Germany's news in English

Editions:  Austria · Denmark · France · Germany · Italy · Norway · Spain · Sweden · Switzerland

Fraunhofer warns Adobe Flash can be used as PC spying tool

Share this article

Fraunhofer warns Adobe Flash can be used as PC spying tool
Photo: DPA
10:29 CEST+02:00
The popular program Adobe Flash Player can be used to take over another person’s computer and spy through their camera and microphone, researchers at Germany's Fraunhofer Institute have discovered.

According to a Wednesday report in the daily newspaper Die Tageszeitung, security researchers from the Fraunhofer Institute for Secure Information Technology in Darmstadt have shown that malevolent hackers can remotely turn almost any computer into a formidable surveillance device.

Flash is a popular program that can be downloaded free and allows computer users to watch video and animations via web pages. It is often automatically installed as an add-on program with any internet browser.

But security researchers from the Fraunhofer Institute developed a method by which the microphone and built-in camera on a computer can be switched on remotely, allowing an attacker to use the microphone as a bug and to operate the camera.

The researchers outlined their discovery in a recent presentation to the Chaos Computer Club, a Germany-based hackers’ organisation.

They described the method as a “man-in-the-middle” attack – the attacker places himself effectively between the computer’s user and the Flash software. That means the user must actually help the intruder by accepting a false encoding certificate.

Along with potential security holes, Flash can also be used by companies to track computer users. So-called Flash cookies, small packets of data, land on the hard drive and save the user’s activities. Because Flash cookies are barely noticed by the computer owner, they are almost never deleted.

Adobe plugged 32 security holes when it issued its last updates, according the newspaper report. But just two months later a further update needed to be issued when another serious problem arose: “This hole … allowed an attacker to potentially take over the system,” the firm announced.

The Local/dw

Get notified about breaking news on The Local

Share this article

The Local is not responsible for content posted by users.
Become a Member or sign-in to leave a comment.

From our sponsors

How to work 9-5 and travel the rest of the time

A full-time job shouldn’t stop you from satisfying your wanderlust. The Local spoke to Travel After 5 blogger Alline Waldhelm to find out her tips and tricks for travellers who only have 25 days of annual leave.