"Mijangos told me that he'd figured out how to turn off a camera's LED, cloaking himself completely."
Anyone know if this is actually possible? I don't know anything about laptop cameras, but it seems like you wouldn't want the LED to even be under software/firmware control - just put it in series with the camera circuit. An LED has to have a significantly lower failure rate than a camera, right?
I know that with my Logitech Pro 9000, the Logitech software that comes with it gives you the ability to turn off the LED. Their software also has remote viewing built in. I'm sure designs vary, but it is at least possible with this camera.
I can't find where I read this, but I believe the reset line of the camera module is typically tied to the LED, so it can't be in a powered-on state without the LED being active.
There would have to be a buffer overrun in the text message handling code plus a way to exploit it in 160 characters. That sounds difficult, unless I'm wrong about the fact that the carrier enforces the limit.
I could maybe see doing it with MMS or iMessage. The more I think about it, the more interesting this question is...
Has anyone heard of any exploitable flaws in a phone's SMS software?
It's not just buffer overruns that can cause issues. You can crash the font display system by sending characters that aren't handled properly. You may also be able to direct the phone to download a hacked firmware update via SMS (AIUI carriers sometimes use specially-coded SMS messages to tell phones to update their software, PRL, etc.).
On windows mobile 6.0, you could send wap pushes that linked to signed apps which would auto-execute/install.
right now, there aren't any vulns which are similar in danger that I am aware of. SMS isn't a super friendly medium for stack manipulation, and most modern mobile OS'es implement ASLR.
Georgia Weidman has a botnet C&C (Command and Control) network running via hidden SMS. But I don't think it can infect via text message.
http://georgiaweidman.com/wordpress/?cat=10
Anyone know if this is actually possible? I don't know anything about laptop cameras, but it seems like you wouldn't want the LED to even be under software/firmware control - just put it in series with the camera circuit. An LED has to have a significantly lower failure rate than a camera, right?