Sophos Cloud Optix
Do only the truly paranoid stick bandages over their webcams so they don’t get surreptitiously recorded?
According to a BBC Radio 5 live investigation, the rationale for doing so might be strong enough to vindicate the paranoid, given input from webcam hackers who say that such hacking is simple and that black markets for selling access to compromised computers are “thriving.”
One webcam hacker who spoke to the BBC said “loads of people” are hacking webcams because it’s so simple to do.
In fact, while he was being interviewed, he was on a forum with tutorials on how to hack webcams. It had about 428,000 posts, he said.
Hackers gain access to their victims’ computers with remote-access Trojans (RATs) – malware that gives an intruder administrative control over its targeted computers, including, in this case, the ability to remotely control webcams.
It’s an invisibly-installed malware program spread via email attachment or by tricking victims into visiting a booby-trapped site.
The BBC interviewed one victim who thinks she was victimized by webcam hacking.
Rachel Hyndman said that she noticed that her laptop camera had switched itself on while she was watching a DVD in the bath.
She was, of course, horrified:
"I was sitting in the bath, trying to relax, and suddenly someone potentially has access to me in this incredibly private moment and it's horrifying.
"To have it happen to you without your consent is horribly violating."
For the investigation, a BBC producer posed online as a computer security enthusiast in order to contact several webcam hackers from around the world – at least one of whom has since been arrested.
The investigation uncovered websites where hackers share pictures and videos of their victims aka “slaves”, pages where they swap photos of “ugly slaves”, sites where men swap images of female “slaves”, and evidence of at least one black market where you can buy access to a woman’s webcam for $1 (64p).
The same amount will get you access to 100 computers owned by men.
How common is this type of hack?
Graham Cluley told the BBC that webcam hacking is quite real.
That’s evidenced by multiple arrests of perpetrators – including those looking to blackmail victims.
But while it is real, GC says, webcam hacking is rare enough that it’s not quite worth freaking out over in the broader scheme of virusy things:
"There are 100,000 new virus threats created every day and it's really important to keep your security up to date because anti-virus software should protect you against most of these threats."
Still, you don’t want to be one of the (albeit rare) victims.
A list of tips on avoiding getting webcam-hacked, some of which are adapted from a list provided by ChildNet International and the UK’s Child Exploitation and Online Protection Centre:
- Keep your antivirus and firewall protection up to date.
- Patch applications in a timely fashion.
- Be wary of email and social networking messages from strangers, and refrain from clicking on attachments or links in any such messages.
- Don’t take your webcam into intimate places, even if an error message tells you your computer needs hot steam to clean its sensor (true story!).
- When not in use, cover your webcam lens (bandages work well) or point it at the wall.
- Think twice before stripping for a conversation – remember, whomever you’re talking to can record and share the video.
- Teach young people how to behave safely online to avoid them becoming victims.
- Encourage children who’ve been victimized via webcam to report it to a trusted adult.
- If you’ve been victimized yourself, report it to the authorities.
Stay safe, and keep an eye on that webcam light.
Image of webcam and computer spying courtesy of Shutterstock.
Why would you suggest that to cover the camera on your laptop or other device amounts to “paranoia”? Is it paranoia to close the curtains in your home if you do not want the world passing by your home to see in or is it paranoia to pull on the credit card reader at the gas pump before sliding your card?
As most people who visit this site, I’m an information security professional and I would never make that assumption, but I would tell absolutely tell folks to cover the camera, especially if that laptop belongs to the company that you work for because patching practices are usually abysmal to non-existent in most places, but I would also tell them to do what makes them feel better and worry less as long as they understand everything involved.
In this day and age of information overload coupled with lack of common sense, many people cannot distinguish paranoia with logical preservation of privacy/security.
Paranoia = fearing your child is targeted every day by every male stranger everywhere you go.
Security = buckling up your child in the car.
Naked Security indeed…
This is sounds so terrible. But thanks for the tips to avoid getting webcam-hacked, these are very helpful.
+1 for tape over the webcam. Ain't no hack which can un-peel bodge tape!
OK, first, does my Sophos Mac Antivirus find this stuff? Second, if I am hacked, does a light come on?
I can understand the tape with respect to inbuilt laptop cameras but for a desktop, would it not be easier to just plug in the camera when needed? My camera is plugged in via a usb hub and the default position is "off".
i have GOT to stop picking my nose while using my laptop…
If your webcam is being remotely turned on, will the light always come on?
No. There are plenty of Trojans that can operate your camera with or without the light being on. Same for the microphone and any other hardware device accessible by your system's operating system..
Not always, some device driver have the options to turn off that led. Most doesn't have that option, but you can regulate how bright it is at a point that no human can even notice the difference between On/Off.
At least most webcam DOESN'T have any light regulator or ON/OFF option, not for security means, but because most are cheap 😛 .. that cameras have a hard attached LED, so if the camera have power, the light is ON.
Who watches a DVD in the bath?
Why do you care if people watch DVD's in the bathtub?
I don't care. But it seems pretty odd, and a hazard to be using an electronic equipment in the bath. I certainly don't.
In response to those wondering about the webcam indicator light, there are some hackers that can work around webcam lights and record without them being on – but it's much harder to do and many of them don't have the skills to do so.
If you run a mac and only get software from the mac app store you will be pretty much immune to this hacking. AV software actually doesn't help much for this kind of attack since it can easily look like a valid program just using your webcam.
How about manufacturers add a simple “sliding door ” mechanism that blocks the camera,like a black thin foil of plastic.
Yes, great – a sliding lens cover. Don't think you could obtain a patent for that; pocket cameras have had them since the days when they contained cassettes of film. Their purposes are to exclude dirt and prevent scratching of media in the optical path.
They could serve those purposes and address the privacy concern, if introduced to web cams. Only downside is they run contrary to the established drive for making laptops increasingly thinner and for minimising the surface area not occupied by the display.
As the incremental manufacturing cost won't be much over a cent, we might start seeing them soon. We still feel more comfortable with physical than digital security. (Sorry, Sophos!)
Chances are, many people will forget about that sliding door, and either keep shooting a black video, or just end up keeping it open.
“Rachel Hyndman said that she noticed that her laptop camera had switched itself on while she was watching a DVD in the bath. ”
That would be such a cool scene in a movie! (I’m not trying to be offensive here its just such a scary thing to think about, such a private place a suddenly your laptop camera has a mind of its own!)
Another solution is to stop worrying if someone sees you or your loved ones in their birthday suits. Blah blah blah yawn.