Blog Single FullWidth | Enar

Do we really need to be taping our webcams?
July 20, 2017
Blog post image

There was quite the stir sometime back when the tech paparazzi got hold of pictures of Mark Zuckerberg's taped laptop. Ever since the photo went viral, there have been rumours about how our private lives are doing the rounds on the dark web. While there may be quite the market for Zuckerberg's life and it's easily conceivable that people will pay good money for a peak of how Leonardi Di Caprio looks like while tapping away at his laptop, is there really any threat to mere mortals like you and me. Are there images of us dripping barbecue sauce from the burger onto our company laptop, out there for the world to see?

Like with most things connected to the internet and cybersecurity, there is no simple answer to this. Most activities in this connected world demand a certain degree of common sense and precaution. Here is an example I came across on Quora, while doing research about this webcam taping. This is the story, exactly as the gentleman reported:

"One evening, my fiancée and I were watching a movie on her laptop, when we noticed that the camera LED occasionally turns on and then off.

At first, we didn’t suspected anything, but after two more blinks, I suspected that something was going on.

I immediately opened task manager and found out a few processes with strange names running. I wasn’t able to terminate them.

Then I analyzed output traffic with netstat and found out that one IP was showing over and over again and it wasn’t local IP address.

I also noticed that IP was always connected on port 1234.

I traced the IP address back to a city where one of my “friends” lived. I couldn’t get the exact address, nor street, but the city name was enough as I had only one “friend” there.

The friend I spoke to over Skype several hours ago that very same day and he sent me one of his programming projects (.exe file) and I naively ran it. It didn’t work, nothing happened. I hadn’t suspected anything as I trusted him back then.

When I saw that a lot of output traffic was going to a computer in the city where he lived I knew that the exe file I naively ran wasn’t just a dumb program which didn’t work, but something much worse. I cleaned it immediately.

RAT (Remote Administration Tool) - Or in this case malicious RAT, or trojan horse. He gave me a trojan; I infected myself; he enjoyed control, himself.

When I asked him about it on Skype, he sent me an evil grin and several photos of my fiancée and me staring in front of the laptop.

About him: It was a guy I never meet in RL, we meet on Facebook, and we were cooperating for a long time. I’m a programmer; he was a younger wannabe hacker/programmer, so after a while he decided to abuse our friendship using a tool someone else made."

Now, almost everybody from the cybersecurity industry has been crying themselves hoarse about running random .exe files. And it appears as though this guy is tech literate enough to understand the consequences of doing such a thing.

Okay, even if we discount the momentary lapse in judgement about the exe file, what about that golden rule about 'virtual' friends? We all know that half the time the sexy 30 something you are chatting with is a 50 year old pervert or in this case a 'younger friend' could be a hacker waiting to grab all your money after some social engineering.

Clearly, this was a case of being under the impression that they were secure. It's the "surely, this can't happen to me!" mentality. And this mentality is precisely what lands most of us into less than comfortable situations. By taping our webcams, we are perhaps simply taking responsibility for our own security. But before we conclude on whether we should all be taping up our webcams this minute, lets first get some information right.

First there's the webcam. There are basically two types of webcams. Computer connected and internet connected webcams. Internet-connected webcams usually connect over Wi-Fi, and will most likely have their own IP address. Since it's easy to remotely access these webcams, it is essential to protect these webcams with a strong password. Unfortunately, these webcams often come with weak default passwords, and many people don't change them. Here's an example of an internet connected webcam.

Computer-connected webcams on the other hand can be a bit more difficult for hackers to get into, but that doesn't mean it's impossible. These are the webcams are the cameras built right into your computers (usually above your laptop screen) or connected via USB.

Now about how these can become weapons for cyber criminals. Hackers can access these cameras through malware. If you accidentally click a bad link or download the wrong file, that malware could contain executable code to turn on your webcam and send that video feed to a website or save it somewhere else.

What about your phone's camera? It's definitely possible to hack into a phone camera, and it's been done, at least on Android. But this is of lesser concern because usually when you are not using you phone it's lying in some corner in an overstuffed handbag or staring at the ceiling or lying face down on the table. So the dangers it poses to privacy is minimal. But, it is certainly not unbreachable.

Now coming back to whether we should be covering our cameras. The simple answer to that is yes. Because that adds a layer of security which you wouldn't get otherwise. But more essential is to bring in some good cybersecurity practises in the way you manage your data. If you adhere to simple rules like not using public wifi, not opening unknown links and making use of an anti-virus, then you could leave your webcam uncovered.

But please be aware that webcams are used by cyber criminals. In 2010, a Pennsylvania school narrowly escaped criminal charges when it was caught secretly taking photos of students through the webcams on school-issued laptops. In 2013 a BBC report revealed that the going price for access to a woman's webcam was priced at $1 per girl, whereas computer webcams belonging to men cost $1 -- for one hundred. So to assume that your private life is of no value to someone and hence safe, is very far from the truth. And honestly, can we really be secure enough? I for one wouldn't mind taping up my webcam. That way when I'm lying to Mom about how clean the house is on the next Skype call, I can claim that it's cybersecurity that's keeping the video off!

Originally published at LinkedIn