So, I understand how general exploitation works. For instance, a stack overflow. However, I don’t understand how it’s possible to directly write to firmware within a device.
For those in the cyber security field, we know how easy it is to launch someone’s webcam on their mobile device or laptop remotely using metasploit; however, this can be taken a step further. It’s known that webcams generally turn on a light when the webcam is enabled. It’s also known that there are exploits that “rewrite” firmware to disable this feature. How is this possible, especially without physical access? Can it be done with a script?
In: Technology
Depends on the firmware already installed on the webcam, particularly whether it has a bootloader that allows for firmware updates, and then on how strong any protection measures(e.g. signature verification) are.
Though it is possible to design the hardware such that this particular issue can’t happen, by powering the image sensor from the same source that powers the “camera active” LED.
It’s also possible to break or omit the part of the firmware responsible for updating the firmware, so that you’d need physical access and a programming device to re-flash the firmware.
Latest Answers