Once a concern that was the province of the paranoid, years worth of reports and revelations have made it readily apparent that people really can spy on you through your webcam. Here’s why you should disable or cover yours.
TL;DR version: Script-kiddie hackers and teenagers can, and do, use easily accessible tools and phishing techniques to hijack webcams of unsuspecting people, often who they know, and watch them through their camera. They can store images and videos of people in compromising situations in their bedrooms, and many of these images and videos are uploaded to shady websites.
If you have kids, you should strongly consider reading the entirety of this article and implementing something to stop their webcams from being on all the time (or ever).
Is Webcam Spying Really a Threat?
Ten years ago the idea that people—be they government agents, hackers, or just law-breaking voyeurs—could actively spy on you through your computer’s webcam would be the considered the ramblings of a paranoid conspiracy theorist. A slew of news stories over the intervening years, however, have revealed that what was once considered paranoia is now an uncomfortable reality.
In 2009, a student sued his school when he discovered his school-provided laptop was secretly photographing him (the ensuing legal investigation revealed that the school had collected 56,000 photographs of students without their knowledge or consent). In 2013, researchers demonstrated that they could activate the webcam on MacBooks without the indicator light turning on, something previously considered impossible. A former FBI agent confirmed that not only was this possible but that they’d been doing it for years.
In 2013, courtesy of the documents leaked by Edward Snowden, we learned that the NSA had successful programs they used to gain backdoor access to the cameras on iPhones and Blackberries. In 2014, again courtesy of the Snowden leaks, we learned that the NSA has a host of tools at its disposal to remotely monitor users like “Gumfish”: a malware tool that allows for remote video monitoring via your webcam. In early 2015, a group known as BlackShades was broken up after it was discovered that the software they sold for $40 a pop had been used to give millions of purchasers remote access (including webcam access) to victims computers; that’s hardly a new trick though as old programs like Back Orifice were used in the same fashion back in the 1990s.
It’s Not Just the NSA
We want to emphasize the whole “hardly a new trick” bit and the ease with which even marginally skilled malicious users can gain access to your computer. This article over at Ars Technica, Meet The Men Who Spy On Women Through Their Webcams, is an unsettling account. The majority of people doing the spying aren’t government agents, but low-tier hackers that use simple tools to catalog and monitor all the devices a computer may have access to.
So before you shrug your shoulders and say, “Well the NSA doesn’t care about my boring life, so it doesn’t matter,” understand that while we might all find allegations of government spying the most troubling on a global and intellectual level, the majority of actual webcam spying is carried out by creepy Peeping Toms.
So the short of it is: yes, webcam spying is a real threat. When everyone from the spooks at the NSA to the kid next door has access to tools that can turn a webcam against its owner then the threat is legitimate.
What Should I Do?
You should, no questions asked, disable or obscure your computer’s webcam. There is no good reason, especially in light of the numerous documented cases of webcam spying, to leave an insecure recording device permanently accessible on your computer. It’s so easy to do that there’s no reason not to. Here’s what you should consider.
Make Sure You’re Using Antivirus
While antivirus isn’t going to detect all of these things, and won’t detect many of the latest ones that are out there, it will at least help in dealing with the possibility of infection through a link or running the wrong executable. Here are the programs we recommend.
The problem is that if the threat is actually the college kid that offers to help people with their IT problems, they can easily whitelist a trojan so an antivirus won’t detect it. Or malware could do the same thing.
You can’t really trust that little icon that says you are secure. But it’s at least a help.
Unplug It
For desktop users with external webcams, the easiest solution is to simply unplug the USB webcam. No amount of hacking is going to magically plug an unplugged device back in.
This is the solution we use around the offices; we leave the webcams in their usual position atop their respective workstation monitors and then when we need to use them we plug the USB cable into an easily accessible front or top USB port on the said workstation.
It’s the most foolproof way to approach the problem if you have an external webcam, and works regardless of the hardware or operating system.
Disable It in the BIOS
If you have a laptop with an integrated webcam (or a rare all-in-one desktop model that also sports an integrated webcam), you have a few options. If your BIOS supports it, you can disable it at the BIOS level, which is ideal.
Reboot your computer and enter into the BIOS (follow the on-screen instructions to enter “SETUP”, typically by pressing the F2 key, the DEL key, or a function key combination of some sort). Look through the BIOS options for an entry labeled something like “webcam,” “integrated camera,” or “CMOS camera.” These entries will typically have a simple toggle, like enable/disable or lock/unlock. Disable or lock the hardware to turn off your webcam.
Unfortunately, the BIOS solution is relatively rare and typically found on computers from vendors with heavy institutional sales. Business Dell and Lenovo laptops, for example, commonly ship with this feature in the BIOS because their corporate buyers want the ability to disable the webcam. With other vendors (and even within computer lines from the aforementioned vendors) it’s hit or miss.
Be forewarned that disabling the webcam typically disables the microphone too, as in most laptops the camera and microphone module are on the same small expansion board. This is obviously a benefit (from a privacy standpoint) but you should be aware of it so you’re not left wondering why your mic is dead.
Disable It in the OS
This solution isn’t quite as secure or foolproof, but it’s a welcome next step. You can cripple your webcam by disabling it and removing driver support for it.
The technique for doing so varies from operating system to operating system, but the general premise is the same. In Windows, you just need to enter the Device Manager (click Start and search for “device manager” to find it). There, you can locate your webcam under the “Imaging Devices” category, right-click it, and choose “Disable” or “Uninstall”.
Obviously this isn’t a perfect solution. If someone has remote administrative access to your machine they can always, with a greater or lesser degree of hassle, install the missing drivers and enable the device again.
Barring that kind of focus and determination, however, it’s a simple and easy way to disable your webcam. It is, however, rather inconvenient if you actually use your integrated webcam with any regularity. This brings us to the next solution: obscuring the lens with a cover.
Cover It Up
A compromise between the hassle of disabling the the webcam in the BIOS or operating system and leaving it wide open all the time is applying a simple physical cover to your webcam lens. As elementary and simplistic as it seems, it’s actually a really effective technique. You get instant visual confirmation that the lens is disabled (you can see the cover every time you look at your laptop), it’s easy to remove, and we even tried out some dirt cheap DIY options that keep the cover-up option economical.
Armed with the tips we’ve shared on disabling or covering your webcam you can easily avoid the unfortunate reality of webcam snooping and reduce or outright eliminate webcam-based privacy breaches.
No comments:
Post a Comment