How Can NSA Hack Your Webcam?

This is a long-awaited post, I was thinking to post about this as soon as I watched the Snowden movie a few years ago. And today morning as I saw this about “How a hacker can access your webcam through apple safari” on Reddit, I decided it’s time to write this.

This is the scene that NSA operatives access a webcam of a powered-off laptop and watch a live stream. I will try to explain whether it’s possible if so how.

Can They Really Do That?

The short and obvious answer is YES

Now let’s see how they can do it. Here I will explain a possible one way of doing it at the electronic design level with a simple example. I hope you have some basic understanding of logic gates.

When we design a processor, first we finalize its

  • Functionality
  • Input and Outputs

Then we go to, how we can generate the desired output from inputs. That’s where logical operators are used. First, we take one functionality and try to represent it in a logical way using the Karnaugh map.

                                         https://en.wikipedia.org/wiki/Karnaugh_map#/media/File:K-map_6,8,9,10,11,12,13,14_anti-race.svg

Here this K-map has all possible outputs for 4-inputs (ABCD). With the help of K-map, we can reduce our logic complexity into a much simpler one. In K maps, 1 — Must happen, 0 — Must not, and x — dont care.

As an example, let’s think we are going to design a simple Application-specific processor for a day today simple example. Umbrella and Rain. When you need an umbrella. There are four possible causes for this.

  1. If it’s raining you MUST bring an umbrella. (1)
  2. It rains, but you can go without an umbrella. (Must not happen)(0)
  3. It’s not raining, you can bring an umbrella. (doesn’t matter)(x)
  4. It’s not raining and you do not bring an umbrella. (doesn’t matter)(x)

This processor should not let us go out without an umbrella when it’s raining. That’s our functionality.

Inputs for this processor are :

  • Rain. (R)
  • Umbrella. (U)

Let’s implement this in K-map.

K Map For Scenario

Here 0s outside boxes mean NO and 1 means Yes.

So here logical output is R.U = 1. Simply this is an AND gate, we need to have an AND gate to process these two outputs.

But the prime purpose of the K map is to reduce logic, there come don’t care conditions. They are useful to reduce logic.

Simplified K-map

With the help of don’t care conditions, we can reduce our logic into U, simply means, this processor will tell users to bring an umbrella even it’s not raining. You may think why the hell we want a processor to tell, it should tell us to bring an umbrella only when it’s raining.

Let’s see why we need this stupid logic reduction. Then comes the cost factor. If we do not use logic simplification using don’t care conditions, we would have to use an AND gate. But here we do not need any logic gate.

To implement an AND gate on a silicon wafer we want at least two transistors.

https://www.electronics-tutorials.ws/wp-content/uploads/2018/05/logic-log43.gif

removing a transistor means, a big saving for manufacture. They always go for such logic simplification using don’t care conditions.

What Is the Security Vulnerability Here?

As you can see above, our processor says YES to bring an umbrella even it’s not raining. Now, let’s bring this sample for our original content, webcam access when the PC is power off.

Rain = PC , Umbrella = Web cam

PC is power off (not raining) but bring an umbrella (turn on camera).

Blueprints of all processors designed in the USA are accessible to intelligence services, so they know or they can implement their own logic in processor design. Which led them to access whatever they want on our PC, mobile, anything.

Design is mostly done in the USA, and then for manufacturing its sent to China. And they also add their own back-doors to chips. They did it even for NSA servers.

Why This Is Dangerous

These hacks are literally untraceable for software as they run deep in the hardware level. As described above, it doesn’t even need an OS to run there. Even NSA failed to detect these with their own servers.

To trace these, you need to perform tests with expensive hardware such as logic analyzers.

This UrIoTNews article is syndicated fromDzone