October 10th 2008 | Jens C Brynildsen
Hijacking webcams have never been this fun - but how could you make someone allow access to their webcam without the user knowing? Check the Camera Clickjacking game and discover yet another clever Flash trick used by hackers.
Using a clever combination of iFrame overlays and a Flash game, Guy Aharonovsky made a simple game that exploited research by Jeremiah Grossman, chief technology officer of White Hat Security, and SecTheory chief executive Robert Hansen. The security problem was instantly patched by Adobe, so you can no longer see the exploit yourself, but Guy has recorded a video that shows how the hijacking could be done.
Apparently, there is also other tricks you can pull off using similar techniques and Adobe is working on a fix for this. From the looks of the last months exploits, it may look like the Flash Player is the hackers favorite target and the reason is simple. With a distribution of more than 90%, a successful expoit will work across more machines than you could by for instance exploiting a browser weakness.
The Ying and Yang of Flash