fbpx

Access Target’s Webcam, Microphone, Device location, and more

Cybercriminals and black hat hackers exploit system vulnerabilities and human weaknesses as well. This hacking tutorial discusses how a malicious actor can access any mobile or computer camera, microphone, physical location, and device information by just sending a URL along with some basic social engineering techniques.

Throughout this tutorial, we will glance at How Hackers Access Target WebCam Remotely and see what is happening on the other hand. To break into the victim’s webcam, we will utilize the tool Storm-Breaker and Kali Linux.

Recently in March 2021,

A group of hackers breached a massive trove of security-camera data collected by Silicon Valley startup Verkada Inc. gaining access to live feeds of 150,000 surveillance cameras inside hospitals, companies, police departments, prisons, and schools.

Storm-Breaker is going to assist us with a hack. With Storm-Breaker, you have.

  • Get Device Information Without Any Permissions
  • Access Location [SMARTPHONES]
  • OS Password Grabber [WIN-10]
  • Access Webcam
  • Access Microphone

Let us get rolling!

Install Storm-Breaker in Kali Linux

Clone the git repository into your Kali Linux Desktop.

git clone https://github.com/ultrasecurity/Storm-Breaker

Install Storm-Breaker in Kali Linux

Change directory to storm-breaker.

cd Storm-Breaker

 

Change directory to storm-breaker.Change the mode of the installer.sh file and execute the script. The install.sh script handles all operations related to installing and removing the application.

Chmod 777 linux-installer.sh

sudo bash linux-installer.sh

Install all the requirements for the tool using pip functionality.

python3 -m pip install -r requirments.txt

Install all the requirements for the tool using pip functionality

Give executable permission to python file.

chmod 777 Storm-Breaker.py

Give executable permission to python file

And run the setup.

sudo python3 Storm-Breaker.py

And run the setup

Access Webcam or Mobile Camera

Select option 1 and press enter.

Access Webcam or Mobile CameraSelect any templet you wish to hack. You can go for the default or mobile cam. Here I select option 2.

Access Webcam or Mobile Camera 2

At this point, wait for the tool to download Ngrok server and generate a malicious link for a victim.

Ngrok Server

Ngrok is a tunneling reverse proxy system that establishes tunnels from a public endpoint i.e., an internet, to a locally running network service. It creates a public HTTP/HTTPS URL for a website running locally in a machine.

If you want to learn more about installing your own Ngrok server, you can find here.

Ngrok Server

Transfer the malicious link to the victim’s device and wait for the victim to click on the link. Here I have emailed the link to the victim’s mobile device.

Ngrok Server

Once the victim clicks on the link, it will redirect to the fake page and will give pop-up message to allow for webcam.

victim clicks on the link

When the victim allows the webcam, nothing will happen other than the webcam clicking images every other second. But If a victim is smart enough, then from notification, he will recognize that link is using a webcam for malicious purpose.

victim clicks on the link

The webcam will take images as long as the victim will stay on that webpage. But as soon as the victim closes the webpage, the connection will break, and all the taken images save in an image folder of Storm-beaker.

victim clicks on the link

Mitigation

  • Always keep your laptop/mobile webcam close.
  • Avoid clicking on links or opening attachments from unknown sources.
  • Put the tape around your laptop webcams.
  • Always check if the webcam indicator light turns on by itself.

Should we fear hackers? Intention is at the heart of this discussion.

Kevin Mitnick

Sana Qazi
Sana Qazi is a technical writer specialized in Information Security. She enjoys writing about technology and reading multiple genres like suspense. When not writing, she can be found traveling, dinning out, watching series etc. She manages her medium blog as well.

Most Popular

What are Online Casinos doing to be as Safe and Secure as Possible?

Online casinos have continued to increase in popularity over recent years as more and more gamblers have turned to virtual options to further enhance...

Reconnaissance for Bug Bounty Hunters & Pentesters

New to the bug bounty and confused about where to start? Worry not! This reconnaissance for bug bounty hunters guides you to take the...

Access & Manage Android Phone Remotely – L3MON Tutorial

There is software available, like Metasploit, to gain remote access to any android phone. But other than that, we have the L3MON tool (A...

How to Hide Shellcode Behind Closed Port?

Every company has a variety of scanners for analyzing its network and identifying new or unknown open ports. It's unthinkable to disguise the potentially...