Net game turns PC into undercover surveillance zombie

Underscoring the severity of a new class of vulnerability known as clickjacking, a blogger has created a proof-of-concept game that uses a PC's video cam and microphone to secretly spy on the player. The demo, which is available here, appears to be a simple game that tests how quickly a user can click on a series of moving targets. Behind the scenes, it combines a generic clickjacking attack with weaknesses in Adobe's Flash technology to record the player using the PC's video camera and microphone.

The proof of concept is a powerful demonstration of the spooky implications behind clickjacking. The vulnerability allows malicious webmasters to control the links visitors click on. Once lured to a booby-trapped page, a user may think he's clicking on a link that leads to Google - when in fact it takes him to a money transfer page, a banner ad that's part of a click-fraud scheme, or any other destination the attacker chooses.

View: The full story @ The Reg

Report a problem with article
Previous Story

Toshiba's First Fuel Cell Coming in a Few Months

Next Story

Traditional anti-virus tools now obsolete

6 Comments

Commenting is disabled on this article.

Has anybody actually gotten this to work? Although I consider the Reg to be the Weekly World News of It news sites, they at least stated that they had trouble getting it to work. Granted I don't have webcams or microphones hooked up so that may be something, but I get directed immediately to Adobe security settings for Flash. Non starter for me.

You consider the Reg to be what ??!?!??

You read all those star tabloids too when in line @ grocery store ?

HEADLINES:

BRUCE WILLIS CONFERS WITH ALIENS !!
GEORGE W. BUSH IS A GENIUS !!
MAN IS FOUND WITH A GIRAFFE PENIS !!

more utter BS from the reg.
As soon as i click it takes me to Website Privacy Settings panel, which informs me i can block the access to the cam and mic and just about everything else.

To specify privacy settings for a website, select the website in the Visited Websites list, and then change its privacy settings as desired. The following list explains the privacy options:

* If you want to specify whether to allow or deny access to your camera and microphone every time the selected website tries to use them, select Always Ask.
* If you want to allow access to your camera and microphone every time the selected website tries to use them, and you don't want to be asked again, select Always Allow.
* If you want to deny access to your camera and microphone every time the selected website tries to use them, and you don't want to be asked again, select Always Deny.

Note: To require that all websites ask your permission before using your camera or microphone, or to prevent any website from accessing your camera or microphone, use the Global Privacy Settings panel.


hmmm

The proof of concept doesn't work here. Because it goes to a security page of Adobe that asks if I want to allow the site to collect informations. This POC is real BS.

+1

I just tried this myself here. Running Firefox 3 with default settings, I get redirected to a macromedia.com (shouldn't that be adobe.com by now??) site asking me to confirm flash security settings and whatnot.