Announcement

Collapse
No announcement yet.

Can the FBI turn on the web cams of linux users?

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • #11
    This is easy if you use any blobs.
    This is completely easy doing on phones or mobile devices, because their real-time OSes (the phones run several OSes alone) are blackboxes that allow memory access to everything coming from station (and such mobile station can be bought and set up). Only exception being Freerunner.

    Comment


    • #12
      Firmware backdoor vs OS backdoor thoughts

      Originally posted by RealNC View Post
      I assume this is only possible if they actually have installed a backdoor on your system. You can't just "do stuff" on other peoples Linux machines remotely just like that, unless they're going in by exploiting a system vulnerability.
      On the one hand, on laptops where the camera model, chipset, and wireless model are all known in advance, a firmware backdoor to turn a camera on in reponse to a specific signal sent by wi-fi would not be too hard. On the other hand, exporting the take when the vendor-provided OS is gone would be much more difficult. They'd need something like ffmpeg to convert the raw output to H264 or some other codec, and a "firmware" blog with 2-3MB video encoder added would look awfully large for something that is supposed to contain only microcode. A possible approach to detection would be to compare the size of known firmware blobs to the predicted size of microcode to do what the firmware is publicly supposed to so.

      For a linux blob to be a bulk attack vector, it would have to be one with access to the camera and the wireless card(both devices on DMA perhaps), and be a blob likely to be used by the most common targets. Closed gaming video drivers might be rare on computers used by spies or kiddie-porn traffickers, for instance, due to their high profile as untrusted closed software and large size.

      I agree that unused webcams should always be covered, not just turned off in BIOS. This is so easy to do that when security is an issue it should be the first thing done, and it removes all questions of worrying about an arms race with opposing hackers who have access to the OEM. This is not because it is likely to be used against, you, but rather because it is so foolish not to take a five minute, costless step to take a potential issue entirely off the table. If there is a 99% chance they can't turn it on, why have to worry about the other 1%?

      Still, so few people rip out vendor provided OS's that the FBI probably would regard huge amounts of extra work and risk to extend the ability to turn webcams on to the last 1% of computers as not worth the hassle. Remember, Microsoft and Apple bend over backwards to support the cops with in-house tools, so the FBI's back door into those may be as simple as placing a covert purchase order. Google/Android may have required a little more "pursuasion" to drop malicious binaries into the phones-or maybe they just go to the Big Telcos who are actually installing Android on all those phones and tablets. If the OS comes from the vendor, undeclared binaries are trivial to drop in, nearly impossible to find until the names are known. Remember Carrier IQ in "open-source" Andriod provided by cell phone companies? Always replace the vendor-provided OS.

      If YOU install Linux, they can then forget backdoors in open-source software, too easily found and too little cooperation. Would have to be exploits one machine at a time, against machines chosen in advance, the hardest job in offensive hacking

      Comment


      • #13
        Originally posted by brosis View Post
        This is easy if you use any blobs.
        It's just as easy with pre-compiled kernel modules of otherwise open source drivers, as used by the majority of Linux distros.

        Comment


        • #14
          Maybe?

          Its possible, depending on the Linux user.

          I have my own private Linux distribution that I develop and use.

          Almost everything about it is completely different than all traditional distributions.

          Example:
          1. It doesn't use a bootloader, I use UEFI to boot my linux kernel directly.

          2. My Filesystem Directory Structure is completely custom I have "apps, sys(bin, etc, lib, include, boot, ...), users, mount, net"
          apps - Global Application Install Dir
          sys - Systems Dir contains subdirs like bin, etc, lib, include, boot, ...
          users - Users dir (basicly /home) what unique in regards is each user also has an additional apps dir for locally installed software.
          mount - It's /mount lol
          net - Is where network related applications(services) are stored like Web Servers, Ftp Servers, VOIP Servers, ...

          3. My /sys dir is read only

          4. I have my own custom built Application development Framework based on modified and re-factored versions of Poco C++ and Boost
          it resembles something like Qt5. And uses OpenGL for all rendering.

          5. I have a custom Xorg server that is stripped of everything minus whats required for GLX, applications handle input directly from the kernel.

          6. I use a custom IPC framework.

          7. And many more differences...

          The point is, that my Distro is so custom that most Linux applications don't work on it. I build my own depending on what I need. If the NSA was able to access my webcam I would know immediately as my applications will only open a port when I request them to and when the application is closed so is the port they opened, I monitor my network connections very closely.

          Comment


          • #15
            Why all this paranoia?

            Originally posted by zester View Post
            Its possible, depending on the Linux user.

            I have my own private Linux distribution that I develop and use.

            Almost everything about it is completely different than all traditional distributions.

            Example:
            1. It doesn't use a bootloader, I use UEFI to boot my linux kernel directly.

            2. My Filesystem Directory Structure is completely custom I have "apps, sys(bin, etc, lib, include, boot, ...), users, mount, net"
            apps - Global Application Install Dir
            sys - Systems Dir contains subdirs like bin, etc, lib, include, boot, ...
            users - Users dir (basicly /home) what unique in regards is each user also has an additional apps dir for locally installed software.
            mount - It's /mount lol
            net - Is where network related applications(services) are stored like Web Servers, Ftp Servers, VOIP Servers, ...

            3. My /sys dir is read only

            4. I have my own custom built Application development Framework based on modified and re-factored versions of Poco C++ and Boost
            it resembles something like Qt5. And uses OpenGL for all rendering.

            5. I have a custom Xorg server that is stripped of everything minus whats required for GLX, applications handle input directly from the kernel.

            6. I use a custom IPC framework.

            7. And many more differences...

            The point is, that my Distro is so custom that most Linux applications don't work on it. I build my own depending on what I need. If the NSA was able to access my webcam I would know immediately as my applications will only open a port when I request them to and when the application is closed so is the port they opened, I monitor my network connections very closely.

            Comment


            • #16
              Originally posted by MartinN View Post
              Why all this paranoia?
              Because all the best geniuses are.

              Comment


              • #17
                Originally posted by zester View Post
                Its possible, depending on the Linux user.

                I have my own private Linux distribution that I develop and use.

                Almost everything about it is completely different than all traditional distributions.

                Example:
                1. It doesn't use a bootloader, I use UEFI to boot my linux kernel directly.

                2. My Filesystem Directory Structure is completely custom I have "apps, sys(bin, etc, lib, include, boot, ...), users, mount, net"
                apps - Global Application Install Dir
                sys - Systems Dir contains subdirs like bin, etc, lib, include, boot, ...
                users - Users dir (basicly /home) what unique in regards is each user also has an additional apps dir for locally installed software.
                mount - It's /mount lol
                net - Is where network related applications(services) are stored like Web Servers, Ftp Servers, VOIP Servers, ...

                3. My /sys dir is read only

                4. I have my own custom built Application development Framework based on modified and re-factored versions of Poco C++ and Boost
                it resembles something like Qt5. And uses OpenGL for all rendering.

                5. I have a custom Xorg server that is stripped of everything minus whats required for GLX, applications handle input directly from the kernel.

                6. I use a custom IPC framework.

                7. And many more differences...

                The point is, that my Distro is so custom that most Linux applications don't work on it. I build my own depending on what I need. If the NSA was able to access my webcam I would know immediately as my applications will only open a port when I request them to and when the application is closed so is the port they opened, I monitor my network connections very closely.
                I just wanted to point out that I think your configuration is awesome. It took a hell of a lot of skill and experience to do all that. Your OS is running a lot closer to hardware than Steam OS is for example.

                Looks like a fantastic configuration... Now app support.... and distribute.....

                Comment


                • #18
                  Originally posted by d2kx View Post
                  Doubt the Linux drivers will have exploits, because many are written by the community. And even then, Linux users more often than not deactivate the Webcam in the BIOS because they don't use it anyway, and it doesn't even get recognised by the OS then.
                  Perhaps you should ask the BSD guys how well that worked for them lol

                  Comment


                  • #19
                    Is the computer connected to an outside network? Then yes, its quite possible.

                    Can they do it to your specific computer on a whim? That's harder to determine.

                    Comment


                    • #20
                      Originally posted by duby229 View Post
                      I just wanted to point out that I think your configuration is awesome. It took a hell of a lot of skill and experience to do all that. Your OS is running a lot closer to hardware than Steam OS is for example.

                      Looks like a fantastic configuration... Now app support.... and distribute.....
                      Thank you very much If your interested you can join the discussion over at, http://steamcommunity.com/app/221410...4396111237582/

                      Comment

                      Working...
                      X