Wall Street Journal Columnist Challenges Ethical Hacker to Test the Security of Their Laptops

It is hard to find any device such as a phone, tablet or laptop, that isn’t fitted with a camera facing the user. They are now so common, that most of the time, people forget that they are there. In the past, there have been concerns over whether hackers to obtain webcam access to spy on users. Last week, Wall Street Journalist Joanna Stern, asked the question “How secure are these tiny eyes into your private lives?”

Personal Tech Column

In Stern’s Personal Tech column, she asks Mr Heid, a certified ethical hacker and chief research and development officer at Security Scorecard to help. She stated that Mr Heid was able to “get into my Windows 10 laptops’ webcam and, from there, my entire network. He also eventually cracked my MacBook Air.”

However, when delving deeper into the article, it becomes clear that webcam access was not as straightforward as first appeared.

Access to the Computer

Further into the article, Stern states that both operating systems were able to thwart Mr Heid, and that “It took me performing some intentionally careless things for him to succeed.”

When Stern was asked to open a Word Document, Windows anti-virus software Windows Defender flagged it as potentially dangerous. When Stern went on to open the document, the anti-virus software identified it as a virus and deleted it.

Stern then went on to turn off the anti-virus, to test the effects on those computers who didn’t have anti-virus software or those where the user had turned it off. She was then able to open the document, but Microsoft Word engaged protected view, which Stern dismissed.

MacBook Air

Mr Heid was then given the task of accessing Stern’s MacBook Air. The file was in a .odt document which is an open source format. This meant that Stern had to download LibreOffice, which although she could have bought from the Apple App Store, decided to use a free version. This free version isn’t available in the store, so Stern had to disable the setting that prevents unverified apps from being installed.

Stern went on to say “Once I installed LibreOffice, I turned off its macro security setting, per the hacker’s instructions. There are scenarios where you might do this, say, for instance, because your company used a specially designed inventory spreadsheet or sales form – but for most people, it’s a bad idea.”

Although Mr Heid was able to access both machines, and then have webcam access, it was clear that the user had to do many things to make the system vulnerable. It suggests that if users are vigilant and allow the security software to do its job, then there should be little problem with unauthorised spying on a users webcam.

 

Related posts

Water Facilities Must Secure Exposed HMIs – Warns CISA

Microsoft December Patch Tuesday Arrived With 70+ Bug Fixes

NachoVPN Attack Risks Corporate VPN Clients