Preventing the New Threat
Real-time eavesdropping is part of the security program
- By Mauricio Chacon
- May 01, 2014
When most people consider cybersecurity,
they think about protecting the information
that resides on their computers—sensitive
emails, folders or files. But, for the past few
years, security industry experts have recognized
that valuable information can also be
stolen in real time through web cameras,
audio headsets and microphones with Trojans, such as Spy-
Eye Trojan that has infected more than 1.4 million computers
around the world. Despite the fact that these types of hijacks
are known risks, many users of computer workstations remain
unaware of how easily malware or viruses can access employee
computers remotely.
The fact is: Vulnerabilities exist in your computer’s peripheral
equipment. In addition, hackers also can create data leakages
with keyboards, USB devices and monitors to access confidential
or sensitive information conveyed through speech or web cameras.
Once a system is infected by users opening an email or files, or
unknowingly visiting a compromised website, the hacker has full
access to connect to your system, enabling him to turn on your
camera and view or listen to you without you knowing.
While the idea of someone compromising your computer peripherals
to eavesdrop may seem remote, the tools to do so, for example
“exploit kits,” are relatively easy to get offline. This makes
hacking accessible to the average person who can break through
security software, rewrite code and access your physical environment
through computer peripherals.
The availability of exploit kits makes the threats widely accessible
to lower-skilled hackers. This is such a problem that in
settings, where confidential information is shared, some industries,
such as government, prohibit the use of resources like web
cameras or USB devices when computers are present.
Lots to Lose
What is at risk for companies and individuals who allow access
to their systems? There are many disturbing implications for this
type of real-time threat; primarily, the potential for outsiders to
eavesdrop on private environments, conversations and actions.
This can include the invasion of business spaces to access board
meeting discussions, business strategy and marketing streams, financial
planning settings and C-level conversations.
Private conversations, where computers are present and confidential
information is shared in real time, are vulnerable to risk.
CEOs make important decisions behind closed doors; product
managers draw up product roadmaps; and engineers exchange
valuable intellectual property.
In addition to the potential for outsiders to listen in, hackers
also can obtain visuals of the work environment. This can present
obvious problems for any business; for example, who wouldn’t
want to steal a picture of the newest yet unreleased iPhone? In
other words, whatever you say and do in the office and other confidential
venues becomes vulnerable to penetration by hackers.
Software Solutions: Incomplete
Initial security solutions to combat real-time eavesdropping have
all been software-driven as many antivirus (AV) companies attempt
to address SpyEye using software solutions. The problem
with software is that it doesn’t prevent hacking but instead responds
reactively to it by finding and then blocking the threat
after security has already been breached.
Software-based solutions are incomplete in that they leave victims
of these attacks unprotected—known as “zero-day risk”—
during a “vulnerability window.” This window is the gap between
the time when a threat is identified until software developers start
to create and publish a counter to that threat to block the malware.
Even after AV vendors push out a solution, there’s another
vulnerability window between how long it takes AV to push a
patch out and until the user or IT administration downloads the
updated security definitions.
Hardware Protection
Fortunately, there’s another solution that protects hackers from
gaining access to your peripherals in the first place: hardware security.
New technologies that are focused on a hardware approach
rather than a software-only approach to security are far more successful
at preventing this new, real-time form of cyber threat.
Unlike software, hardware-based security is proactive as it
completely prevents zero-day attacks by effectively closing all
vulnerability windows. You don’t have to chase down malware
signatures or deal with security updates to ensure the latest AV
profiles are downloaded.
Here are a few other ways that taking a hardware approach to
real-time eavesdropping offers proactive protection. It:
- Eliminates the need to keep up with continuous software updates
to stay secure from the latest threats;
- Helps combat morphing malware by protecting against all
types of malwares (polymorphic, oligomorphic and metamorphic);
and
- Physically isolates the invasive communication without the
need to detect the malware, know what type of malware it is
or whether it will morph into something else later.
Vulnerable Products
To truly appreciate the security advantages of hardware solutions
for securing peripherals, it’s important to understand how different types of products are vulnerable:
Audio devices. For Internet-connected computers located inside
high security zones where classified calls and meetings take
place, using audio devices may cause a security breach if not
properly protected. Such computers are often used with headphones,
speakers or microphones to enable conference calls.
These computers can be compromised by hackers to remotely
enable their microphones or headsets, using them to listen to the
surrounding environment.
KVM switches. Hackers can infect computers with malicious
code by attempting to target the KVM switch through cyber attacks
to obtain private and classified data. There are security concerns
involved with the transfer of information beyond display
signals, making data vulnerable and security a challenge. Without
proper protection to safely isolate networks and connected systems,
unintended leakage of information can occur between computers.
USB devices. When USB device access is controlled by software
running on the computer, the USB can be hacked or modified.
An unprotected USB device can infect the computer system
and network, which can be used to inject malicious software.
Web cameras. Using webcams in a secure environment may cause
a security breach if the hardware is not properly protected. Intruders
can exploit computers that are non-secure as a result of
web cameras that can view and eavesdrop on conversations without
users being aware that the camera is on and active.
Best Practices to Boost Security
By using a hardware approach, security is no longer threatened,
and computing resources become more flexible and useful to employees
and other users. As a result, organizations and individuals
who may not have previously deployed certain computing resources,
such as webcams and USB devices, can now implement
these resources, knowing they are much more secure.
Below are 5 best practices to help prevent real-time eavesdropping
and boost security.
- Choose hardware solutions over software. It’s surprisingly
easy for hackers to access computer peripherals to view what users
are doing or hear what they’re saying. The only way to prevent
this threat is with a secure hardware solution. While AV software
solutions can only respond reactively in the wake of a security
breach, hardware provides proactive security by eliminating the
zero-day risk that can occur during vulnerability windows.
- Protect video vulnerabilities. Use a secure webcam adapter
whenever web cameras are used in boardrooms, offices and other
areas where sensitive conversations take place. This hardware solution
enables the secure use of web cameras in computing environments
where private or classified information is exchanged.
This adapter can provide security features: an anti-tampering
mechanism in the outside packaging; one-time, programmable,
protected firmware; and complete isolation of the USB circuit
from the computer.
- Monitor USB ports. Using software solutions to control
USB access makes computers vulnerable to being hacked or
modified. This can lead to an infected computer system and network,
which can be used to inject malicious software. A hardware
solution, such as a USB peripheral switch, allows end users to
access authorized USB peripherals on their desktops while ensuring
network security.
- Control microphones and headsets. Hackers can compromise
audio devices by using microphones or headsets on computers
to remotely listen to the surrounding environment. An effective
hardware solution is to employ an audio/microphone switch
that offers centralized control over audio ports, reducing the risk
of audio signal interception.
- Use KVM to isolate data from multiple networks to reinforce
workstation security. To achieve true data path isolation, a KVM
switch must be purposefully engineered to completely isolate each
data path connection in the switch. The most effective means to
mitigate any data leakage from the computer to and from the network
is a hardware solution that ensures all data coming into and
out of the KVM switch is completely isolated whenever the operator
switches from one secure network to the next.
Because so many vulnerabilities exist in your computer’s peripheral
equipment and with security breaches through real-time
eavesdropping on the rise, it’s vital to protect your private environments,
conversations and activities. The proactive strategy of
using hardware-based security is the only way to reliably prevent
hackers from ever gaining access to your confidential data in the
first place—whether it’s the data on your computer or the valuable
information exchange during real-time business discussions
and activities.
This article originally appeared in the May 2014 issue of Security Today.