T 5.40 Monitoring rooms using computers equipped with microphones and cameras

Nowadays, many IT systems are equipped with microphones and cameras. The microphone or camera on a computer connected to a network can be used by anyone with access rights to the relevant device files. Under Unix, this is e.g. /dev/audio for the sound card or /dev/video for a camera; under Windows, this is an entry into the Registry. Failure to exercise due caution over the granting of such access rights could result in persons other than the intended users gaining access and hence being able to misuse the microphone or camera for eavesdropping and unnoticed recording of meetings.

Example:

• In March 2001 a television business program showed how it is possible to bug a room using the microphone on a laptop that is connected to an ISDN telephone line. This was demonstrated using a laptop of a German politician. First of all she was sent a faked virus warning by e-mail, telling her to open a protection program enclosed as an attachment. But this program contained a Trojan horse which later established a connection to the outside over the ISDN line and transmitted the telephone number.
  
  It was then possible for the computer to be telephoned from outside without the user having any visual or auditory information that this was going on. The microphone installed on the laptop was then activated over the open connection and the sounds in the room were transmitted to the outside.