Is it safe to leave your webcam uncovered after using video chat apps?

No operating system is ‘unhackable’, say experts

Helen Coffey
Friday 17 April 2020 06:42 EDT
Comments
Hackers can access webcams and microphones
Hackers can access webcams and microphones (Getty Images)

Your support helps us to tell the story

From reproductive rights to climate change to Big Tech, The Independent is on the ground when the story is developing. Whether it's investigating the financials of Elon Musk's pro-Trump PAC or producing our latest documentary, 'The A Word', which shines a light on the American women fighting for reproductive rights, we know how important it is to parse out the facts from the messaging.

At such a critical moment in US history, we need reporters on the ground. Your donation allows us to keep sending journalists to speak to both sides of the story.

The Independent is trusted by Americans across the entire political spectrum. And unlike many other quality news outlets, we choose not to lock Americans out of our reporting and analysis with paywalls. We believe quality journalism should be available to everyone, paid for by those who can afford it.

Your support makes all the difference.

There’s a Black Mirror episode that seems closer to modern life than some of the other, more futuristic storylines. In it, a teenage boy is blackmailed into performing various dubious acts by nefarious strangers who say they’ll share what he’s been doing on his computer – including his webcam footage – unless he carries out their instructions.

It’s not so very far from the truth. Experts say that software has been around for the last 30 years that enables hackers to gain fairly easy access to computer cameras and inbuilt microphones.

And we’re all susceptible: “You can be compromised regardless of setup, no operating system is ‘unhackable’,” James Smith, head of penetration testing for cybersecurity firm Bridewell Consulting, tells The Independent.

“Malware can take over control over screen, webcam or microphone,” adds Snorre Fagerland, senior principal security researcher for cybersecurity software brand NortonLifeLock. “Always be a little cautious about your cybersafety.”

While many of us may have had our webcams pretty consistently covered in the past, the introduction of video conferencing and virtual socialising – from Zoom to Microsoft Teams to Google Hangouts – during lockdown has ensured cameras are spending a lot of time out in the open.

It’s all a bit Black Mirror
It’s all a bit Black Mirror (Alamy)

But just how safe is it to leave your webcam uncovered? Here’s everything you need to know.

How easy is it to hack a personal or company computer or laptop?

“This depends on how alert and careful a user is and/or how strict security measures are implemented,” says Fagerland. “Malware can take over control over a screen, webcam or microphone.”

Smith agrees that it all depends on how well a device is “managed and maintained.” So, if a computer has comprehensive anti-malware software installed that is updated regularly as needed, with a user who’s vigilant against the risk of phishing attempts and clicking on links from unknown sources, the chances of a system being hacked are slimmer.

However, a simple piece of software left “unpatched” – which means there are vulnerabilities in a program or code – can act as a backdoor, putting the system at risk.

It’s also not just third-party software that poses a threat.

“There have been many operating system level vulnerabilities that allow a remote attacker to compromise a system,” says Smith. “Then you also have the risk of phishing attempts and social engineering, whereby a malicious actor would attempt to get the user to run or open a piece of malware.”

How easy is it to hack into a laptop’s built-in webcam?

Pretty easy, it would seem.

“Once a system has been compromised it’s a trivial task to access a webcam,” says Smith. A hacker might gain access to your machine by exploiting a vulnerability in the system, such out-of-date software, or by tricking you into running a malicious piece of code disguised as a legitimate link or attachment. After that, “there’s trojan software that has been around since the early 1990s which has given a point and click solution for anyone wanting to remotely access cameras and microphones, and even the live viewing of activities being performed on the machine,” says Smith.

According to Fagerland, if a computer gets infected, many common malwares include a feature that either hijacks your camera or installs spyware that is secretly listening, watching and recording you.

Again, it all depends on how well a device is protected; once a hacker is in, it’s a cinch to access your computer’s webcam and microphone. The priority is to stop them gaining access in the first place.

Are PCs more susceptible than Macs?

According to Smith, there used to be urban legends that the Mac operating system was “unhackable”, but as the number of Mac users rose, so did the amount of Mac-specific malware.

“You can be compromised regardless of setup, no operating system is ‘unhackable’,” he says.

While some corporate systems may have more advanced solutions in place to protect users, all devices carry the same risk if they’re not maintained properly – and any piece of software can contain vulnerabilities that could give an attacker a foothold.

Who might be trying to hack into webcams and why?

There are a range of possible culprits, including organised crime rings, who might hack webcams for bribery and blackmail purposes.

“In most cases, for home users and small or medium sized corporations, the ones attempting to hack into users’ devices are regular cybercriminals who are in it for the money,” says Fagerland. “Webcam access can be monetised in some settings, particularly if they can catch something on the footage that can be used for blackmail.”

Smith adds: “There’s also been a rise in domestic abuse cases where spouses have been spying on their partners.”

What is the most effective way of protecting yourself?

Covering your camera or, if it’s an external USB camera, unplugging it when not in use is key, according to Smith, as is making sure you’re aware of phishing attempts: “Do not click on any links or open attachments from untrusted sources,” he says.

Fagerland adds that installing anti-malware should be a priority: “The most effective way to protect yourself is by using security software that would keep camera and microphone hijacking malware at bay.”

To keep devices secure, you need to follow the “golden rules” for cyber safety, according to NortonLifeLock: think before you click on links and download attachments; be wary of emails, text messages and calls that prompt you to take immediate action; and ensure you have up-to-date security software.

Are people more at risk now we’re using our webcams more?

Coronavirus lockdown means we’re potentially more susceptible to cyberattacks, according to Smith. Users are at risk of forgetting to cover up their webcams when not in use, as well as accepting far more remote meeting invites, which carry the risk of being phishing attempts disguised as what appear to be legitimate requests.

“You also have the fact that with employees working remotely their home networks may not have the same amount of protection in place as they would from a corporate location,” says Smith.

According to research from NortonLifeLock, 16.5 million Britons experienced a cybercrime in the last year – a number that could “potentially grow exponentially” as cybercriminals take advantage of the coronavirus outbreak to trick consumers into surrendering their sensitive information.

Am I safe if my webcam light isn’t on?

Not necessarily.

“Don’t assume that just because the LED isn’t on next to the camera that the camera isn’t active,” says Smith. “Treat the camera like you’re always being watched, as the activity LED can be suppressed.”

Equally, even if your webcam is covered (or unplugged if it’s an external USB camera), hackers can still hear you – a would-be attacker could eavesdrop on your conversation via the computer’s built-in microphone. Muting it won’t help, either; the mute function is software-based so an attacker would be able to unmute it.

Prince Harry takes part in video chat with child charity WellChild

Five tips to improve your cybersecurity

  • Stick to official app stores and research what you are opting in for. Ensure you understand what you’re installing onto your device and check what access you are providing to new applications. 
  • Think before you click. Remember that if it looks too good to be true, it probably is; cyber criminals are experts at creating fake sites, emails or profiles that look identical to legitimate people or online shops. 
  • Passwords are the keys to your digital kingdom. Protect your accounts with strong, unique passwords. 
  • Engage in effective password management. Always reset your default login credentials and set strong passwords for your router and any devices you’ll use for video conference calls. 
  • Use a security software from a trusted, reputable brand. Make sure to keep your software up-to-date and that your device’s operating system is running the latest version. 

Join our commenting forum

Join thought-provoking conversations, follow other Independent readers and see their replies

Comments

Thank you for registering

Please refresh the page or navigate to another page on the site to be automatically logged inPlease refresh your browser to be logged in