A Camera Phone In A Coffee Shop

July 24, 2012

It’s human nature to be trusting. We don’t want to think people are out to get us, because we don’t want to live in constant fear. I get that. As a normal human being, you can’t walk through life being afraid of your shadow and paranoid that someone is out to get you. However, as a software developer writing internet deployed code, that exactly how you have to think. If you are constantly vigilant, do everything right, cross all your t’s and dot all your i’s, you will still introduce vulnerabilities without knowing it. Sometimes, the attack will come in ways that will blow your mind…like say a camera phone in a coffee shop.

Try this the next time you’re enjoying an overpriced cup of cow secretions and burnt bean dishwater: Take out your phone, turn on the video camera feature, and position it such that it can record someone’s (or many people’s) keyboard, hands, and screen. Then just leave it there and record while you read your morning paper. After that you just [editor redacted to safeguard the innocent]. See? It’s that easy. No matter how many boards, bricks and chains you put up, it just took a camera phone in a coffee shop to walk through the front door.

Freaked out yet? That wasn’t even that hard. As a matter of fact, you’re probably going to try it the first chance you get. In many ways, that’s a good thing, so that you can convince yourself that you need to defend against something this simple. “OMG how???” you ask. There’s lots of ways, and they all suck. For this you really want IP address white-listing. Sadly, most applications can’t get away with IP white-listing, so you might try IP blacklisting, which is a lot like protecting your house by surrounding it completely with land mines (hope you never have to leave to get more cow secretions). Now you come to the horrid realization that there are some attacks you can’t rationally defend against. Give up? Nah. It’s like chess – giving up is the only guaranteed way to lose. They moved camera phone to coffee shop, what’s your move?


