Fraunhofer warns Adobe Flash can be used as PC spying tool
The popular program Adobe Flash Player can be used to take over another person’s computer and spy through their camera and microphone, researchers at Germany's Fraunhofer Institute have discovered.
According to a Wednesday report in the daily newspaper Die Tageszeitung, security researchers from the Fraunhofer Institute for Secure Information Technology in Darmstadt have shown that malevolent hackers can remotely turn almost any computer into a formidable surveillance device.
Flash is a popular program that can be downloaded free and allows computer users to watch video and animations via web pages. It is often automatically installed as an add-on program with any internet browser.
But security researchers from the Fraunhofer Institute developed a method by which the microphone and built-in camera on a computer can be switched on remotely, allowing an attacker to use the microphone as a bug and to operate the camera.
The researchers outlined their discovery in a recent presentation to the Chaos Computer Club, a Germany-based hackers’ organisation.
They described the method as a “man-in-the-middle” attack – the attacker places himself effectively between the computer’s user and the Flash software. That means the user must actually help the intruder by accepting a false encoding certificate.
Along with potential security holes, Flash can also be used by companies to track computer users. So-called Flash cookies, small packets of data, land on the hard drive and save the user’s activities. Because Flash cookies are barely noticed by the computer owner, they are almost never deleted.
Adobe plugged 32 security holes when it issued its last updates, according the newspaper report. But just two months later a further update needed to be issued when another serious problem arose: “This hole … allowed an attacker to potentially take over the system,” the firm announced.
The Local/dw
Comments
See Also
According to a Wednesday report in the daily newspaper Die Tageszeitung, security researchers from the Fraunhofer Institute for Secure Information Technology in Darmstadt have shown that malevolent hackers can remotely turn almost any computer into a formidable surveillance device.
Flash is a popular program that can be downloaded free and allows computer users to watch video and animations via web pages. It is often automatically installed as an add-on program with any internet browser.
But security researchers from the Fraunhofer Institute developed a method by which the microphone and built-in camera on a computer can be switched on remotely, allowing an attacker to use the microphone as a bug and to operate the camera.
The researchers outlined their discovery in a recent presentation to the Chaos Computer Club, a Germany-based hackers’ organisation.
They described the method as a “man-in-the-middle” attack – the attacker places himself effectively between the computer’s user and the Flash software. That means the user must actually help the intruder by accepting a false encoding certificate.
Along with potential security holes, Flash can also be used by companies to track computer users. So-called Flash cookies, small packets of data, land on the hard drive and save the user’s activities. Because Flash cookies are barely noticed by the computer owner, they are almost never deleted.
Adobe plugged 32 security holes when it issued its last updates, according the newspaper report. But just two months later a further update needed to be issued when another serious problem arose: “This hole … allowed an attacker to potentially take over the system,” the firm announced.
The Local/dw
Join the conversation in our comments section below. Share your own views and experience and if you have a question or suggestion for our journalists then email us at [email protected].
Please keep comments civil, constructive and on topic – and make sure to read our terms of use before getting involved.
Please log in here to leave a comment.