Update: Adobe has fixed this issue by framebusting the Settings Manager pages. Now, 99.9% of the users are protected from this specific exploit. Congrats on the fast response. —-
Turn every browser into a surveillance zombie. The wet dream of every private eye and peeping tom. Imagine this scenario, you play a short game on the web and by doing that you unknowingly grant someone full access to your webcam and microphone.
I’ve made a live demo of it in here, this demo won’t listen or record any of your input.
If you don’t want to try it or don’t have a webcam connected, then check out the video.
When I’ve first heard about ClickJacking and how Adobe is concerned about it, I thought that the Flash Player Security Dialog must have been compromised. But the Security Dialog does a good job disabling itself when you try to mess with it’s visibility through DHTML. Unless there’s some 0-day issue with the Dialog it’s probably relatively safe.
The problem here is the Flash Player Setting Manager, this inheritance from Macromedia might be the Flash Player security Achilles heel.
I’ve written a quick and dirty Javascript game that exploit just that, and demonstrate how an attacker can get a hold of the user’s camera and microphone. This can be used, for example, with platform like ustream, justin and alike or to stream to a private server to create a malicious surveillance platform.
I’ve made it as a JS game to make it easier to understand, but, bear in mind that every Flash, Java, SilverLight, DHTML game or application can be used to achieve the same thing.
Some of the clicks are real game clicks other are jacked clicks. Every time the click is needed to be jacked the content simply move behind the iframe using z-index
I had doubts about publishing this, but, if I could have understand it so are the bad guys, so it’s better to know about it.
In this case Adobe could have just framebust the pages that holds the Settings Manager. There are two issues with frambusting in this case, it won’t solve all cases (legacy browsers for ex) and will force Adobe to rely on javascript.
Related posts:
[...] Usando el clickjackin para secuestrar una camara web. [...]
[...] related Proof Of Concept at Guya shows how using clickjacking to grant access to the webcam in flash, it not longer works. Great job [...]
[...] count. Jeremiah and I got the final word today that it was fine to start talking about this due to the click jacking PoC against Flash that was released today (watch the video for a good demonstration) that essentially spilled the beans regarding several of [...]
[...] is appropriate for the attack, if you’re into espionage and voyeurism. The first public proof of concept that I found illustrates that an attacker could remotely use your webcam and/or microphone. [...]
Click Jacking has long since been called by search engine marketers… u need a new term.
what click jacking really is is swapping in your own ads into someone elses page often by overlaying or using javascript or filtering their content
[...] where users are fooled into unknowingly performing sensitive actions on external sites. It’s been demonstrated in several videos. Although it’s similar to cross-site request forgery, it can’t be prevented using [...]
[...] Malicious camera spying using ClickJacking [...]
[...] This comes quite handy now that more dangerous usages of clickjacking are being disclosed, such as enabling your microphone or your webcam behind your back to spy you through the interwebs. [...]
Yeah I would hate for this too happen -http://www.pricelessweddings.com.au as I would be caught pants down
[...] action, please visit the blog post of Flash developer Guy Aharonovsky, where he demonstrates in a video how a user unintentionally changes his browser’s security settings while playing a JavaScript [...]
[...] is based on a new vulnerability discovered in Adobe’s Flash Software and published about on Guya.net, Rsnake’s Blog and Jerremiah Grossman’s [...]
[...] first got my attention through this article I came across at Guya.net which exemplifies how a users webcam can become comprised by utilizing clickjacking to manipulate [...]
Flip! This camera guy is crazy. Takes pics hanging off a rope strung 90 metres across a valley. http://vimeo.com/9337388
ction, please visit the blog post of Flash developer Guy Aharonovsky, where he demonstrates in a video how a user unintentionally changes his browser’s security settings while playing a JavaScript