InfoSec Blog - Webcam Hacking

Laptop with Webcam covered

March 22, 2019

It’s Friday and you've had a long tiring day at work, so now all you want to do is go home and chill. Perhaps you call over some friends and make it a lazy Netflix evening. You are enjoying your movie while having your favorite snacks. Suddenly, you receive a video text on your phone from an unknown number. Time to open the message, HA! The text includes a video clip of you and your friends watching a movie. You are freaking out as you think someone is hiding at your house and spying on you. Well, this can be done virtually without a person being present at your house.

The more technology we use, the more threats we face in our everyday life. In our tech driven world, we hear about hundreds of cybersecurity threats occurring each day such as viruses, phishing scams, data breaches, and ransomware. There have been several incidents where hackers get control of personal messages, e-mails and files saved on others’ computers through malware and trojans, and then the hackers utilize that data for ransom or extortion purposes. We are only talking about personal messages and e-mails here but what about someone invading your privacy and watching your every move? Unfortunately, that is possible by hacking your webcam.

What is Webcam Hacking?

Webcam hacking is remotely accessing someone’s webcam without their permission to spy on them. This is usually done by malware or a Remote Access Trojan (RAT) which takes control of the computer and the attached webcam. This malware can be installed on a computer when the user opens an infected e-mail, opens an infected email attachment, clicks on a compromised link, or installs infected software.

Once a hacker has full control of the computer, they are able to track all the daily activities of the user by reading their personal messages, checking their pictures, viewing their browsing history, and spying on the user and their home through the webcam and even listening to their conversations through the microphone. You might think your laptop’s LED is only on when you are using the webcam and believe your webcam is not hacked. However, a hacker can easily turn off the LED so you can never realize that you are being watched.    

Potential Dangers

  • Someone could be continuously monitoring and watching every move you make.
  • A malicious party could have access to your private data and daily activities which makes your home more vulnerable to robbery.
  • A hacker may demand a ransom in exchange for potentially embarrassing images and videos captured through webcam.
  • This is typically in the form of Bitcoin, however in some cases, hackers have blackmailed victims into performing illegal activities. An example of this can be seen in the "Black Mirror" episode “Shut up and Dance” where the victim is being blackmailed and forced to rob a bank.
  • Even after paying the ransom, there is no guarantee that hackers will delete the victim’s sensitive content. They could either release it to the public or keep it for future extortion purposes.

Prevention Tips

  • Cover your webcam with tape, a sticky note, or a sliding webcam cover.
  • Install anti-malware software on all your devices and keep it updated. 
  • Enable the desktop firewall software on your computers which is available on both Windows and macOS.
  • Always keep your operating system, browser, and applications up to date on all devices.
  • Disable remote access to your computer.
  • Think before you click. Do not open attachments from people you do not know and hover over the link to verify it is legitimate before clicking on it.
  • Only use trusted and secure Wi-Fi networks and ensure your home network is secure. You can refer to our previous blog post on that subject (https://www.uoguelph.ca/ccs/infosec/securehome).
  • Be vary of tech support scams which try to convince you that your computer has a problem and the only way to resolve it is to download remote access software and allow them in to fix it.

 

Written by: Kiranbir Kaur (Cyber Security Co-op, Information Security)