Cautionary tales: Teen beauty queen and baby spied on via hacked cameras

People who believe hijacking a webcam is mostly a tinfoil-hat theory should listen to the recently crowned Miss Teen USA. About four months ago, when California’s Cassidy Wolf “was just a normal girl in high school,” Facebook notified her that someone tried to “log into her account from another state.” The now 19-year-old beauty queen told Today:

She then received an anonymous e-mail from a stranger saying he was in possession of photos of her that were taken in her bedroom via the webcam on her computer after it was hacked. The person tried to extort her in return for ensuring the photos were not made public. She cannot divulge all the specific details because the incident is now under federal investigation.

“I wasn’t aware that somebody was watching me (on my webcam),” she said. “The light (on the camera) didn’t even go on, so I had no idea.”

She intends to utilize her platform as Miss Teen USA to educate people about cybercrime and potentially help prevent others from being victimized too. It is a much-needed awareness campaign, considering that a study last year found one in two Americans are clueless about webcam hacking. WhiteHat Security’s Jeremiah Grossman has also tried to raise awareness about the danger of clickjacking, which can be used to exploit vulnerabilities such as in Adobe Flash to take over a webcam.

The new Miss Teen USA’s “tips for protection against hackers include changing passwords frequently and making them unique by using symbols and different characters, deleting cookies and browsing history regularly, and putting a sticker over the computer’s webcam when you’re not using it.”

Hacked wireless security camera used to spy on baby

It’s not just beauty queens, but also babies who have become victims of remote voyeurs. After a hacker hijacked a wireless IP camera being used as a baby monitor by a Texas family, he spied on and yelled obscenities at a two-year-old in her crib. When her parents came into the room, the hacker remotely focused the camera on them and then cursed at them as well.

Back in April, I covered a Hack in the Box presentation that demonstrated how to turn your wireless IP surveillance camera against you. Before that, we looked at how unpatched firmware in TRENDnet IP cameras allow voyeurs to spy in real-time into homes and offices. A full year after the company released firmware to patch the flaw, the vulnerability was still providing a Peeping Tom paradise for armchair surfers.

Microsoft: Xbox One will function without plugging in Kinect

Initially, when Microsoft said the Xbox One had to be plugged into Kinect to function, it sparked similar worries about being spied on in the privacy of our homes. But after Microsoft’s Marc Whitten listed a variety of reasons you would want the Kinect always plugged in to Xbox One and hooked online, he told IGN, “That said, like online, the console will still function if Kinect isn’t plugged in, although you won’t be able to use any feature or experience that explicitly uses the sensor.” Whitten added:

“You have the ability to completely turn the sensor off in your settings. When in this mode, the sensor is not collecting any information. Any functionality that relies on voice, video, gesture or more won’t work. We still support using it for IR blasting in this mode. You can turn the sensor back on at any time through settings, and if you enter into a required Kinect experience (like Kinect Sports Rivals for instance), you’ll get a message asking if you want to turn the sensor back on in order to continue.”

Like this? Here’s more posts:

• Pro-privacy folks likened to digital al-Qaida; feds want to ‘blind’ hackers
• Black Hat: Smart TVs are the ‘perfect target’ for spying on you
• Just because you’re paranoid doesn’t mean THEY aren’t out to get you
• Privacy & security nightmares: Hacking smart toilets, smart toys, smart homes
• Govt’s $2.7 million KILL IT WITH FIRE approach to malware: Destroy all hardware
• Careful Windows Phone 8 users, connect to rogue Wi-Fi & hackers can steal passwords
• Black Hat snarky tweets as NSA Chief delivered ‘Defending Freedom & Civil Liberties’ keynote
• Not cyber myths: Hacking oil rigs, water plants, industrial infrastructure
• Hijacking Office 365 and other major services via cookie re-use flaw
• Cross-platform virus spreading as Microsoft expands MAPP program
• Black Hat: It’s not ‘tricky’ for hackers to turn your phone into a SpyPhone
• USA PRISM Plus, the perfect NSA photo-sharing app for those who have nothing to hide

Follow me on Twitter @PrivacyFanatic