Chatroulette perverts' privates may not be so private after all

happygeek

Security researchers reveal ways that willy-waving Chatroulette users might be leaving themselves open to much more than accusations of just being dirty perverts as privacy attack scenarios are explored.

If you have ever been tempted, like so many male Chatroulette users, to show complete strangers the contents of your trousers new security research might persuade you not to join in this offensive nonsense. Video chat services such as Chatroulette enable random strangers to get virtually connected, but the lure of perceived anonymity and a somewhat ironic assumption of privacy has meant that it has attracted a somewhat unsavoury crowd of what a few years ago we would have called flashers or perhaps more correctly perverts.

I have tried using Chatroulette myself, and every single time have been greeted with the sight of some bloke playing with his erect penis within seconds or minutes at the longest. Word of this kind of behaviour quickly spreads and, when coupled with an apparent inability of the site operators to prevent it, attracts more willy-waving perverts until things inevitably reach the point where people use the service just to look at these members, if you'll excuse the pun.

Indeed, according to one analysis of Chatroulette traffic 1 in 8 sessions resulted in something R-rated or worse, and 89% of users were male - you are more likely to connect to nobody at all than a single female apparently. Chatroulette itself has tried to combat this misuse by prohibiting 'pornographic behavior' and implementing a temporary user ban if three users complain about immoral or pornographic activity within a five minute period.

A group of computer security researchers based at the University of Colorado, Boulder, USA and McGill University, Montreal, Canada have been exploring the security and privacy implications of using online video chat service. The report ' Intrusions into Privacy in Video Chat Environments: Attacks and Countermeasures ' reveals that membership of Chatroulette has grown by some 500% since 2009 and has started to address privacy issues. However, it also looked at the privacy problems faced by this generic class of video chat service and identified "three specific classes of attack on such systems" and proposes countermeasures to address the threats.

The first and most direct attack against a video chat environment is labelled as the Enhanced De-anonymization Attack which seeks to identify users’ geographical location. The researchers state that Chatroulette uses the Adobe Stratus platform in order to reduce bandwidth costs associated with video services. Chatroulette "handles the behind the scenes handshakes involved in making two clients connect, but the actual connection is a direct, peer-to-peer link between the two users." The researchers show how an attacker could easily get the source IP address from a packet header during the exchange of data between peers, and then use geo-IP mapping services to home in on an approximate user location.

Secondly, there's the phishing approach during which an attacker takes the guise of someone likely to be found attractive in a video-chat scenario in order to solicit sensitive data. You might call this the virtual Mata Hari attack, or perhaps the Anna Chapman attack these days I guess. The researchers suggest that instead of using email, as per a traditional phishing attack, it is possible to use a pre-prepared video to "lure unsuspecting individuals into a conversation" where details of social network accounts and other personal data could be extracted.

Finally, the report looks at a Man-in-the-Middle (MIM) attack scenario where a supposedly 'private' video interaction directly between two participants could be subject to eavesdropping. By combining this with the de-anonymization tactic it is possible, according to the researchers, to determine the identities of the people involved who could then be blackmailed using video capture footage. Especially if they have been engaged in the kind of typical mutual masturbation exercise so popular amongst users of these services.

Worryingly for the more dubious of Chatroulette users, the researchers warn that they have only "just begun to scratch the surface of interesting attacks" on video chat services and that "current security and privacy issues of these systems have been neglected."

Chatroulette founder Andrey Ternovskiy told Robert McMillan that the research was no big deal , saying "I think that it would be exaggeration of some sort to look at it too seriously."

1,059 Views
About the Author

A freelance technology journalist for 30 years, I have been a Contributing Editor at PC Pro (one of the best selling computer magazines in the UK) for most of them. As well as currently contributing to Forbes.com, The Times and Sunday Times via Raconteur Special Reports, SC Magazine UK, Digital Health, IT Pro and Infosecurity Magazine, I am also something of a prolific author. My last book, Being Virtual: Who You Really are Online, which was published in 2008 as part of the Science Museum TechKnow Series by John Wiley & Sons. I am also the only three times winner (2006, 2008, 2010) of the BT Information Security Journalist of the Year title, and was humbled to be presented with the ‘Enigma Award’ for a ‘lifetime contribution to information security journalism’ in 2011 despite my life being far from over...

Agilemind 0 Posting Whiz in Training

Why don't the male-enhancement pill suppliers start spamming chatroulette for a change. Clearly there is a demand there.

happygeek 2,411 Most Valuable Poster Administrator Featured Poster

There's certainly an opportunity for some Chatroulette advertising there. I would have thought :)

Hazardous_Byte 0 Newbie Poster

I have only visited once, and, well...it was disturbing. Being a guy, I don't want some internet weirdo waving their junk into the camera.

chatroulette1 0 Newbie Poster

Good share, you topic is very great and useful for us…thank you. I just like the approach you took with this subject. It isn’t every day that you discover something so concise and enlightening.
p/s: Chat Roulette

Be a part of the DaniWeb community

We're a friendly, industry-focused community of 1.19 million developers, IT pros, digital marketers, and technology enthusiasts learning and sharing knowledge.