How to Guard Against Webcam Attacks
Webcams are an integral part of our desktop or laptop user experience, especially now with the prevalence of online meetings and collaborating with our colleagues in a work-from-home world. We won’t be giving out prizes for guessing the obvious: hackers are looking for ways to take control of webcams to spy on victims.
Webcam hacks are not a new phenomenon. They’ve been happening for as long as hackers have known they could use webcams vulnerabilities to exploit them for personal gain.
Webcam attack pattern
Extortion emails are on the rise. Many of these claim to have proof of your online activities that might cause embarrassment if they got out in the open. The proof of these activities cybercriminals claim to have are, for example, screenshots of visits to porn or gambling sites, or webcam recordings of some private moments.
Most of us spend a better part of the day on our computers, whether it is for work or entertainment. A webcam is an integral part of nearly all computers. It is not a stretch to think that hackers will make an effort to intrude our privacy by taking control of the webcam and use it to spy on us.
So how do hackers break into our webcams?
A camfecting (yes, this is a real word!) attack involves the use of a remote administration tool or RAT. Our old friend phishing is the modus operandi used by attackers to drop a RAT on to your computer. You will receive an email message that claims to be from an entity you trust, asking you to click on link embedded int the email copy. The email says this link is of critical importance and offers helpful information. Unfortunately, if you click on the link, a trojan virus, the RAT, will be installed on your computer, giving attackers control of your webcam.
Another way that hackers launch a camfecting attack is by convincing victims to visit a website where they will download malware onto their computers unwittingly. More complex attacks involve finding vulnerabilities in a home network and targeting computers on that network.
How to know your webcam has been hacked
It’s good to know about camfecting and the associated attack methodology, but even more importantly, how do you know if your webcam has been hacked?
Here are some things to watch out for:
The light on your webcam
All webcams have an indicator light. If the webcam is active, the light will switch on, and if it isn’t, the light will be off. If you notice that the indicator light turns on even when you aren’t using the webcam, this is a sign there is something wrong with your camera. This is potentially either a software issue or a webcam hack.
If this is happening, start looking for reasons. Adopt a process of elimination. If you discover there are apps turning on the webcam, this should be troubling. Apps shouldn’t do that unless they ask for permission to do so.
Delete apps that are activating your webcam. If the problem persists, conduct a deep malware scan of your system.
Webcam video files
Imagine a scenario in which the hacker takes control of your webcam and starts recording with it. There is a very good chance that the webcam video recordings are being saved on your computer. The hacker might be clandestinely accessing these files, but there are still stored on your computer. The advantage the hacker has in this situation is that users typically tend to ignore most system files unless they are using them.
If you come across video files that shouldn’t be there, don’t ignore them. Find out why they have been created. Ideally, search for such files regularly. Check your documents folder, webcam folder or video folders. This should be a best practice.
A hacker’s message
You open your inbox and come across a message from a hacker clearly stating your webcam has been hacked and that they have proof. Don’t take the hacker’s word for it, because many a times such mails are phishing emails using scare tactics to make you click on a link or visit a site. Don’t fall for these tricks. Of course, if they do provide proof of video recordings, it’s time to worry.
Simple tips for webcam security
It’s not difficult to follow certain best practices to ensure you and your webcam don’t fall prey to a webcam attack:
• Don’t miss on software updates
Hackers exploit software vulnerabilities to break into your webcam. An easy-to-employ best practice is to keep your software up to date. The webcam manufacturer will release software updates periodically to add new features and patch vulnerabilities. Usually this will happen automatically, but in the event you have opted for manual updates, keep track of all software release notifications coming your way and take necessary action.
• Do not not fall for phishing scams
Follow a simple rule of thumb: Think twice, or honestly, think even more than twice before you click on any link. Check the source or the email, verify the domain, read through the message carefully, and also consider why it’s asking you to click on a particular embedded link. Phishing emails are getting more sophisticated by the day, but it is not impossible to spot a phish.
• Cover your camera
Ideally, it’s a good precaution to keep your camera covered when not in use. If you are using an external camera, disconnect it. If your camera comes with a cover for the lens, cover the lens when you’re not using it. This might seem like a crude method, but it works. Imagine a hacker is able to obtain control of your webcam (perhaps you unintentionally clicked a bad link and exposed yourself to a trojan). But if you make a habit of covering your camera, when you’re not using it, the hacker has no way of capturing private moments via your webcam.
• Use advanced antivirus
Deploy an antivirus solution that offers a spectrum of security features to keep your PCs and Macs safe from malware attacks. With Sophos Home, you get the benefit of a deep scan and cleanup of your computer for hidden threats that removes malware, and much more. The idea behind installing an antivirus is to reduce the attack surface, so that you are much more well-protected from threats than ever before.
Don’t take the security of your personal devices for granted. Be aware of the threats out there, and take necessary preventive action.