Last week, the majority of US Windows 10 users received a big update from Microsoft nicknamed the “Anniversary Update”, primarily because it was initially released on Aug 2, approximately one year after the official launch of Microsoft’s latest operating system. Amongst a host of improvements to core features like Edge and Cortana and presumably numerous bug fixes, the update also managed to render millions of webcams inoperable. Depending on what you use your computer (and webcam) for, and even what generation you hail from, the impact of this could have been non-existant to a complete showstopper. In the ongoing videochat fight, Apple and Google just scored a TKO without even stepping into the ring.
What this means for you:
Obviously if you don’t use Windows 10 and a webcam, feel free to point and laugh or shake your head in sympathy. What might make this very aggravating for the average Windows 10 user is that they may not even know their computer was updated last week. All they know is their Skype or favorite videochat app is now locking up after a minute with no visible explanation. Even more exasperating is Microsoft’s new rollback policy for Windows 10. Previous versions of Windows allowed the user to uninstall any MS update applied to their system at any time. Now, with Windows 10, you have ten days to rollback your OS to a previous version, otherwise you are just out of luck. In the grand scheme of things, ten days is a very short time to figure out the root cause of an obscure problem like this, so you can imagine that many folks are discovering the root cause of this problem too late to easily solve it.
Though Microsoft has finally acknowledged the problem (WARNING: technical jargon galore!), a patch is unlikely to be released until September. Until that day arrives, the only fix is to rollback the Anniversary update (if you catch it within 10 days) or manually edit your computer’s registry. Buying another webcam won’t necessarily fix this problem unless you know for a fact it can process video through a codec known as YUY2, as Microsoft intentionally removed support for the more common MJPEG and H.264 protocols. According to them, these two older codecs have significant performance issues and support was removed to improve Windows 10. So now instead of degrading performance, your webcam will have zero impact on your computers performance. Working as intended?
You’ve seen it in movies and television probably dozens of times: video surveillance systems being hacked into by both heroes and villains and being fooled into showing looped footage allowing said hero/villain to proceed undetected. This time around, life is imitating art as a security researcher demonstrated at the Black Hat security conference held this past weekend. In his presentation, dubbed “Exploiting Surveillance Cameras Like a Hollywood Hacker”, former NSA worker Craig Heffner demonstrated how he was able to research and exploit readily available internet-enabled video cameras commonly used for security surveillance in homes and businesses around the world. Given the well-honed skeptical nature of Black Hat attendees, Mr. Heffner provided a live demonstration wherein he focused a compromised camera on a bottle placed on stage. While the audience watched via the security console, Heffner hacked the camera to display a spoofed image of the bottle (the “Hollywood” part), and then proceeded to “steal” the bottle while the security camera continued to display an unmolested bottle.
What this means for you:
Unfortunately, Heffner was able to exploit cameras from many manufacturers primarily because the device firmwares contained hard-wired passwords and other backdoor mechanisms. Thanks to the internet, Heffner was able to download copies of many camera firmwares and research the vulnerabilities without even owning the actual device. Heffner contends that he has yet to come across a model of internet security camera that he cannot hack, primarily because the manufacturers have been careless in removing the backdoors and weakness, and that the basic operating system varied in only minor ways from model to model. If you are actively using any of the cameras listed in Heffner’s presentation, you may want to consider disconnecting them from the network (which essentially defeats the “Internet-enabled” part), or disabling them completely until the manufacturers patch the obvious security weaknesses.
Image courtesy of Renjith Krishnan / FreeDigitalPhotos.net