Webcam interception and protection in kernel mode in Windows (partner presentation)

Thursday 3 October 12:00 - 12:30, Red room

Michael Maltsev (Reason Cybersecurity)

When we talk about digital privacy, the computer’s webcam is one of the most relevant components. We all have a tiny fear that someone might be looking through our computer’s camera, spying on us and watching our every move. And while some of us think these scenarios are restricted to the realm of the movies, malware authors and threat actors don’t shy away from incorporating such capabilities into their malware arsenal.

In this talk, we will dive into the internals of webcam-related architecture across Windows versions and look at how they evolved. We will look at how it is implemented in both user mode and kernel mode, and what are some of the existing APIs to interact with it.

We will see the different possibilities facing an attacker who wants to gain camera access, what limitations are imposed on such an attacker, some of the methods that are used to overcome these limitations, and what can be done to defend ourselves and catch the intruders. We will look at existing webcam protection solutions on the market and will demonstrate ways to bypass them. We hope that sharing this information will help others in their fight against malware.




Michael Maltsev

Michael Maltsev is a developer and researcher at Reason Cybersecurity, a leading cybersecurity company focusing on end-user protection. He is a part of the R&D team responsible for the development of the Reason Antivirus product. Michael's latest major contribution is the development of the camera protection feature. Prior to Reason Cybersecurity, Michael served as a founder and developer of Unchecky, a one-person company with the goal of preventing accidental installation of PUPs (potentially unwanted programs).

Michael has extensive experience in the field of cybersecurity and in Windows internals, and holds a B.Sc. in computer science from the Technion - Israel Institute of Technology.

   Download slides    Read paper    Watch video

Back to VB2019 Programme page

Other VB2019 papers

We need to talk - opening a discussion about ethics in infosec

Ivan Kwiatkowski (Kaspersky)

Cyber espionage in the Middle East: unravelling OSX.WindTail

Patrick Wardle (Jamf)

A study of Machete cyber espionage operations in Latin America

Veronica Valeros (Czech Technical University in Prague)
Maria Rigaki (Czech Technical University in Prague)
Kamila Babayeva (Czech Technical University in Prague)
Sebastian Garcia (Czech Technical University in Prague)

We have placed cookies on your device in order to improve the functionality of this site, as outlined in our cookies policy. However, you may delete and block all cookies from this site and your use of the site will be unaffected. By continuing to browse this site, you are agreeing to Virus Bulletin's use of data as outlined in our privacy policy.