Taping over your webcam - mere paranoia or reasonable action?
I like to be security-conscious, it's part of my job. When you read about security leaks and computer virus infections every day, it becomes an automatism. Yet, I dislike paranoia and I still believe the best security advisor to be sitting between each user's ears. That's why I haven't taped over my webcam yet. It seemed overcautious - and then HE appeared. HE got me thinking.
Mark Zuckerberg, CEO of Facebook and, depending on your point of view, either an ingenious innovator or the perfect nemesis of social networks, tapes over his webcams. A picture of his office supposedly (unintentionally?) revealed this fact and made a few computer scientists hold their breath. A guy who most likely sits behind 5 firewalls and employs a highly-paid security team feels threatened? Wow. It immediately got me thinking as to how likely a hostile takeover of my webcam was and how it could be done.
I reckon it would be any hacker's dream to watch and film Mark Zuckerberg, e.g. while he was picking his nose, and then spread this video online. That would definitely attract a lot of attention which makes for some serious motivation while a headline such as "Ashampoo technical editor filmed in his PJs" certainly wouldn't interest anyone. So was this a special case? During my research, I learned otherwise since webcams proved to be only a small portion of the attack, an added bonus, a handy spy tool so to speak. These attacks involve scouring PCs for passwords, bank account data and other personal documents and they are not as rare as we'd like to think and often go unnoticed.
Remote access trojans (RATs) are nifty remote control tools for ordinary PCs and often behind such attacks. Once they've infiltrated your system, they're able to install any kind of malware to log keystrokes, create screenshots or activate your webcam. These infections take place like any other malware infection: through dubious email attachments, program installations from untrusted sources, browser security leaks or pirated software. If the malware is up to date, it'll potentially be able to avoid detection by antivirus software.
But what about the LEDs on most webcams? Won't they alert you to any mischief? Not necessarily. If the malware is done right, it'll be able to disable them. Besides, we're talking about a tiny LED not a light organ. Such a light can easily be missed or taken for default behavior. And it doesn't take a criminal mastermind to carry out these attacks either. You can obtain the necessary components for this type of malware on the darknet for $50 to $1000, depending on your quality and feature requirements. Once obtained and configured, you can then start distributing your very own malware online.
Thankfully, there's an easy remedy for the webcam threat. If you generally don't use your webcam, you can simply uninstall or disable it in the device manager or, depending on your hardware, in your BIOS settings. If you do occasionally use your webcam, e.g. for Skype, it's enough to cover it with a Post-it note whenever you don't need it. I won't do either of that since, once an attacker has managed to compromise my PC to the extent where he can switch on my webcam without my knowing, that'll be the least of my concerns. Let's hope he'd watch me on a Monday morning, after all, he'd deserve to be punished!Author's side note:
Once you've reached this point you won't be able to stop thinking. How secure is your TV since it is now so "smart" with Internet access, apps and the works? I for one only learned yesterday that my TV can actually detect gestures (I never used this feature because it makes me feel stupid) so there must be a cam in there somewhere. And what about the microphone that, beginning with Windows 10, now listens to potential voice commands? And then there's cellphones ... You see, manufacturers and security vendors still have a lot of work to do to keep us safe and we must do our parts. The "smarter" our devices become, the more cautious we must be when using them. Stay safe!