Cybercriminals and black hat hackers exploit system vulnerabilities and human weaknesses as well. This hacking tutorial discusses how a malicious actor can access any mobile or computer camera, microphone, physical location, and device information by just sending a URL along with some basic social engineering techniques.
Throughout this tutorial, we will glance at How Hackers Access Target WebCam Remotely and see what is happening on the other hand. To break into the victim’s webcam, we will utilize the tool Storm-Breaker and Kali Linux.
Recently in March 2021,
A group of hackers breached a massive trove of security-camera data collected by Silicon Valley startup Verkada Inc. gaining access to live feeds of 150,000 surveillance cameras inside hospitals, companies, police departments, prisons, and schools.
Storm-Breaker is going to assist us with a hack. With Storm-Breaker, you have.
- Get Device Information Without Any Permissions
- Access Location [SMARTPHONES]
- OS Password Grabber [WIN-10]
- Access Webcam
- Access Microphone
Let us get rolling!
Table of Contents
Install Storm-Breaker in Kali Linux
Clone the git repository into your Kali Linux Desktop.
git clone https://github.com/ultrasecurity/Storm-Breaker
Change directory to storm-breaker.
cd Storm-Breaker
Change the mode of the installer.sh file and execute the script. The install.sh script handles all operations related to installing and removing the application.
Chmod 777 linux-installer.sh
sudo bash linux-installer.sh
Install all the requirements for the tool using pip functionality.
python3 -m pip install -r requirments.txt
Give executable permission to python file.
chmod 777 Storm-Breaker.py
And run the setup.
sudo python3 Storm-Breaker.py
Access Webcam or Mobile Camera
Select option 1 and press enter.
Select any templet you wish to hack. You can go for the default or mobile cam. Here I select option 2.
At this point, wait for the tool to download Ngrok server and generate a malicious link for a victim.
Ngrok Server
Ngrok is a tunneling reverse proxy system that establishes tunnels from a public endpoint i.e., an internet, to a locally running network service. It creates a public HTTP/HTTPS URL for a website running locally in a machine.
If you want to learn more about installing your own Ngrok server, you can find here.
Transfer the malicious link to the victim’s device and wait for the victim to click on the link. Here I have emailed the link to the victim’s mobile device.
Once the victim clicks on the link, it will redirect to the fake page and will give pop-up message to allow for webcam.
When the victim allows the webcam, nothing will happen other than the webcam clicking images every other second. But If a victim is smart enough, then from notification, he will recognize that link is using a webcam for malicious purpose.
The webcam will take images as long as the victim will stay on that webpage. But as soon as the victim closes the webpage, the connection will break, and all the taken images save in an image folder of Storm-beaker.
Mitigation
- Always keep your laptop/mobile webcam close.
- Avoid clicking on links or opening attachments from unknown sources.
- Put the tape around your laptop webcams.
- Always check if the webcam indicator light turns on by itself.
Should we fear hackers? Intention is at the heart of this discussion.
Kevin Mitnick