Webcam interception and protection in kernel mode in Windows (partner presentation)

Thursday 3 October 12:00 - 12:30, Red room

Michael Maltsev (Reason Cybersecurity)



When we talk about digital privacy, the computer’s webcam is one of the most relevant components. We all have a tiny fear that someone might be looking through our computer’s camera, spying on us and watching our every move. And while some of us think these scenarios are restricted to the realm of the movies, malware authors and threat actors don’t shy away from incorporating such capabilities into their malware arsenal.

In this talk, we will dive into the internals of webcam-related architecture across Windows versions and look at how they evolved. We will look at how it is implemented in both user mode and kernel mode, and what are some of the existing APIs to interact with it.

We will see the different possibilities facing an attacker who wants to gain camera access, what limitations are imposed on such an attacker, some of the methods that are used to overcome these limitations, and what can be done to defend ourselves and catch the intruders. We will look at existing webcam protection solutions on the market and will demonstrate ways to bypass them. We hope that sharing this information will help others in their fight against malware.

 

Michael-Maltsev-web.jpg

Michael Maltsev

Michael Maltsev is a developer and researcher at Reason Cybersecurity, a leading cybersecurity company focusing on end-user protection. He is a part of the R&D team responsible for the development of the Reason Antivirus product. Michael's latest major contribution is the development of the camera protection feature. Prior to Reason Cybersecurity, Michael served as a founder and developer of Unchecky, a one-person company with the goal of preventing accidental installation of PUPs (potentially unwanted programs).

Michael has extensive experience in the field of cybersecurity and in Windows internals, and holds a B.Sc. in computer science from the Technion - Israel Institute of Technology.

We have placed cookies on your device in order to improve the functionality of this site, as outlined in our cookies policy. However, you may delete and block all cookies from this site and your use of the site will be unaffected. By continuing to browse this site, you are agreeing to Virus Bulletin's use of data as outlined in our privacy policy.