Security researchers are reporting on a flaw that has been found in the inbuilt Flash player for Chrome.
The exploit allows a piece of code to be embedded in a seemingly innocent looking page which when clicked initiates a transparent request from the Flash Player in Chrome to gain control of your webcam/microphone without your permission. Once the code is initiated the flaw can actually be used by external agencies(hackers) to remotely control them.
While other browsers such as Firefox, Opera, and IE have been deemed safe due to the way they handle the transparent layer of the request. Chrome on Windows, OS X, Linux, and Chrome OS are all affected and have yet to be patched, with Google advising that a fix would be delivered from Adobe by the end of this week.
The flaw was reported on a Russian blog where the source code for a Proof of Concept for the Clickjacking exploit was provided. Security blogger Egor Homakov put the exploit into action in a live Proof of Concept link on his blog which you can check out.
Until the patch is issued by Google/Adobe you may just want to think about exactly what you’re doing in front of your webcam.
I’ve long kept the adhesive part of a post-it note over my webcam and mic. It’s not that I think that this sort of exploit is easy, or even that I’m all that interesting that someone would want to spy on me, but still, it’s such an easy precaution that there’s no reason not to use it.
Just found a good reason to tape over the webcam