably listening. Disabling both would be even more secure. I have never encountered this issue under Linux, but it has happened in windows 8 and 7 a few times.
I don't know what the fuzz is about though, why would you be bothered by it? Or even put something over it? Not happy with Big Brother in the room? You've got something to hide perhaps? Don't make Big Brother angry, please.
Re: Dangers of the Webcam
LOL
Never had an issue with the camera in my T410. But yes, it is possible for an attacker to remotely activate the camera and mic. That being said, why would they target you?
Never had an issue with the camera in my T410. But yes, it is possible for an attacker to remotely activate the camera and mic. That being said, why would they target you?
New:
Thinkpad T470 16GB RAM 250GB SSD LinuxMint
Old:
ThinkPad Tablet 16GB 1838-22U
IBM Thinkpad X61T, T61, T43, X41T, T60, T41P, T42, T410, X301, T430s, T450, T460
Thinkpad T470 16GB RAM 250GB SSD LinuxMint
Old:
ThinkPad Tablet 16GB 1838-22U
IBM Thinkpad X61T, T61, T43, X41T, T60, T41P, T42, T410, X301, T430s, T450, T460
Re: Dangers of the Webcam
It seems like this was just on the news not too long ago. Im sure if you search a reputable news site it will come up. A lot of creepy folks out there like to watch what people are doing via their webcam. If the light is on be aware. You never know who is watching...
Thinkpads: X1C 5th Gen (daily Driver), T430, T60, Z61, T410
Re: Dangers of the Webcam
I was hacked like that once. I made a highly critical review of a Skype appliance that automatically updated itself from somewhere in China. A couple weeks later, I heard the sounds of paper being shuffled on my desk. Except I wasn't moving any paper. I banged on the desk hoping to find a local source for the sound. Whoever was watching must have been highly amused. When I unplugged the webcam, the ghost noises stopped. The "ghost" appeared several weeks later, but for just ten seconds or so.
I searched madly for a virus, but nothing came up. Several months later, I regenned the system from scratch. But who knows? Perhaps he still takes a peek now and then. I keep the webcam pointed away from the desktop.
No trace of a virus was ever found. But I reported the issue to Microsoft, and they actually thanked me, not by automated reply. Perhaps five months later, they reconfigured Skype, dropping the peer-peer relay feature, completely centralizing at servers run by Microsoft.
I searched madly for a virus, but nothing came up. Several months later, I regenned the system from scratch. But who knows? Perhaps he still takes a peek now and then. I keep the webcam pointed away from the desktop.
No trace of a virus was ever found. But I reported the issue to Microsoft, and they actually thanked me, not by automated reply. Perhaps five months later, they reconfigured Skype, dropping the peer-peer relay feature, completely centralizing at servers run by Microsoft.
W500x3 with T9900, , T400 highnit 1280x800 with P9600, X61sx3, X61Tx3.
-
- ThinkPadder
- Posts: 1191
- Joined: Sun Nov 15, 2009 10:09 pm
- Location: Chico, California
- Contact:
Re: Dangers of the Webcam
I disable webcams wherever I can... I never use them. If I ever need a webcam, I use an external one (I have the old nice Lenovo snap one) or I use capture hardware to update imagery from a camcorder. I've completely removed my webcam from my D900F, since I tend to leave this machine on a lot.
Trying my hardest to collect Thinkpads, but college and being broke kinda gets in the way. However...
701C, 760, 770, X24, T30, G41, A31p, T43p, T60/61 Frankie, Z61p, X60 SXGA+, W700ds
MEDESSEC
and yes. I am a bit of a lunatic.
701C, 760, 770, X24, T30, G41, A31p, T43p, T60/61 Frankie, Z61p, X60 SXGA+, W700ds
MEDESSEC
and yes. I am a bit of a lunatic.
Re: Dangers of the Webcam
Wow must have been freaky. I am always weary of webcams because of things like this. Like I said earlier, you never know who is watching.precip9 wrote:I was hacked like that once. I made a highly critical review of a Skype appliance that automatically updated itself from somewhere in China. A couple weeks later, I heard the sounds of paper being shuffled on my desk. Except I wasn't moving any paper. I banged on the desk hoping to find a local source for the sound. Whoever was watching must have been highly amused. When I unplugged the webcam, the ghost noises stopped. The "ghost" appeared several weeks later, but for just ten seconds or so.
I searched madly for a virus, but nothing came up. Several months later, I regenned the system from scratch. But who knows? Perhaps he still takes a peek now and then. I keep the webcam pointed away from the desktop.
No trace of a virus was ever found. But I reported the issue to Microsoft, and they actually thanked me, not by automated reply. Perhaps five months later, they reconfigured Skype, dropping the peer-peer relay feature, completely centralizing at servers run by Microsoft.
Thinkpads: X1C 5th Gen (daily Driver), T430, T60, Z61, T410
Re: Dangers of the Webcam
It was. But what scared me is not the webcam angle, but that the hacker had been able to do it, even though I avoid risky behavior and keep the OS & antivirus up to date. Antivirus is only good against "commodity malware". A few years ago, when this happened, if someone wanted inside your machine bad enough, he would get in.teamde78 wrote:Wow must have been freaky.
The obvious way he got in is through a simple little Skype phone adapter that plugged into an ethernet port on the local network. There was no control or knowledge of how the firmware was updated. Microsoft/Skype gave their approval to this little trojan horse. What were they thinking? Even after I reported the incident, it was carried for another year or so by Amazon. Perhaps the Chinese government was involved.
I don't know if the constant stream of security packages, and improvements in Microsoft EMET, have changed this. High profile hacks are still reported, but they seem to involve human exploits.
Of all the things I would want to keep from a hacker, my image is the least of my worries. I wouldn't emphasize the webcam aspect of it. It's more a worry that some hacker makes off with things of financial importance, or enough info to steal an identity.
W500x3 with T9900, , T400 highnit 1280x800 with P9600, X61sx3, X61Tx3.
Re: Dangers of the Webcam
240, 380ED, 760C, 760CD, 760E, 760EL, 760LD, 760LD, 760XD, 760XD, A30, E520, G40, I1300, P53, R31, R40, R51, R52, R61, T20, T30, T40, T41, T42, T43, T43P, T60, T61, T400, T410, T420, T430, T460, X1C2, X30, X40, X220, X301 and on, and on, and on...
Re: Dangers of the Webcam
Hacking webcams is trivial. Scan a range of IP's, install RAT (remote attack) software on a machine. Sit back and enjoy the show. Yes, there are more than 2 steps, but I am not going to list them here. I've done this on my own equipment as an experiment, and yes it was very easy. I even did over a hotspot and hacked in throught the home firewall on my router. That firewall is so weak. I am now using a SonicWall NSA220 firewall.
The laptops in my house that have webcams and run Windows have tape over the camera. You can't hack that.
My laptops run linux and I only boot into Windows 10 for work while at client sites. At home I use linux and run ufw. I also have Eset Nod32 on both my Windows and Linux installs.
The laptops in my house that have webcams and run Windows have tape over the camera. You can't hack that.
My laptops run linux and I only boot into Windows 10 for work while at client sites. At home I use linux and run ufw. I also have Eset Nod32 on both my Windows and Linux installs.
New:
Thinkpad T470 16GB RAM 250GB SSD LinuxMint
Old:
ThinkPad Tablet 16GB 1838-22U
IBM Thinkpad X61T, T61, T43, X41T, T60, T41P, T42, T410, X301, T430s, T450, T460
Thinkpad T470 16GB RAM 250GB SSD LinuxMint
Old:
ThinkPad Tablet 16GB 1838-22U
IBM Thinkpad X61T, T61, T43, X41T, T60, T41P, T42, T410, X301, T430s, T450, T460
Re: Dangers of the Webcam
coolcat37 wrote:To be perfectly honest... Disabling them by software or even in BIOS has (probably) very little effect on stopping curious and well-equipped trespassers.brchan wrote:As another note, if the webcam is on, then the mic is also probably listening. Disabling both would be even more secure. I have never encountered this issue under Linux, but it has happened in windows 8 and 7 a few times.
I don't know what the fuzz is about though, why would you be bothered by it? Or even put something over it? Not happy with Big Brother in the room? You've got something to hide perhaps? Don't make Big Brother angry, please.
Protecting your Fourth Amendment rights doesn't mean you have something to hide.
But I forgot, you don't have any of those rights where you live.
A31p P-IV 2Ghz, 2MB, 2653-R6U
T500 T9600 2055-BE9
T510 i5 4384-DV7
T510 i7 4349-A64
T520 i7QM 4242-4UU Highly Modified
T16 i7 1260P 21BV000SUS
T500 T9600 2055-BE9
T510 i5 4384-DV7
T510 i7 4349-A64
T520 i7QM 4242-4UU Highly Modified
T16 i7 1260P 21BV000SUS
-
- Senior Member
- Posts: 852
- Joined: Sun Feb 26, 2012 2:25 am
- Location: Princeton, New Jersey
- Contact:
Re: Dangers of the Webcam
It's so weird seeing the replies in this thread. Everyone seems to fixate on the issue of having a webcam enabled, but doesn't care a single bit about actually having unauthorized RATs (remote administration tool)/trojans on the computer.
Also, you're missing the /s tag.
I highly doubt it's as simple as you make it to be. There are incidents in the news of people being blackmailed for compromising pictures taken through their own webcam, and every single one of those I've seen mention that the RAT was installed by social engineering, not by software exploit. That tells me social engineering is much easier than exploiting software vulnerabilities.Temetka wrote:Hacking webcams is trivial. Scan a range of IP's, install RAT (remote attack) software on a machine. Sit back and enjoy the show. Yes, there are more than 2 steps, but I am not going to list them here. I've done this on my own equipment as an experiment, and yes it was very easy. I even did over a hotspot and hacked in throught the home firewall on my router. That firewall is so weak. I am now using a SonicWall NSA220 firewall.
Did you still have that Skype appliance plugged into a phone by then? Because many desk phones do not disconnect the handset from the wire when on the hook, and can easily make all kinds of noises.precip9 wrote:I was hacked like that once. I made a highly critical review of a Skype appliance that automatically updated itself from somewhere in China. A couple weeks later, I heard the sounds of paper being shuffled on my desk. Except I wasn't moving any paper. I banged on the desk hoping to find a local source for the sound. Whoever was watching must have been highly amused. When I unplugged the webcam, the ghost noises stopped. The "ghost" appeared several weeks later, but for just ten seconds or so.
Disabling devices in BIOS usually turns off the USB ports connecting to those devices. For someone without physical control of the machine, they will have to either modify the BIOS setting or exploit a weakness in the embedded controller to get access to that device. Certainly not implausible, but then it's in the realm of a targeted attack by nation-state backed entities, not some random curious trespasser.coolcat37 wrote: To be perfectly honest... Disabling them by software or even in BIOS has (probably) very little effect on stopping curious and well-equipped trespassers.
I don't know what the fuzz is about though, why would you be bothered by it? Or even put something over it? Not happy with Big Brother in the room? You've got something to hide perhaps? Don't make Big Brother angry, please.
Also, you're missing the /s tag.
X60 tablet 6363-P3U, 3GB ram, 128GB SanDisk Extreme SSD, SXGA+ screen, Intel 6300
T61 Frankenpad in 15 inch T60 body, UXGA LED-lit AFFS LCD, T9300, 6GB RAM, NVidia NVS140m, Intel 6205, 128GB Crucial M4 SSD, 1TB HGST HDD + eBay caddy in Ultrabay
701c butterfly, 75MHz 486DX4, 40MB ram, 1GB CF card
T61 Frankenpad in 15 inch T60 body, UXGA LED-lit AFFS LCD, T9300, 6GB RAM, NVidia NVS140m, Intel 6205, 128GB Crucial M4 SSD, 1TB HGST HDD + eBay caddy in Ultrabay
701c butterfly, 75MHz 486DX4, 40MB ram, 1GB CF card
Re: Dangers of the Webcam
Indeed, I have none of those rights where I liveMikalE wrote:
Protecting your Fourth Amendment rights doesn't mean you have something to hide.
But I forgot, you don't have any of those rights where you live.
And yes, I drool at the very thought of one day being able to live in the US, the true bastion of freedom.
Re: Dangers of the Webcam
I was vague on purpose. But if you really want, head over to hackforums.net or bust out your copy of TOR browser and check around on the DarkWeb. If I can sit outside someones house in my car with a laptop and a Pringle's cantenna, I can perform a MITM attack, OS fingerprinting, inject a malformed ad, and install the RAT. But hey you say it's not that easy. It's easy enough for those with some skills, a vehicle, a target, and motivation. Doing it over the internet blind and random? Yeah, that is going to be difficult-ish.twistero wrote:
I highly doubt it's as simple as you make it to be. There are incidents in the news of people being blackmailed for compromising pictures taken through their own webcam, and every single one of those I've seen mention that the RAT was installed by social engineering, not by software exploit. That tells me social engineering is much easier than exploiting software vulnerabilities.
New:
Thinkpad T470 16GB RAM 250GB SSD LinuxMint
Old:
ThinkPad Tablet 16GB 1838-22U
IBM Thinkpad X61T, T61, T43, X41T, T60, T41P, T42, T410, X301, T430s, T450, T460
Thinkpad T470 16GB RAM 250GB SSD LinuxMint
Old:
ThinkPad Tablet 16GB 1838-22U
IBM Thinkpad X61T, T61, T43, X41T, T60, T41P, T42, T410, X301, T430s, T450, T460
Re: Dangers of the Webcam
Please tell me you were being sarcastic. You are aware that many countries enjoy a level of freedom equal to or greater than we in the USA enjoy. If not, please go educate yourself. As someone who values our international Thinkpad brethren it bothers me when people say ignorant things like this. Please be aware that when non-American's read stuff like that they get the impression that most American's are that way as well. Considering our national image is not that great right now the last thing we need is to be perpetuating the myth of ignorant entitled American's. What we should be doing is making sure that even by small actions we can demonstrate to the international community that not all American's are ignorant jerks.MikalE wrote: Protecting your Fourth Amendment rights doesn't mean you have something to hide.
But I forgot, you don't have any of those rights where you live.
Good day, Sir.
New:
Thinkpad T470 16GB RAM 250GB SSD LinuxMint
Old:
ThinkPad Tablet 16GB 1838-22U
IBM Thinkpad X61T, T61, T43, X41T, T60, T41P, T42, T410, X301, T430s, T450, T460
Thinkpad T470 16GB RAM 250GB SSD LinuxMint
Old:
ThinkPad Tablet 16GB 1838-22U
IBM Thinkpad X61T, T61, T43, X41T, T60, T41P, T42, T410, X301, T430s, T450, T460
Re: Dangers of the Webcam
We need a sarcasm smiley here.
I have lived in Europe for several years. I'm not another ignorant American.
I have lived in Europe for several years. I'm not another ignorant American.
A31p P-IV 2Ghz, 2MB, 2653-R6U
T500 T9600 2055-BE9
T510 i5 4384-DV7
T510 i7 4349-A64
T520 i7QM 4242-4UU Highly Modified
T16 i7 1260P 21BV000SUS
T500 T9600 2055-BE9
T510 i5 4384-DV7
T510 i7 4349-A64
T520 i7QM 4242-4UU Highly Modified
T16 i7 1260P 21BV000SUS
-
- Admin Emeritus
- Posts: 23826
- Joined: Mon Sep 18, 2006 5:17 am
- Location: Loch Garman, Éire
Re: Dangers of the Webcam
OK guys, cool it, will ya?
Re: Dangers of the Webcam
I was about to drone strike him, but ok. Only because you said cool it.
New:
Thinkpad T470 16GB RAM 250GB SSD LinuxMint
Old:
ThinkPad Tablet 16GB 1838-22U
IBM Thinkpad X61T, T61, T43, X41T, T60, T41P, T42, T410, X301, T430s, T450, T460
Thinkpad T470 16GB RAM 250GB SSD LinuxMint
Old:
ThinkPad Tablet 16GB 1838-22U
IBM Thinkpad X61T, T61, T43, X41T, T60, T41P, T42, T410, X301, T430s, T450, T460
-
- Senior Member
- Posts: 852
- Joined: Sun Feb 26, 2012 2:25 am
- Location: Princeton, New Jersey
- Contact:
Re: Dangers of the Webcam
I'm almost tempted to invite you to sit outside my residence and test my network, but on second thought the cost of actually letting you bust in would be too high. (Cost of my pride, mostly. )Temetka wrote: I was vague on purpose. But if you really want, head over to hackforums.net or bust out your copy of TOR browser and check around on the DarkWeb. If I can sit outside someones house in my car with a laptop and a Pringle's cantenna, I can perform a MITM attack, OS fingerprinting, inject a malformed ad, and install the RAT. But hey you say it's not that easy. It's easy enough for those with some skills, a vehicle, a target, and motivation. Doing it over the internet blind and random? Yeah, that is going to be difficult-ish.
Instead, could you point out the likely entry points to my network? I have:
- a mostly stock pfSense installation as NAT router
- a wireless AP running OpenWRT, with a WiFi network secured with WPA2 CCMP and 5-word diceware passphrase
- various Windows 8.1 / 10 PCs on wired and wireless connections
- various Android devices on wireless connection
I feel like I'm reasonably secure against wireless intrusion of my network, and, barring a zero-day on Firefox, drive-by malware installations. I'm curious which parts you would disagree.
X60 tablet 6363-P3U, 3GB ram, 128GB SanDisk Extreme SSD, SXGA+ screen, Intel 6300
T61 Frankenpad in 15 inch T60 body, UXGA LED-lit AFFS LCD, T9300, 6GB RAM, NVidia NVS140m, Intel 6205, 128GB Crucial M4 SSD, 1TB HGST HDD + eBay caddy in Ultrabay
701c butterfly, 75MHz 486DX4, 40MB ram, 1GB CF card
T61 Frankenpad in 15 inch T60 body, UXGA LED-lit AFFS LCD, T9300, 6GB RAM, NVidia NVS140m, Intel 6205, 128GB Crucial M4 SSD, 1TB HGST HDD + eBay caddy in Ultrabay
701c butterfly, 75MHz 486DX4, 40MB ram, 1GB CF card
Re: Dangers of the Webcam
Sure.
Your biggest hole.
Wifi.
Turn it off. Use ethernet for everything.
Otherwise I can and will sniff your packets, analyze them, and perform a MITM attack.
If you must use WIFI, setup a RADIUS server. Limit the DHCP lease time of your scope. Change your WIFI password daily. Use only strong passwords and enforce a password history of atleast 30 days. Don't run a NAS or shared folders. Run all internet traffic through a VPN and preferably, TOR. Randomize your exit nodes. Invest in a business class firewall such as the SonicWal NSA220 or better. Pay for the IDS system it offers.
As far as the webcam is concerned, most people don't use them. I don't trust my BIOS when it says my webcam is disabled. If the NSA can track my phone when it's off, then someone can activate the webcam if it's off. Put a piece of tape over it. Same with internal microphones if you don't want your voice to be recorded. Better yet, physically disable or remove them. Problem solved.
Heck, here's the easiest way to secure your PC:
1. Remove the wifi card
2. Put glue in the ethernet hole
3. Remove the Bluetooth card
4. Remove or cut the wires for the microphone and webcam
5. Stop using Windows. If you must use Windows, run it in a VM and snapshot it regularly. Use tails as your primary OS.
6. Live in a bunker
7. Fill a 50 gallon drum with concrete and powdered copper. Mix thoroughly. Put the laptop inside it.
Paranoid guide? Yes. But your computer will be 100% secure. Don't forget to put the HDD in an industrial shredder. Better yet, put the PC in a shredder.
The basic premise here is that once bits in the form of RF leave your physical control, you have no control over what happens to it. Unless of course you shield your house using TEMPEST protocols.
Back on track. If you're paranoid about getting your webcam hacked, disable it. Physically. They can't hack what isn't plugged in. Period.
Here's a decent article on some basic security:
http://www.theglobeandmail.com/technolo ... e18928710/
With regards to what you listed: Not to shabby at all. I still recommend a proper hardware firewall and a RADIUS server. And strong passwords, and changing the PW everyday. Hell change the SSID everyday too. That'll keep those evil-doers guessing.
Your biggest hole.
Wifi.
Turn it off. Use ethernet for everything.
Otherwise I can and will sniff your packets, analyze them, and perform a MITM attack.
If you must use WIFI, setup a RADIUS server. Limit the DHCP lease time of your scope. Change your WIFI password daily. Use only strong passwords and enforce a password history of atleast 30 days. Don't run a NAS or shared folders. Run all internet traffic through a VPN and preferably, TOR. Randomize your exit nodes. Invest in a business class firewall such as the SonicWal NSA220 or better. Pay for the IDS system it offers.
As far as the webcam is concerned, most people don't use them. I don't trust my BIOS when it says my webcam is disabled. If the NSA can track my phone when it's off, then someone can activate the webcam if it's off. Put a piece of tape over it. Same with internal microphones if you don't want your voice to be recorded. Better yet, physically disable or remove them. Problem solved.
Heck, here's the easiest way to secure your PC:
1. Remove the wifi card
2. Put glue in the ethernet hole
3. Remove the Bluetooth card
4. Remove or cut the wires for the microphone and webcam
5. Stop using Windows. If you must use Windows, run it in a VM and snapshot it regularly. Use tails as your primary OS.
6. Live in a bunker
7. Fill a 50 gallon drum with concrete and powdered copper. Mix thoroughly. Put the laptop inside it.
Paranoid guide? Yes. But your computer will be 100% secure. Don't forget to put the HDD in an industrial shredder. Better yet, put the PC in a shredder.
The basic premise here is that once bits in the form of RF leave your physical control, you have no control over what happens to it. Unless of course you shield your house using TEMPEST protocols.
Back on track. If you're paranoid about getting your webcam hacked, disable it. Physically. They can't hack what isn't plugged in. Period.
Here's a decent article on some basic security:
http://www.theglobeandmail.com/technolo ... e18928710/
With regards to what you listed: Not to shabby at all. I still recommend a proper hardware firewall and a RADIUS server. And strong passwords, and changing the PW everyday. Hell change the SSID everyday too. That'll keep those evil-doers guessing.
New:
Thinkpad T470 16GB RAM 250GB SSD LinuxMint
Old:
ThinkPad Tablet 16GB 1838-22U
IBM Thinkpad X61T, T61, T43, X41T, T60, T41P, T42, T410, X301, T430s, T450, T460
Thinkpad T470 16GB RAM 250GB SSD LinuxMint
Old:
ThinkPad Tablet 16GB 1838-22U
IBM Thinkpad X61T, T61, T43, X41T, T60, T41P, T42, T410, X301, T430s, T450, T460
Re: Dangers of the Webcam
You're not paranoid if they really are out to get you...
A31p P-IV 2Ghz, 2MB, 2653-R6U
T500 T9600 2055-BE9
T510 i5 4384-DV7
T510 i7 4349-A64
T520 i7QM 4242-4UU Highly Modified
T16 i7 1260P 21BV000SUS
T500 T9600 2055-BE9
T510 i5 4384-DV7
T510 i7 4349-A64
T520 i7QM 4242-4UU Highly Modified
T16 i7 1260P 21BV000SUS
-
- Senior Member
- Posts: 852
- Joined: Sun Feb 26, 2012 2:25 am
- Location: Princeton, New Jersey
- Contact:
Re: Dangers of the Webcam
OK. Let's say a medium-sized company is my adversary and try to intrude my network via WiFi.Temetka wrote:Sure.
Your biggest hole.
Wifi.
Turn it off. Use ethernet for everything.
Otherwise I can and will sniff your packets, analyze them, and perform a MITM attack.
If you must use WIFI, setup a RADIUS server. Limit the DHCP lease time of your scope. Change your WIFI password daily. Use only strong passwords and enforce a password history of atleast 30 days. Don't run a NAS or shared folders. Run all internet traffic through a VPN and preferably, TOR. Randomize your exit nodes. Invest in a business class firewall such as the SonicWal NSA220 or better. Pay for the IDS system it offers.
According to this 2011 article, 2 top-of-the-line AMD graphics cards can try 215k WPA passwords on a captured handshake. Let's assume the cracking capabilities of GPUs quadruple each year (as a reference, Moore's law observes that transistor density in ICs double approximately every 2 years, so we're being very generous here). Let's assume the adversary has 20000 GPUs at their disposal, either as in-house hardware or cloud rental from, say, Amazon EC2.
That gives my adversary 5.5E11 password guesses per second.
I generate my password using diceware, i.e. I roll 5 dice to choose a word randomly from the diceware dictionary, and repeat 5 times. I use the 5 words separated by a space as my WPA passphrase. Therefore, there are (6^5)^5 = 2.84E19 possible passphrases.
Even armed with the complete information of how I generated my password, my (very resourceful) adversary needs 2.84E19 / 5.5E11 = 5.2E7 seconds = 597 days to try every single one of the possible passwords. On average they will find the correct one in half the time, so 298 days.
Now I must admit, less than a year to crack my network is much shorter than what I expected. I've been using that passphrase for at least a year now, so I might want to change it or use this chance to implement RADIUS. Then again, I don't think I'm on the enemy list of any company yet. (And if my adversary is someone with more resources, they would probably use other, simpler methods to compromise my network. For example, the NSA probably have a handful of zero-days on pf and will simply walk through my firewall. The FBI can easily bust into my home when I'm out and access my devices physically, maybe plant bugs. Multinational corporations may hire agents with industrial espionage skills to do the same.)
You as a single person armed with aircrack and oclhashcat, on the other hand, does not stand a chance against WPA with a decent passphrase.
(After writing all that, I went for another googling, and found that modern Nvidia and AMD mainstream GPUs can do around 150k~160k hashes per second for WPA2. So I'm way too generous in my assumptions. 20000 mainstream GPUs will take more like 150 years instead of 1 year to crack my passphrase.)
X60 tablet 6363-P3U, 3GB ram, 128GB SanDisk Extreme SSD, SXGA+ screen, Intel 6300
T61 Frankenpad in 15 inch T60 body, UXGA LED-lit AFFS LCD, T9300, 6GB RAM, NVidia NVS140m, Intel 6205, 128GB Crucial M4 SSD, 1TB HGST HDD + eBay caddy in Ultrabay
701c butterfly, 75MHz 486DX4, 40MB ram, 1GB CF card
T61 Frankenpad in 15 inch T60 body, UXGA LED-lit AFFS LCD, T9300, 6GB RAM, NVidia NVS140m, Intel 6205, 128GB Crucial M4 SSD, 1TB HGST HDD + eBay caddy in Ultrabay
701c butterfly, 75MHz 486DX4, 40MB ram, 1GB CF card
Re: Dangers of the Webcam
First off, a company isn't going to hack you.
Secondly regarding cracking your ultra secure WPA security of the l33t h@xorz:
http://lmgtfy.com/?q=crack+wpa+in+5+minutes
http://lmgtfy.com/?q=wpa+flaws
Those searches return older information, as does this article on the subject:
http://arstechnica.com/security/2012/08 ... y-cracked/
That being said, I still stand by my argument that most home networks are far more vulnerable to being penetrated than people would realize. Hell a lot of routers from ISP's still ship with WPS enabled.
Your setup is probably 300% or more secure than your standard home setup. Hell it's stronger than mine and I do IS for a living. But I don't keep anything sensitive on my personal machines and neither do my family members. But on the off chance that someone does break my WPA2 setup I am going to add the following:
NSA220 Firewall a client gave me and transferred the ownership to my name
RADIUS Server on Server 2012 (Fully licensed, no pirated crap here)
3 Sonic points because I'm tired of the weak signal in a few area's of my house and I feel like being able to connect to my wifi from Carl's Jr. across the stree and because they were free also.
I'm going to enable MAC filtering even though it can be bypassed, it does add one more step to overcome
Not broadcasting SSID is pointless because the BSSID can be easily obtained so broadcast away
I'm also going to take advantage of the SSO feature of my shiny new SonicWall and implement it throughout my house. I will have to get this to add ipads, phones, etc:
http://www.sonicwall.com/products/sonic ... e-connect/
You mentioned organizations with resources and 3 letter agencies.
If those people are after you, well then son - you've clearly made some bad decisions. But one thing is clear, worrying about your WIFI security should be very low on your list of priorities at that point. Myself, I would be making sure the bug out vehicle was ready and I had plenty of ammo for my SKS, 9mm and .45.
There's also my anti-wifi hacker tool on a stick. Get a working old microwave. Gut the klystron. Attach it to a stick. Power it on and point it people and gear attempting to hack you. Problem solved.
Secondly regarding cracking your ultra secure WPA security of the l33t h@xorz:
http://lmgtfy.com/?q=crack+wpa+in+5+minutes
http://lmgtfy.com/?q=wpa+flaws
Those searches return older information, as does this article on the subject:
http://arstechnica.com/security/2012/08 ... y-cracked/
That being said, I still stand by my argument that most home networks are far more vulnerable to being penetrated than people would realize. Hell a lot of routers from ISP's still ship with WPS enabled.
Your setup is probably 300% or more secure than your standard home setup. Hell it's stronger than mine and I do IS for a living. But I don't keep anything sensitive on my personal machines and neither do my family members. But on the off chance that someone does break my WPA2 setup I am going to add the following:
NSA220 Firewall a client gave me and transferred the ownership to my name
RADIUS Server on Server 2012 (Fully licensed, no pirated crap here)
3 Sonic points because I'm tired of the weak signal in a few area's of my house and I feel like being able to connect to my wifi from Carl's Jr. across the stree and because they were free also.
I'm going to enable MAC filtering even though it can be bypassed, it does add one more step to overcome
Not broadcasting SSID is pointless because the BSSID can be easily obtained so broadcast away
I'm also going to take advantage of the SSO feature of my shiny new SonicWall and implement it throughout my house. I will have to get this to add ipads, phones, etc:
http://www.sonicwall.com/products/sonic ... e-connect/
You mentioned organizations with resources and 3 letter agencies.
If those people are after you, well then son - you've clearly made some bad decisions. But one thing is clear, worrying about your WIFI security should be very low on your list of priorities at that point. Myself, I would be making sure the bug out vehicle was ready and I had plenty of ammo for my SKS, 9mm and .45.
There's also my anti-wifi hacker tool on a stick. Get a working old microwave. Gut the klystron. Attach it to a stick. Power it on and point it people and gear attempting to hack you. Problem solved.
New:
Thinkpad T470 16GB RAM 250GB SSD LinuxMint
Old:
ThinkPad Tablet 16GB 1838-22U
IBM Thinkpad X61T, T61, T43, X41T, T60, T41P, T42, T410, X301, T430s, T450, T460
Thinkpad T470 16GB RAM 250GB SSD LinuxMint
Old:
ThinkPad Tablet 16GB 1838-22U
IBM Thinkpad X61T, T61, T43, X41T, T60, T41P, T42, T410, X301, T430s, T450, T460
-
- Posts: 1
- Joined: Thu Jun 22, 2017 7:42 am
- Location: Nairobi, Kenya
Re: Dangers of the Webcam
Interestingly, I watched Mark Zuckerberg's video a few months ago and I noticed that he had taped his webcam. I mean if the Facebook genius does not trust the webcam then it means it is always safer to put tape or a sticky note on it when not in use to avoid any issues with hacking and surveillance.
like | https://www.guidomaggi.com/us/men/boots/ | news |
then it means it is always safer to
like | https://www.guidomaggi.com/us/men/boots/ | news |
then it means it is always safer to
Last edited by aimeusdietger on Fri Apr 19, 2024 3:42 am, edited 28 times in total.
life
Re: Dangers of the Webcam
l always feel perplexed about this topic. Personally, I use exclusively Linux (Debian) on my machine, I run all the software that uses internet in jails (using firejail). The microphone is always muted and webcam disabled, unless I need them (rarely).
Don't you think that if you don't trust your machine, you shouldn't be using it at the first place? I mean, If I have no trust of my machine to the point that I have to have tape over the webcam, then I really shouldn't be using it, as I cannot trust saving my private ssh key, gpg signature and other personal data.
I do trust my setup and I feel confident and "extremely" proud of my x220 Linux laptop.
Don't you think that if you don't trust your machine, you shouldn't be using it at the first place? I mean, If I have no trust of my machine to the point that I have to have tape over the webcam, then I really shouldn't be using it, as I cannot trust saving my private ssh key, gpg signature and other personal data.
I do trust my setup and I feel confident and "extremely" proud of my x220 Linux laptop.
Re: Dangers of the Webcam
Get this webcam cover (or similar):
http://www.ebay.com/itm/3-Packs-Webcam- ... 2824995640
I just got the set of 3 for my T410, X220, T430s - and it is really nice, unobtrusive and gets the job done.
Make sure to mount them vertically, not horizontally. If you mount them horizontally, the plastic will cover the LED indicator so you will not know when the camera is on.
They make them in different colors, too, like silver:
http://www.ebay.com/itm/Hot-3-Pcs-WebCa ... 2851837273
http://www.ebay.com/itm/3-Packs-Webcam- ... 2824995640
I just got the set of 3 for my T410, X220, T430s - and it is really nice, unobtrusive and gets the job done.
Make sure to mount them vertically, not horizontally. If you mount them horizontally, the plastic will cover the LED indicator so you will not know when the camera is on.
They make them in different colors, too, like silver:
http://www.ebay.com/itm/Hot-3-Pcs-WebCa ... 2851837273
Thinkpad 25 (20K7), T490 (20N3), Yoga 14 (20FY), T430s (IPS FHD + Classic Keyboard), X220 4291-4BG
X61 7673-V2V, T60 2007-QPG, T42 2373-F7G, X32 (IPS Screen), A31p w/ Ultrabay Numpad
X61 7673-V2V, T60 2007-QPG, T42 2373-F7G, X32 (IPS Screen), A31p w/ Ultrabay Numpad
-
- Similar Topics
- Replies
- Views
- Last post
-
-
Thinkpad X220 the webcam doesn't work but the thinklight does!!
by ned91 » Sat Dec 23, 2023 12:28 pm » in ThinkPad X200/X201/X220 and X300/X301 Series - 1 Replies
- 3981 Views
-
Last post by nomad1977
Sat Dec 23, 2023 6:33 pm
-
Who is online
Users browsing this forum: No registered users and 12 guests