this post was submitted on 07 Mar 2024
11 points (100.0% liked)

Cybersecurity

5752 readers
213 users here now

c/cybersecurity is a community centered on the cybersecurity and information security profession. You can come here to discuss news, post something interesting, or just chat with others.

THE RULES

Instance Rules

Community Rules

If you ask someone to hack your "friends" socials you're just going to get banned so don't do that.

Learn about hacking

Hack the Box

Try Hack Me

Pico Capture the flag

Other security-related communities [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected]

Notable mention to [email protected]

founded 1 year ago
MODERATORS
11
submitted 8 months ago* (last edited 8 months ago) by Kalcifer to c/cybersecurity
 

Cross-posted to: https://sh.itjust.works/post/15859253


From other conversations that I've read through, people usually say "Yes, because it's easy on Windows", or "Yes, because they simply don't trust the webcam". But neither of these arguments are enough for me. The former I feel is irrelevent when one is talking about Linux, and the latter is just doing something for the sake of doing it which is not exactly a rational argument.

Specifically for Linux (although, I suppose this partially also depends on the distro, and, of course, vulnerabilites in whatever software that you might be using), how vulnerable is the device to having its webcam exploited? If you trust the software that you have running on your computer, and you utilize firewalls (application layer, network layer, etc.), you should be resistant to such types of exploits, no? A parallel question would also be: How vulnerable is a Linux device if you don't take extra precautions like firewalls.

If this is the case, what makes Windows so much more vulnerable?

top 8 comments
sorted by: hot top controversial new old
[–] Grass 14 points 8 months ago

Back in the day the webcam didn't even work on Linux. I still covered it...

[–] [email protected] 7 points 8 months ago

Personally it’s just a matter of me never really using my webcam and not minding moving a little bit of electrical tape if I need to. It’s such a small inconvenience that I can’t see why not.

[–] [email protected] 6 points 8 months ago

I don't really have a good answer for you, but I mean you yourself used the word "resistant" to exploits, not impervious. Nothing is bulletproof, so if a user has any concern, rational or not, what's the harm in covering it?

Maybe your question really doesn't have to do with the webcam question, it's more about the level of trust you should or should not have in your software. And that, to me, depends largely on the individual.

[–] 9488fcea02a9 5 points 8 months ago

If my laptop ever got pwned like that, someone watching me through my webcam is literally the least of my concerns.

[–] [email protected] 3 points 8 months ago

I probably wouldn't bother. I can think of two scenarios you might get spied on.

  1. Through your browser you've granted a website access to your webcam (Zoom etc.) and left a tab open. Maybe it could activate it when you weren't expecting?
  2. Someone has used a vulnerability to take control of your computer to the degree it can access your webcam directly. Desktop linux software doesn't usually have meaningful isolation between software running as the same user, so at this point they can grab all your data, passwords, take screenshots, etc. and the webcam is just the cherry on top.

I expect most people don't do (1) very often, let alone for sketchy websites, so IMO it doesn't make much difference either way.

[–] sugar_in_your_tea 2 points 8 months ago

Most of the security benefits of desktop Linux is that it's less popular, and thus less likely to be targeted. Add to that the diversity in Linux and you're unlikely to be hit by most attacks. But security through obscurity isn't real security at all, so take that for what it's worth.

Linux also has some benefits due to security architecture, but that again depends a lot on your specific setup (which distro, which settings, etc). Most Linux distros are probably pretty resistant, but some have larger holes than others.

So I guess it comes down to what you're worried about:

  • script kiddies - you're probably fine since they'll mostly target Windows
  • state-level actors - you're definitely not okay

Personally, I don't bother, but the effort required is quite low so there's really no reason not to.

[–] [email protected] 2 points 8 months ago

If you cover too much of the webcam, you won't see the blinking light that says you've been owned.

[–] kid 0 points 8 months ago

One word for you: undies