can anyone hack our video chat calls ?

I

ISHROCZ_14

Adept
so now a days there are various ways through which we can chat .. skype .. gmail .. yahoo .. facebook etc etc ..

today at college a friend of mine was discussing about video calls being hacked .. he said a few days ago while he was chatting with his sister he suspected something and suddenly the video turned dark .. he said someone had hacked his web cam and so he immediately unpugged his lan wire.

i dont know a bit about this .. is it possible to hack webcam .. ?? or hack yahoo skype or gmail and see live video chats of any users ??

i chat with numerous friends but i never gave a thought about this !!

if yes what steps should we take to make the chats safe ?

ps : im complete noob in this
<
 
I can do this if somehow I get my application copied to your system(and so does some one else), now to copy it to your system one can try several old school techniques, pen drive with auto start, sending it hidden in a mail attachment etc etc. But that is not what you are looking for I guess.

About intercepting it between source and target; I doubt it can be done easily as the transmission should be encrypted. .

I google it and reached hereFrom http://news.cnet.com...9962106-38.html, as per this link

AOL Instant Messenger, Google Talk, IBM's Lotus Sametime, and Skype do.​

Also worth noticing is Google response:

[font=Helvetica, Arial, sans-serif]Our Web client sends messages in plain text, but users can opt in to HTTPS if they want encryption (I guess it is https bydefault now days)[/font]

[font=Helvetica, Arial, sans-serif]Now this is an old article so things might have improved till now. But here you go.[/font]

[font=Helvetica, Arial, sans-serif]P.S.: on a lighter no[/font]te, are you worried about being caught while watching video %^&*...
tongu23e.gif
 
Yes! It is possible. There are numerous ways to accomplish this task. One can place a hidden script inside your OS & recieve all your chat/mail/internt -system logs...etc., or use a packet sniffer & snoop onto the packets transmitted from your NIC card . If your chat session is encrypted, then it takes a huge effort (esp., computing power to brute force the decryption keys) to decrypt the msg. There's a recent case of a MAJOR RDP Vulnerability in Windows, the source code has been released onto the internet and any True Hacker worth his salt, can write a exploit with this source code and can hack into any unpatched Windows OS.........Sweet News to all Hackers out there. :)

On the other hand to secure your system - Install an Anti-Virus. Update Windows & Anti-Virus frequently. Enable the windows/antivirus Firewall and apply the default rule -i.e., block all incoming/outgoing connections(you can later change the rule based on your requirements). Disable all unwanted Services (through Services.msc). Use the task manager, to check all running/open processes, If any suspicious processes are found, disable it. Don't Use torrents/Cracks for applications - coz, mostly contain hidden trojans/spywares.

Hope this helps.
 
i use torrents almost daily but still i update my nod32 frequently and scan my pc ..

#adi_vastava .. when my friend was telling this my 1st reaction was
<
.. if they can hack skype and make videos why i havent seen videos of #%%&^&# through skype
<
 
When you use a Torrent, first you've to create an exception rule in the Firewall (windows/antivirus), that will be automatically done when you install the torrent client. Which effectively means, Granting a full un-hindered access for that particular torrent port. So whatever happens through that port, your antivirus just simply ignores it, In other words a hacker can penetrate into your PC and download the entire content of your Hardisk, without you even knowing it.
 
harryoxford said:
When you use a Torrent, first you've to create an exception rule in the Firewall (windows/antivirus), that will be automatically done when you install the torrent client. Which effectively means, Granting a full un-hindered access for that particular torrent port. So whatever happens through that port, your antivirus just simply ignores it, In other words a hacker can penetrate into your PC and download the entire content of your Hardisk, without you even knowing it.
Click to expand...

but its on RANOMIZE PORT on start !!!
 
harryoxford said:
When you use a Torrent, first you've to create an exception rule in the Firewall (windows/antivirus), that will be automatically done when you install the torrent client. Which effectively means, Granting a full un-hindered access for that particular torrent port. So whatever happens through that port, your antivirus just simply ignores it, In other words a hacker can penetrate into your PC and download the entire content of your Hardisk, without you even knowing it.
Click to expand...

what if he has a slow internet connection like 1Mbps and the bandwidth is fully utilized by the torrent client? how can anyone download entire hdd on a 1Mbps line without anyone knowing it?

it'll take years to do that since upload speed will be just 512Kb
<
 
there's thing called FUD, it won't be detected by antiviruses and will inject itself to your default browser so your firewall tells you chrome wants to connect to internet; accept/deny obviously you'll select accept and :">

however hackers don't care to crack someone's pc just for checking video calls/logging. the people who might do these things are script kiddies or someone whom you know (and that someone who wants to know what you do)
 
harryoxford said:
When you use a Torrent, first you've to create an exception rule in the Firewall (windows/antivirus), that will be automatically done when you install the torrent client. Which effectively means, Granting a full un-hindered access for that particular torrent port. So whatever happens through that port, your antivirus just simply ignores it,
Click to expand...

You do understand that opening a port simply means that it can send and receive data on that port. Just because the port has full access does not means that it can do anything.

An AV is least bothered about ports in general and concentrate files et al. So you opened a port; got a file data; torrent has saved a file at some disk location. A typical AV will intercept this call right here at the write operation. Now later when you'll execute/launch that file; AV will intercept it again; match the signature, etc etc and will declare it safe/unsafe accordingly. And so does a proper firewall.

>>In other words a hacker can penetrate into your PC and download the entire content of your Hardisk, without you even knowing it.

So no, this is not correct technically, you can have a malicious file in your computer if you are downloading it from a torrent; which when executed; will try to do some activity. Now if your computer is patched, your AV file is updated and you are running under-privileged; There is very little it can do. I am not saying its not possible; but just opening a port does not implies that system is screwed.

I hope it adds to OP and not OT.
 
adi_vastava said:
You do understand that opening a port simply means that it can send and receive data on that port. Just because the port has full access does not means that it can do anything.

An AV is least bothered about ports in general and concentrate files et al. So you opened a port; got a file data; torrent has saved a file at some disk location. A typical AV will intercept this call right here at the write operation. Now later when you'll execute/launch that file; AV will intercept it again; match the signature, etc etc and will declare it safe/unsafe accordingly. And so does a proper firewall.
Click to expand...

Agreed! that opening a port is for Send/Receive data on that particular port. But If you think that one cannot do anything through an Open Port, then I beg to differ. Any Open Port in a system is an Open invitation to a Hacker. Until and unless you do Hardening & create specific rules for allowing specific traffic through the Open Port, your system is vulnerable. I do also agree that the AV just does Signature/pattern matching. But the AV does not monitor the traffic which pass through the Open Port.

adi_vastava said:
>>In other words a hacker can penetrate into your PC and download the entire content of your Hardisk, without you even knowing it.

So no, this is not correct technically, you can have a malicious file in your computer if you are downloading it from a torrent; which when executed; will try to do some activity. Now if your computer is patched, your AV file is updated and you are running under-privileged; There is very little it can do. I am not saying its not possible; but just opening a port does not implies that system is screwed.

I hope it adds to OP and not OT.
Click to expand...

I beg to differ on this one too. Irrespective of whether you've a torrent or not; If you just've an Open port with no restrictions on the kind of traffic/protocols and Host/destination to be allowed through the port , then a Hacker can do anything with your PC- Not just download the data from your HDD. But, to be frank.....most of the hackers never download any Private data from normal individuals. Their targets would be high-profile org/individuals, who've protected their network with numerous layers of firewall/IPS/Honeypots....etc. The most common objective for a hacker to break into an ordinary individual's PC is for the BOTNET.
 
>>[font=helvetica, arial, sans-serif] But If you think that one cannot do anything through an Open Port, then I beg to differ.[/font]

^^ Will you mind giving a non-theory answer. Like instead of saying that it can be done; can you please give some link on how it can be done. Or a technical perspective.

A port is just an entry to the system; with which you can send a pay load to the system; you still need a trigger to indicate that payload to execute. All those trozen that does it; they open a backdoor entry to system (when they execute in the system, either by user ignorance or by zeroday). Later you can send specific information to them and they'll respond accordingly.

What I am trying to say is that yeah an open port is an entry to system; but without some thing with in a system; you can not do things. So no just an open port will not be sufficient.

Do you code by any chance (in any OS, but not web)? As otherwise we'll be looking at things from two different perspective.
 
Back
Top