Facebook Fixes Webcam Security Glitch, But Problem Only Gets Bigger for Rest of Internet
Today, Facebook announced that it "patched a security vulnerability that would have allowed hackers to turn on users' webcams without their knowledge and post the videos to their profiles," Bloomberg reported.
The thumb Facebook uses to plug one hole along the internet's cracked privacy dam.
According to the company, there is no evidence that the bug had ever been exploited. Two researchers at a computer-security consulting firm called XY Security found the bug in July and "reported their findings to Facebook, which paid them $2,500 in cash for the information," Bloomberg explained.
The news of this solved problem should not bring complete relief, though. Rather, Facebook's discovery highlights the emergence of a technological glitch we may be combating for a while.
According to Bloomberg, "Facebook seems to have deemed this particular bug as 'serious' because the company paid five times its usual price, the two researchers said."
Serious, obviously, because it is frightening to consider a reality where hackers can watch and film us through our open laptops. Serious, too, because this is already the reality we live in.
In September 2011, a wheel-chair bound 32-year-old named Luis Mijangos was sentenced to six years in prison for computer hacking. He had infiltrated women's computers by sending them Spyware-type links through instant messages. From there, he read their e-mails, perused their photos, and activated their webcams. Once he had explicit photos or videos, he blackmailed the women, threatening to post the images online if they did not send him more naked photos or cash. He accessed more than 100 computers.
He used Facebook to help find fresh targets.
GQ's David Kushner detailed the crime in a January feature story:
[T]hanks to social-networking sites, he always had plenty of fresh targets. "Facebook," Mijangos says, "is like gold when it comes to hackers." Once inside someone's machine, he would simply log on to her page and peruse her friends list for attractive targets. "Once you have one victim infected, it's like a chain," he says. "You pretend to be that person and you send their friends stuff. You know that they're going to believe you, they're going to trust you."
Some of the victims in the story had noticed something suspicious from the start: "the tiny light beside their webcam glowing. At first they figured it was some kind of malfunction, but when it happened repeatedly -- the light flicking on, then off -- the girls felt a chill." One of the girls put a sticker over the webcam.
It's useful public service announcement for readers: Check your webcam light.
But the bad guys tend to stay a step ahead of the public. Kushner concluded his story:
It's a good thing the FBI discovered the scam when they did, too. Mijangos told me that he'd figured out how to turn off a camera's LED, cloaking himself completely. What's more disturbing, he said he'd devised a program that could infect and control BlackBerrys and iPhones via text message. "I can see your pictures, your text messages, everything," he said.
Sitting at home, Mijangos brushes off quick fixes to hacking. Webcam tools like his are readily available online. Anyone with time and determination can put them to criminal use, infiltrating people's lives -- converting webcams to eyes, microphones to ears. "Nothing is secure," Mijangos says simply. "If we're going to hack you, we're going to hack you."
Facebook plugged an important hole, but the dam is already full of cracks.