Webcams are great. They allow us to easily communicate face-to-face with family and friends even if they are on the other side of the world. They allow journalists to interview people in far flung corners of the world. They allow entrepreneurs in remote locations do business with people in big cities across the globe.
The problem is that these tiny cameras integrated into our laptop and desktop computers could also offers hackers a valuable insight into your world, letting them monitor your every action and capture highly sensitive images and video from your life.
While it isn’t surprising to hear that people like NSA whistleblower Edward Snowden, FBI Director James Comey and Facebook founder Mark Zuckerberg all cover up their webcams to protect their privacy, the question is, should we all be following suit, and what steps can you take to make that camera more secure?
The practice of hacking webcams — known as camfecting — has been happening for years but as cameras have become integrated, always on and higher resolution, the dangers posed by this practice are becoming increasingly risky.
While the majority of attacks on webcams have been carried out by hackers, in 2010 it was revealed that students from two high schools in Pennsylvania were spied on by administrators using webcams in laptops loaned to students to use at home with the school district admitting it had taken 66,000 surreptitious images.
The fact that webcams could potentially be used to spy on the very people using them is not new, but the reality of the threat may have first come to many people’s attention in 2014 when a former Miss Teen USA, Cassidy Wolf, had her webcam hacked by former classmate Jared James Abrahams. For months Abrahams managed infiltrate Wolf’s personal computer located in her bedroom without her knowledge and captured multiple images of her in compromising situations. He then tried to blackmail Wolf via email and after handing himself into police, Abrahams revealed he had carried out similar attacks against up to 150 other victims — including one 14-year-old girl.
There has been multiple examples of malware designed to specifically target webcams to allow hackers secretly watch their victims.
Among the best known of these pieces of malware was Blackshades, a remote access trojan (RAT) which was distributed simply by getting victims to visit infected websites, opening malicious email attachments or by plugging USB drives into their PCs. This is the malware used against Wolf.
Among its other functionalities Blackshades allows the person using it to take control of the webcam of an infected user. According to the FBI the piece of malware had infected over half a million PCs in over 100 countries around the world, selling for as little as $40 on the dark web.
“For just $40, the Blackshades RAT enabled anyone, anywhere in the world to instantly become a dangerous cybercriminal, able to steal your property and invade your privacy,” Preet Bharara, the U.S. Attorney for the Southern District of New York said in 2014 after the creators of the malware had been arrested by the FBI.
In 2012 the Electronic Frontier Foundation and Citizen Lab reported that Blackshades was being used against opposition forces in Syria, while others bought the hacking tool to spy on people they knew, including one man from Leeds who in 2015 was given a 40-week suspended sentence for using BlackShades against 14 people, 7 of whom he knew personally — having paid for it using his ex-girlfriend’s credit card.
More recently Gartner reported on the Delilah malware which specifically targeted enterprises and uses webcams to collect incriminating evidence on employees and their families, in order to blackmail them and extort them to reveal sensitive about their companies.
Webcam streaming sites
Accessing a webcam that does not belong to you however does not necessitate hacking in a lot of cases. In 2014 the US and UK governments warned that there were numerous websites which were tracking unsecured webcams across the globe.
These sites — which are not hacking anyone’s systems — rely on the fact that most webcams, security cameras and IP cameras leave the manufacturer security settings unchanged when they are set up, and so are vulnerable to be monitored.
The operators of these sites say that they simply scan for unsecured internet-connected cameras and post snapshots on their site, which are searchable by country or US state in some cases.
So it’s clear that there are some significant risks associated with having a webcam in your home or your workplace. Thankfully, there are a number of steps you can take to protect yourself, your family and your business.
Cover it up
The preferred choice of no less figures than Zuckerberg, Snowden and FBI director James Comey, the easiest way of stopping hackers from remotely peering into your life is by physically covering up your webcam.
Zuckerberg prefers a piece of black electrical tape, while Snowden has been seen throwing a blanket over his entire laptop to stop the spies, but whatever you choose, you should always check that it works by firing up the camera app on your laptop or desktop computer (or use the Skype test call facility) to see if the cover you have used blocks out everything.
One of the issues with using a piece of tape is that should you have a need to use the camera at any point, the tape could leave a sticky residue over the camera lens, though some vigorous scrubbing should solve this problem.
If you don’t want to use a DIY solution but want something more substantial, you can buy physical webcam covers online, which come in a variety of shapes, sizes and colours with some even featuring a sliding door making it easy to protect yourself when the camera is not in use. These typically cost under £10/$15 but make sure that the model you are buying is right for your device, and, for example, won’t stop you closing your laptop.
Close your laptop/Turn off your computer
If you use your webcam a lot for Skype chats or video conferencing (or just checking you don’t have something caught in your teeth) then rather than putting a cover on it, you could just make sure your computer is off when you are not using it.
Even the best hacker in the world won’t be able to see what you are doing if you close your laptop or if you power down your PC when you’re not using it.
Regularly scan your computer For webcam malware
Hackers are extremely good at circumventing traditional security measures like antivirus software and typically spotting webcam-focused malware is not something these pieces of software do that well.
But that doesn’t mean you should just do nothing.
What you need is what is known as a second opinion malware scanner. Just as the name suggests, these act as a secondary malware detection and removal program like a second line of defence for your computer should your primary scanner fail to detect an active malware infection.
With hackers actively coding malware to avoid certain antivirus software, this is always a good idea, with Malwarebytes and Hitman Pro among the best on offer.
Turn on the LED notification light
Some webcams come with accompanying LED notification lights which turn on whenever the camera is active, making it a lot easier to spot of someone is using the camera without your knowledge.
Unfortunately this is not a foolproof method of protecting yourself however as some hackers have been able to code their malware to automatically turn off these LEDs when secretly accessing your camera.
Change the default admin and password
If you are using a standalone webcam, either in conjunction with your computer or as a security camera or baby monitor, then you need to make sure you have changed the default settings which were configured by the manufacturer before leaving the factory.
These changes are done by the firing up the software which came with your camera, but if like most people you threw that CD out with the box the camera came in, you should be able to download the software on the manufacturer’s website.
I have been schooled on the fact that antivirus software packages nowadays, do not catch most of the malware I am paid to remove from computers which have that crap installed. I used third party solutions, which I have used, time and time again, to clean up the very computer I had to recover. People have been paying for these expansive suites of garbage software that take over the system resources, and offer little in the way of protection. This is evidenced by the request of most of them to remove said software protection suites. I no longer recommend that stuff to anyone.