Due to changes in the way we communicate, microphones and webcams are now important business tools, but did you know that they can be hacked?
And, in particular, did you know that the CIA is keen to utilize this type of hack for its own surveillance activities and to corrupt recordings? This news has recently been leaked by WikiLeaks and, although it’s not surprising that the CIA use such tools, it’s a real concern as we’ve seen in the past that security agencies hacking arsenals aren’t completely secure.
How do microphones and webcams get hacked though? Well, seeing as so many organizations use them for video conferencing these days, it’s probably best that we take a quick look.
What is Dumbo?
The main objective of Dumbo is to provide a route into a monitoring capability of a PC that home security systems are not capable of detecting. Now, what’s interesting about Dumbo is that it can’t, at present, be transmitted through email; instead, for a PC to be hacked with Dumbo, the hacker would need direct access to the PC to connect a USB drive. Once this is installed and activated, it begins searching for webcams and microphones and, once identified, Dumbo can disable or mute the devices.
Dumbo also identifies any files that these devices are currently writing to and gives Dumbo the opportunity to delete or corrupt these files. With capabilities such as this, Dumbo has the potential to delete audio-visual evidence or, if necessary, create fake evidence. For all of this to take place, however, the USB drive needs to remain plugged in at all times, so this creates a situation where a hacker would need to work very quickly and be directly at the system they’re hacking.
The Dark Side of Dumbo
The CIA, of course, have certain regulations that they have to adhere to and are only working in the interests of national security, so Dumbo isn’t something that the average organization shouldn’t have to worry about. However, as we saw with the NSA hacking tools leak, anything is possible in this day and age. And just imagine what would happen if this type of malicious software fell into the wrong hands.
Not only could the security of your communications become highly compromised, but even security of your physical building could be at risk as many organizations use webcams for security monitoring. The one limitation of Dumbo is that it needs to be actively executed in-situ, so this makes it a difficult hack to pull off. However, this doesn’t mean that the hacker has to step foot in your premises. As we’ve shown in the past, hackers have several ways that they can get a USB stick into an organization and it can often be down to a curious employee finding a USB stick in a car park.
Being aware of your employees’ activities doesn’t mean that you can completely extinguish the threat of a hack – such as Dumbo – taking place, so it’s always important that you regularly monitor hardware for any unusual activity. And it doesn’t have to be a webcam or microphone, it could easily be a printer. Therefore, if a piece of hardware starts acting suspiciously, then it’s highly recommended that you isolate it from your network before investigating it.
As we get deeper into the 21st century, it would appear that the digital landscape is becoming less and less secure, but the truth is that the best way to defeat hackers is by vigilance. If you can ensure that hackers attempts are thwarted and monitored then you should find your PCs are safer than ever.
For more ways to secure and optimize your business technology, contact your local IT professionals.