Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label Eavesdrop. Show all posts

Hackers can Spy on Cameras Through Walls, New Study Reveals

 

A new threat to privacy has surfaced, as scientists in the United States have discovered a technique to eavesdrop on video feeds from cameras in a variety of devices, including smartphones and home security systems. 

The EM Eye technique has the ability to take pictures through walls as well, which raises serious concerns regarding potential misuse. 

Kevin Fu, a professor of electrical and computer engineering at Northeastern University, conducted the research, which focuses on a vulnerability in the data transfer cables found in modern cameras. These connections unintentionally serve as radio antennas, emitting electromagnetic information that can be detected and decoded to provide real-time video. 

According to Tech Xplore, the threat exists because companies focus on protecting cameras' valuable digital interfaces, such as the upload channel to the cloud, while ignoring the possibility of information leaking via inadvertent channels. "They never intended for this wire to become a radio transmitter, but it is," Fu said. "If you have your lens open, even if you think you have the camera off, we're collecting." 

The EM Eye approach has been tested on 12 different kinds of cameras, including smartphones, dashcams, and home security systems. The distance required to eavesdrop varies, although it is possible to do so from as far away as 16 feet. 

The method does not require the camera to be recording, thus any device with an open lens is potentially vulnerable. Fu recommends that people use plastic lens covers as a first step in mitigating this threat, while he warns that infrared signals can still penetrate them. 

Fu believes that these discoveries serve as a wake-up call for manufacturers to fix this security hole in their designs. "If you want to have a complete cybersecurity story, yes, do the good science, but you also have to do the computer engineering and the electrical engineering if you want to protect against these kinds of eavesdropping surveillance threats," he stated. 

This research reveals a substantial and ubiquitous risk to privacy in a society where cameras are everywhere. In the words of Fu, "Basically, anywhere there's a camera, now there's a risk.”

Bugs in MediaTek Chips Impacts 37% of All Android Smartphones

 

Check Point researchers have uncovered new flaws in MediaTek system-on-chips (SoCs) which could have enabled threat actors to eavesdrop on the audio of roughly two-fifths (37%) of all smartphones and Internet of Things devices. 

Tracked as CVE-2021-0661, CVE-2021-0662, and CVE-2021-0663, the three security flaws were patched by Taiwanese microchip firm MediaTek in its October bulletin after accountable disclosure by Check Point Research. A fourth bug, CVE-2021-0673, was fixed in October and will probably be published in the December bulletin.

The Check Point team mentioned it reverse engineered one of the key parts on the chip, the audio digital signal processor (DSP), which is implemented to minimize CPU usage and enhance media output.

The report published also highlighted the process that attackers would have to go through to abuse this flaw. The vulnerability can only be exploited if a user installs a malicious app from the Google Play Store allowing hackers to exploit the flaw in MediaTek SoC-powered smartphones. Once installed, the app will leverage the MediaTek API to attack a library that has permission to communicate with the audio driver. 

After that, the malicious app with system privilege will send crafted messages to the driver to implement code in the firmware of the audio processor. This would enable remote attackers to eavesdrop on audio conversations.

MediaTek’s chip is the primary processor for “nearly every notable Android device,” which includes several Chinese manufacturers including Xiaomi, Oppo, Realme, and Vivo, in accordance with Check Point. 

“Left unpatched, a hacker potentially could have exploited the vulnerabilities to listen in on conversations of Android users. Furthermore, the security flaws could have been misused by the device manufacturers themselves to create a massive eavesdrop campaign,” warned Check Point safety researcher, Slava Makkaveev. Although we do not see any specific evidence of such misuse, we moved quickly to disclose our findings to MediaTek and Xiaomi.” 

Tiger Hsu, product security officer at MediaTek, urged all customers to replace their handsets when patches become available but were at pains to point out there’s no evidence the vulnerabilities are currently being abused. 

“Device security is a critical component and priority of all MediaTek platforms,” Hsu stated. “Regarding the audio DSP vulnerability disclosed by Check Point, we worked diligently to validate the issue and make appropriate mitigations available to all OEMs.”

The 'Interaction-Less' Flaws in Messaging Apps Allowed Hackers to Eavesdrop

 

Last week, at the Black Hat security conference in Las Vegas, Google’s Project Zero researcher, Natalie Silvanovich presented her findings of remote eavesdropping bugs in communication apps like Signal, Google Duo, and Facebook Messenger, as well as popular international platforms JioChat and Viettel Mocha. 

Natalie was concerned with the surge of bugs in the popular apps. The vulnerability in the Facebook Messenger app could have allowed hackers to listen in on audio from a victim's device. The flaws in Viettel Mocha and JioChat gave advanced access to both audio and video. The Signal flaw exposed audio only and the Google Duo flaw gave video access, but only for a few seconds. These few seconds were enough to record a few frames or grab screenshots.

In early 2019, a bug in group FaceTime calls of iPhone would have allowed threat actors to activate the microphone, and even the camera, of the iPhone they were calling and eavesdrop before the recipient did anything at all. The implications were so severe that Apple blocked the Group FaceTime feature entirely until the company patched the bug. 

“When I heard about that group Face Time bug, I thought it was a unique bug that would never occur again, but that turned out not to be true. This is something we didn’t know about before, but it’s important now for the people who make communication apps to be aware. You're making a promise to your users that you’re not going to suddenly start transmitting audio or video of them at any time, and it’s your burden to make sure that your application lives up to that,” Silvanovich explained.

Silvanovich has kept a close eye on the “interaction-less” flaws, vulnerabilities that don't require their targets to click a malicious link, download an attachment, enter a password in the wrong place, or engage in any way. 

“The idea that you could find a bug where the impact is, you can cause a call to be answered without any interaction—that's surprising. I went on a bit of a tear and tried to find these vulnerabilities in other applications. And I ended up finding quite a few,” says Silvanovich. 

The developers of messaging apps were extremely responsive about patching the flaws within days or a few weeks of her disclosures. All of the bugs have been patched, but the surge of security loopholes in messaging apps emphasizes how common these flaws can be and the need for developers to take them seriously.