May 4, 2023 – Cyber researchers have uncovered a new malicious attack that sexual predators use to access webcams and record child pornography using a Zoom competitor, Whereby, to gain complete control of the child’s webcam.

The research, which appeared on The Conversation academic website, was conducted between October 2021 and May 2022 by Eden Kamar, a Ph.D. candidate in cybersecurity at the Hebrew University of Jerusalem, and Dr. C. Jordan Howell, a cybercrime expert at the University of South Florida. Kamar and Howell teamed up to learn how pedophiles are preying on young children in the U.S. and globally.

“Most prior studies rely on historical data from police reports, which provides an outdated depiction of the current threat landscape,” Kamar says. “We are the first to deploy chatbots to extract actionable intelligence regarding the methods currently used to facilitate online sexual abuse of children.”

Increasingly, predators use webcams to engage in technology-facilitated sexual abuse to record pornography. They use malware to compromise a child’s computer system and gain webcam access, while phishing sites are used to harvest personal information, aiding the predator in victimizing their target. For example, phishing attacks can give a predator access to the password to a child’s computer, which could be used to access and remotely control the child’s camera.

To examine active predators, the researchers used automated, fictitious chatbot accounts called “honeypots” disguised as a 13-year-old girl. These accounts were deployed in various chatrooms to observe online predators’ activity and study their behavioral patterns. The chatbots never initiated conversations and were programmed to first find out the offender’s age by inquiring about the user’s age, sex, and location, so the researchers could ensure the chatbot only responded to users who identified as 18 or older.

The chatbot logged 953 conversations with online predators. Nearly two-fifths (39%) of the conversations included an unsolicited link. Using forensic assessment, the researchers found that 19% (71 links) were embedded with malware, 5% (18 links) led to phishing websites, and 41% (154 links) were associated with the Whereby conferencing platform, operated by a company in Norway.

“Further investigation of the Whereby platform revealed that it is designed to allow meeting hosts to completely control the meeting visitor’s camera, turning it on and off, ‘without argument,’” Kamar says. “Predators exploit this feature to attempt to control children’s webcams without their consent.”

“Until technology companies prioritize privacy, cyber-offenders will continue to exploit design flaws,” Dr. Howell states. Consequently, the researchers urge parents to heed this warning since offenders do not need to be technically savvy to attack and gain access to a child’s webcam. They only need to persuade the child to join this seemingly harmless video conferencing platform through which they can gain access and complete control over the child’s webcam. ”

“Since awareness is the first step toward safe cyberspace, we are reporting these attacks and have alerted Whereby, so parents and policymakers can protect and educate an otherwise vulnerable population,” the researchers conclude.