The increased use of video-conferencing apps such as Zoom, Google Meet and Skype during this COVID-19 pandemic also means that we’re using more of the webcam on our PC or that selfie camera on our smartphone or tablet.
This coupled with the recent news that flaws found in 100,000 wireless cameras sold in the UK have made them vulnerable to hacking have led to a resurfacing of an age-old question: just how safe are today’s webcams? And, what can we do to protect ourselves?
The Wild West of webcams
According to Aaron Zander, who is Head of IT at leading vulnerability coordination and bug bounty solutions provider HackerOne, it’s hard to know if a webcam is easy to hack or not because it depends on many factors, such as the components it’s using, the platform it’s on and how it’s being set up.
If you look at the aforementioned Which?’s warning in the UK, the reason why so many brands’ cameras are potentially affected by the same flaws is that they’re built by the same company HiChip. In fact, the cameras’ weak unique identification number (UID) scheme is just half the story; it’s through the CamHi app (also from the same manufacturer) that the real damage — gaining access to the camera, tracking its location, targeting other devices on the same network — is done.
If there’s anything one can learn from this episode, it’s to avoid cheap wireless cameras (standalone PC webcams, home security cameras, baby monitors, etc.), and more so if they’re from little-known brands.
What about webcams built into laptops?
Regarding laptops, it’s a similar story of some manufacturers putting in more effort than others.
For instance, all Apple Mac portables will turn on a green LED light when an app is accessing the FaceTime camera. And blocking previously-granted access only requires a trip to the Privacy pane under System Preferences > Security & Privacy or the Camera option under Safari > Preferences > Websites if you use Apple’s browser.
And here’s a protip: if you’ve a recent MacBook with a T2 security chip, it’s a good habit to close the lid when you’re done using the camera because this will physically disconnect the built-in microphone from the device.
Microsoft is confident with the security of the cameras on its Surface devices, too. According to the company’s Applied Sciences Group lead Stevie Bathiche in this PCWorld article, each Surface webcam is tied to its LED light but they’re detached from the system, which means it’s impossible for a hacker to silently gain control of the camera without tripping the light. A microphone icon will also pop up on the Windows taskbar to tell you you’ve a hot mic.
Some manufacturers are creative in other ways. For instance, ASUS’ new ExpertBook B9450 business laptop has a webcam shield that you can manually slide over to block the camera’s lens. And recent HP laptops such as the Spectre x360 series even have a physical ‘kill switch’ that when flipped will cut the power to the computer’s camera to disable it.
There’s always stick-on webcam covers — or tape
If you don’t have any of these laptops and are a better safe than sorry person, an easy and low-cost fix is to get one of those webcam covers and stick it over your device’s camera. These covers come in all sorts of shapes and sizes — from pure adhesive covers to covers with sliders to covers that clip on to the screen — but they all achieve the same result.
Personally, I prefer slider-type covers made with softer materials to reduce the risk of the cover scratching my laptop’s trackpad. It’s also not wise to use one that’s too thick because it may create unnecessary screen flex when the laptop is closed and being moved around.
Of course, when all else fails, there’s always the good old black tape.
Let security software give you a helping hand
There are security apps that you can install to prevent people from spying on you, too.
An example is OverSight, a free Mac app that monitors your Mac’s onboard microphone and webcam, alerts you when either is activated and gives you the options to either allow or block the request.
On Windows, many security software vendors have webcam monitoring as part of the cybersecurity packages they sell. For instance, ESET’s Internet Security, which starts at S$45.90/year for one device, doesn’t just do antivirus and webcam protection — it also offers banking and online payment protection, a personal firewall and parental controls.
Don’t forget the usual IT security best practices
Ultimately, the steps that you can take to reduce the chance of your webcams getting hacked aren’t very different from what you’d do to stop bad actors from getting into your email accounts.
And that means using strong passwords for everything (including your home Wi-Fi password) and enabling two-factor authentication (2FA) wherever it’s supported.
For home security cameras and baby monitors, changing their weak default passwords should be one of the first things you do when you set them up. You should also check back regularly for firmware updates.
Since it’s entirely possible for hackers to gain access to your PCs and mobile devices and their cameras through malware, it’s equally important to keep their operating systems and software up to date; and be careful with what you download and click in browsers and emails. If you’ve been trying out a lot of video chat apps during this WFH period, take a pause to revisit their access rights and delete apps that you’ve no use for.
Finally, Zander raises a good point that hacking isn’t the only way to exploit a webcam. Person X convincing person Y to perform acts with the expectations of privacy and then turns around and uses the recordings without Y’s consent is actually far more common than any hack. Indeed, when it comes to the security or privacy chain, we humans are often the weakest link.
Balancing the New Normal: