Showcase Your Business as a Thought Leader » Publish Your Blog, Videos and Events on ALL EC » Save 25% Now
Welcome Guest | Sign In
salesforce commerce cloud

Creepy Clickjacking Bug Lets Hackers Control Webcams

By Walaika Haskins
Oct 8, 2008 4:07 PM PT

Software maker Adobe issued a security advisory Tuesday warning users of its Adobe Flash Player about a vulnerability that could expose them to so-called clickjacking attacks.

Creepy Clickjacking Bug Lets Hackers Control Webcams

Adobe has rated the issue as "critical." The vulnerability is pervasive, affecting all major browsers including Microsoft's Internet Explorer, Apple's Safari and Mozilla's Firefox.

While Adobe has not issued a patch for the bug, it has included a workaround in the advisory. The company hopes to address the vulnerability in an upcoming Flash Player update, scheduled for release by the end of October.

Adobe credits security researchers Robert Hansen of SecTheory, Jeremiah Grossman of WhiteHat Security, Eduardo Vela and Matt Mastracci of DotSpots as well as Liu Die Yu for reporting the vulnerability.

Hijacking Clicks

Clickjacking has been around for a while, according to Chris Rodriguez, an analyst at Frost & Sullivan.

"[Clickjacking] comes in many different forms. It has been greatly overlooked by the security community and the criminal community alike. Recently, researchers have demonstrated the dangers of this threat through an Adobe Flash Player vulnerability that would allow an attacker to gain control of a user's microphone and webcam," he told TechNewsWorld.

The exploited vulnerability poses a risk when an attacker is able to trick a user into unwittingly clicking on a link or dialog, according to Adobe.

Clickjacking is usually done by using invisible buttons to get a user to click on something unintentionally, Rodriguez explained.

"However, Adobe's security bulletin is in response to some really nefarious stuff that has been a hot topic lately. Someone has figured out how to use clickjacking to gain access to the user's microphone and webcam. Now that's some scary stuff," he continued.

Celebrity Vulnerabilities

The problem with this and other high-profile security flaws is that they "are quickly weaponized -- in as little as a week, or less," said Rodriguez.

"More importantly, Adobe has only provided a workaround and has not released a patch. Even when a fix is available, Adobe Flash updates are not usually a part of enterprise patch management cycles. We expect that Adobe is working around the clock to fix this problem and until then, users are at risk unless they research, understand and take the recommended measures against this threat," he added.

As Web browsers become more advanced, these types of threats will continue, according to Phil Hochmuth, a Yankee Group analyst.

"As browsers continue to take on the role of traditional desktop applications, and even desktop operating environments, the increased complexity of plug-ins and browser enhancement tools will no doubt lead to more exploitable flaws and vulnerabilities," he told TechNewsWorld.

Facebook Twitter LinkedIn Google+ RSS
salesforce commerce cloud
Would you move to a tech hub like San Francisco or Seattle if you were offered a high-paying, career-building job?
Absolutely. I already live in a tech center and I enjoy being where the action is.
No. I live in (or have lived in) a tech-forward city, and I'd rather live elsewhere.
I'd be tempted, but I'm worried about the cost of living.
I doubt it, as I don't like the reputation for decadence in those cities.
I would if I didn't have so many ties where I currently live.
Why bother? With telecommuting you can live and work anywhere.
salesforce commerce cloud
salesforce commerce cloud