Page 2 of 16 FirstFirst 123412 ... LastLast
Results 11 to 20 of 160

Thread: Can the FBI turn on the web cams of linux users?

  1. #11
    Join Date
    Jan 2013
    Posts
    966

    Default

    This is easy if you use any blobs.
    This is completely easy doing on phones or mobile devices, because their real-time OSes (the phones run several OSes alone) are blackboxes that allow memory access to everything coming from station (and such mobile station can be bought and set up). Only exception being Freerunner.

  2. #12
    Join Date
    May 2013
    Posts
    477

    Default Firmware backdoor vs OS backdoor thoughts

    Quote Originally Posted by RealNC View Post
    I assume this is only possible if they actually have installed a backdoor on your system. You can't just "do stuff" on other peoples Linux machines remotely just like that, unless they're going in by exploiting a system vulnerability.
    On the one hand, on laptops where the camera model, chipset, and wireless model are all known in advance, a firmware backdoor to turn a camera on in reponse to a specific signal sent by wi-fi would not be too hard. On the other hand, exporting the take when the vendor-provided OS is gone would be much more difficult. They'd need something like ffmpeg to convert the raw output to H264 or some other codec, and a "firmware" blog with 2-3MB video encoder added would look awfully large for something that is supposed to contain only microcode. A possible approach to detection would be to compare the size of known firmware blobs to the predicted size of microcode to do what the firmware is publicly supposed to so.

    For a linux blob to be a bulk attack vector, it would have to be one with access to the camera and the wireless card(both devices on DMA perhaps), and be a blob likely to be used by the most common targets. Closed gaming video drivers might be rare on computers used by spies or kiddie-porn traffickers, for instance, due to their high profile as untrusted closed software and large size.

    I agree that unused webcams should always be covered, not just turned off in BIOS. This is so easy to do that when security is an issue it should be the first thing done, and it removes all questions of worrying about an arms race with opposing hackers who have access to the OEM. This is not because it is likely to be used against, you, but rather because it is so foolish not to take a five minute, costless step to take a potential issue entirely off the table. If there is a 99% chance they can't turn it on, why have to worry about the other 1%?

    Still, so few people rip out vendor provided OS's that the FBI probably would regard huge amounts of extra work and risk to extend the ability to turn webcams on to the last 1% of computers as not worth the hassle. Remember, Microsoft and Apple bend over backwards to support the cops with in-house tools, so the FBI's back door into those may be as simple as placing a covert purchase order. Google/Android may have required a little more "pursuasion" to drop malicious binaries into the phones-or maybe they just go to the Big Telcos who are actually installing Android on all those phones and tablets. If the OS comes from the vendor, undeclared binaries are trivial to drop in, nearly impossible to find until the names are known. Remember Carrier IQ in "open-source" Andriod provided by cell phone companies? Always replace the vendor-provided OS.

    If YOU install Linux, they can then forget backdoors in open-source software, too easily found and too little cooperation. Would have to be exploits one machine at a time, against machines chosen in advance, the hardest job in offensive hacking

  3. #13
    Join Date
    Jul 2008
    Location
    Greece
    Posts
    3,778

    Default

    Quote Originally Posted by brosis View Post
    This is easy if you use any blobs.
    It's just as easy with pre-compiled kernel modules of otherwise open source drivers, as used by the majority of Linux distros.

  4. #14
    Join Date
    Jun 2011
    Posts
    267

    Default Maybe?

    Its possible, depending on the Linux user.

    I have my own private Linux distribution that I develop and use.

    Almost everything about it is completely different than all traditional distributions.

    Example:
    1. It doesn't use a bootloader, I use UEFI to boot my linux kernel directly.

    2. My Filesystem Directory Structure is completely custom I have "apps, sys(bin, etc, lib, include, boot, ...), users, mount, net"
    apps - Global Application Install Dir
    sys - Systems Dir contains subdirs like bin, etc, lib, include, boot, ...
    users - Users dir (basicly /home) what unique in regards is each user also has an additional apps dir for locally installed software.
    mount - It's /mount lol
    net - Is where network related applications(services) are stored like Web Servers, Ftp Servers, VOIP Servers, ...

    3. My /sys dir is read only

    4. I have my own custom built Application development Framework based on modified and re-factored versions of Poco C++ and Boost
    it resembles something like Qt5. And uses OpenGL for all rendering.

    5. I have a custom Xorg server that is stripped of everything minus whats required for GLX, applications handle input directly from the kernel.

    6. I use a custom IPC framework.

    7. And many more differences...

    The point is, that my Distro is so custom that most Linux applications don't work on it. I build my own depending on what I need. If the NSA was able to access my webcam I would know immediately as my applications will only open a port when I request them to and when the application is closed so is the port they opened, I monitor my network connections very closely.

  5. #15
    Join Date
    Nov 2010
    Location
    California
    Posts
    280

    Default

    Why all this paranoia?

    Quote Originally Posted by zester View Post
    Its possible, depending on the Linux user.

    I have my own private Linux distribution that I develop and use.

    Almost everything about it is completely different than all traditional distributions.

    Example:
    1. It doesn't use a bootloader, I use UEFI to boot my linux kernel directly.

    2. My Filesystem Directory Structure is completely custom I have "apps, sys(bin, etc, lib, include, boot, ...), users, mount, net"
    apps - Global Application Install Dir
    sys - Systems Dir contains subdirs like bin, etc, lib, include, boot, ...
    users - Users dir (basicly /home) what unique in regards is each user also has an additional apps dir for locally installed software.
    mount - It's /mount lol
    net - Is where network related applications(services) are stored like Web Servers, Ftp Servers, VOIP Servers, ...

    3. My /sys dir is read only

    4. I have my own custom built Application development Framework based on modified and re-factored versions of Poco C++ and Boost
    it resembles something like Qt5. And uses OpenGL for all rendering.

    5. I have a custom Xorg server that is stripped of everything minus whats required for GLX, applications handle input directly from the kernel.

    6. I use a custom IPC framework.

    7. And many more differences...

    The point is, that my Distro is so custom that most Linux applications don't work on it. I build my own depending on what I need. If the NSA was able to access my webcam I would know immediately as my applications will only open a port when I request them to and when the application is closed so is the port they opened, I monitor my network connections very closely.

  6. #16
    Join Date
    Nov 2007
    Posts
    1,353

    Default

    Quote Originally Posted by MartinN View Post
    Why all this paranoia?
    Because all the best geniuses are.

  7. #17
    Join Date
    Nov 2007
    Posts
    1,353

    Default

    Quote Originally Posted by zester View Post
    Its possible, depending on the Linux user.

    I have my own private Linux distribution that I develop and use.

    Almost everything about it is completely different than all traditional distributions.

    Example:
    1. It doesn't use a bootloader, I use UEFI to boot my linux kernel directly.

    2. My Filesystem Directory Structure is completely custom I have "apps, sys(bin, etc, lib, include, boot, ...), users, mount, net"
    apps - Global Application Install Dir
    sys - Systems Dir contains subdirs like bin, etc, lib, include, boot, ...
    users - Users dir (basicly /home) what unique in regards is each user also has an additional apps dir for locally installed software.
    mount - It's /mount lol
    net - Is where network related applications(services) are stored like Web Servers, Ftp Servers, VOIP Servers, ...

    3. My /sys dir is read only

    4. I have my own custom built Application development Framework based on modified and re-factored versions of Poco C++ and Boost
    it resembles something like Qt5. And uses OpenGL for all rendering.

    5. I have a custom Xorg server that is stripped of everything minus whats required for GLX, applications handle input directly from the kernel.

    6. I use a custom IPC framework.

    7. And many more differences...

    The point is, that my Distro is so custom that most Linux applications don't work on it. I build my own depending on what I need. If the NSA was able to access my webcam I would know immediately as my applications will only open a port when I request them to and when the application is closed so is the port they opened, I monitor my network connections very closely.
    I just wanted to point out that I think your configuration is awesome. It took a hell of a lot of skill and experience to do all that. Your OS is running a lot closer to hardware than Steam OS is for example.

    Looks like a fantastic configuration... Now app support.... and distribute.....

  8. #18
    Join Date
    Aug 2013
    Posts
    51

    Default

    Quote Originally Posted by d2kx View Post
    Doubt the Linux drivers will have exploits, because many are written by the community. And even then, Linux users more often than not deactivate the Webcam in the BIOS because they don't use it anyway, and it doesn't even get recognised by the OS then.
    Perhaps you should ask the BSD guys how well that worked for them lol

  9. #19
    Join Date
    Jun 2012
    Posts
    336

    Default

    Is the computer connected to an outside network? Then yes, its quite possible.

    Can they do it to your specific computer on a whim? That's harder to determine.

  10. #20
    Join Date
    Jun 2011
    Posts
    267

    Default

    Quote Originally Posted by duby229 View Post
    I just wanted to point out that I think your configuration is awesome. It took a hell of a lot of skill and experience to do all that. Your OS is running a lot closer to hardware than Steam OS is for example.

    Looks like a fantastic configuration... Now app support.... and distribute.....
    Thank you very much If your interested you can join the discussion over at, http://steamcommunity.com/app/221410...4396111237582/

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •