Are we being spied on via our cameras and microphones on our personal devices?
Built-in device cameras and microphones are great. They allow us to easily communicate face-to-face with friends and family even if they are on the other side of the globe. They allow journalists to interview people in far flung corners of the world, and they allow entrepreneurs in remote locations to do business with people in big cities across the world. The problem is that these tiny cameras and microphones – integrated into our laptops, desktop computers and phones – can also offer hackers valuable insight into our world, letting them monitor our every action and capture highly sensitive images and video from our personal lives.
“You are being watched,” declares the science fiction crime drama ‘Person of Interest’. They call it science fiction, but the ability of online criminals, governments and psychopathic individuals to spy on anyone are as real as any Netflix movie or series makes it out to be.
While it isn’t surprising to hear that people like NSA whistleblower Edward Snowden, FBI Director James Comey and Facebook founder Mark Zuckerberg all cover up their webcams to protect their privacy, the question is, should we all be following suit? Who could be listening in and why? And what steps can you take to make your camera and microphone more secure?
Who could be accessing your camera and microphone?
Appslike WhatsApp, Facebook, Snapchat, Instagram, Twitter, LinkedIn, Viber
Felix Krause – an iOS app designer – described in 2017 that when a user grants an app access to their camera and microphone, the app could do certain things, check out our infographic for an insight into what they can do…
Access both the front and the back camera.
Record you at any time the app is in the foreground.
Take pictures and videos without telling you.
Upload the pictures and videos without telling you.
Upload the pictures/videos it takes immediately.
Run real-time face recognition to detect facial features or expressions.
Livestream the camera on to the internet.
Detect if the user is on their phone alone, or watching together with a second person.
Upload random frames of the video stream to your web service and run a proper face recognition software which can find existing photos of you on the internet and create a 3D model based on your face.
If you have the time, watch this terrifying short documentary Find My Phone for a real-life example; in which a ‘Find my Phone’ application was installed by a documentarian on a phone before they let someone steal it. After the person stole it, the original owner spied on every moment of the thief’s life through the phone’s camera and microphone. The documentary tracks every move of this person, from brushing their teeth to going to work. To grabbing a bite to eat with their co-worker to intimate moments with a loved one. This is the power of apps that have access to your camera and microphone.
Edward Joseph Snowden (born June 21, 1983) is an American fugitive – hiding out in Russia, a former Central Intelligence Agency (CIA) employee, and former contractor for the United States government who copied and leaked highly classified information from the National Security Agency (NSA) in 2013. Snowden revealed an NSA program called Optic Nerves. The operation was a bulk surveillance program under which they captured webcam images every five minutes from Yahoo users’ video chats and then stored them for future use. It is estimated that between 3% and 11% of the images captured contained “undesirable nudity”.
Government security agencies like the NSA can also have access to your devices through in-built backdoors. This means that these security agencies can tune in to your phone calls, read your messages, capture pictures of you, stream videos of you, read your emails, steal your files … at any moment they please.
Hackers can also gain access to your device with extraordinary ease via apps, PDF files, multimedia messages and even emojis. The practice of hacking webcams — known as camfecting.
The fact that webcams could potentially be used to spy on the very people using them is not new but as cameras have become integrated, always on and of higher resolution, the dangers posed by this practice are becoming increasingly risky. The reality of the threat may have first come to many people’s attention in 2014 when a former Miss Teen USA, Cassidy Wolf, had her webcam hacked by former classmate Jared James Abrahams. For months Abrahams managed to infiltrate Wolf’s personal computer located in her bedroom without her knowledge and captured multiple images of her in compromising situations. He then tried to blackmail Wolf via email and after handing himself into police, Abrahams revealed he had carried out similar attacks against up to 150 other victims — including one 14-year-old girl.
While the majority of attacks on webcams have been carried out by hackers, in 2010 it was revealed that students from two high schools in Pennsylvania were spied on by administrators using webcams in laptops loaned to students to use at home with the school district admitting it had taken 66,000 surreptitious images.
There have been multiple examples of malware designed to specifically target webcams to allow hackers to secretly watch their victims. Among the best known was Blackshades, a remote access trojan (RAT) which was distributed simply by getting victims to visit infected websites, opening malicious email attachments or by plugging USB drives into their PCs. This was the malware used against Wolf.
Among its other functionalities Blackshades allows the person using it to take control of the webcam of an infected user. According to the FBI the piece of malware had infected over half a million PCs in over 100 countries around the world, selling for as little as $40 on the dark web. “For just $40, the Blackshades RAT enabled anyone, anywhere in the world to instantly become a dangerous cybercriminal, able to steal your property and invade your privacy,” Preet Bharara, the U.S. Attorney for the Southern District of New York said in 2014 after the creators of the malware had been arrested by the FBI.
How to prevent webcam hacking?
So we know that cameras can give snoopers a look into your private life. But what can you do to stop webcam spies?
Cover your webcam, or disable it if you don’t use it.
Always use an up-to-date antivirus, and make sure your firewall is enabled.
Only use your cameras over a secure Internet connection.
Keep your operating system, browser, and software up to date.
Don’t click on suspicious links and don’t chat with strangers online.
Be wary of fake emails which appear to be sent from trusted sources and ask you to download attachments, click on a link, or disclose any personal details.
Study what permissions any app asks for. Does an app like LinkedIn really require camera access? Does an app like Twitter really require microphone access? Before you download an app, check out the reviews and search for any negative information about it to prevent yourself future harm.
Always make sure to cover your webcam with tape, and plug out your microphones when you’re done using them. You never know who’s watching, or what’s happening in the background on your device. It’s only paranoia until it’s too late.
CybACADEMY courses powered by GoldPhish® educates employees on the cyber risk and helps build a more secure organisation with awareness training.