Slashdot Mirror

← Back to Stories (view on slashdot.org)

Freaky Flash 6 Fishy Features

Posted by chrisd on from the what-are-they-thinking dept.

donpardo writes "I upgraded to Flash 6 last week (to patch a security hole). When I right clicked on a Flash ad at abcnews.com, and pulled down to Settings I got a tabbed dialogue box asking if I wanted to give them access to my cam and microphone. Clicking through on the tabs revealed that the microphone and the camera had already been detected and that the microphone was active. I doubt the camera or the microphone were sending information out but this still seems invasive. Here are Macromedia's statements about the mic and the camera. In addition there is a setting to ask how much information the site can store on your computer. The default value is 100K. According to the information statement "Data can be anything from your user name to your current score in an interactive game to a list of stocks in your portfolio ... The data is not public, but the privacy of this data depends on the policies of the web site where the movie is hosted."" I thought the first sentence of this submission was telling ...

2 of 284 comments (clear)

  1. Comment removed by account_deleted · · Score: 5, Interesting

    Comment removed based on user account deletion

  2. Re:What business does a player by qslack · · Score: 4, Interesting
    Well someone might want to write a flash program that allows you to upload pictures of yourself, or sound clips.

    Honestly, if you're this paranoid you should be more concerned that your OS has control of your camera and microphone, since your OS was written by Microsoft!
    You mentioned something that reminded me of a pretty interesting find of mine. I think that most webcams have remote surveillance features requested by the FBI.

    I was hacking some code to interface with one of the Logitech cams, and there was a bit in the "take picture" command that seemed to serve no purpose. I couldn't find out why it was there, since flipping it did nothing.

    As the sun set, I began to notice what it was for. With the bit ON, it would notify the user that it took a picture with the blink of an LED. With it off, it wouldn't. The dark room made this much more evident.

    Just think of the possible uses for this one. If the FBI knows your IP, they can try to infect you with a virus that snaps a mugshot of you for them. When you are registering software, the installer can get a picture of the user and compare it against the DB of previous installations with that serial number. Your boss can see what you're doing without even opening the door.

    Scary, huh? It's made me always turn my cam towards the wall when I'm not using it.
    --
    qslack.com