Our 24/7 digital lives mean we’re increasingly sitting in front of a screen, whether that’s a laptop, a smartphone, or another device. That usually means we’re also sitting in front of a camera. Some of us rarely used this feature, until the pandemic hit and saw homebound workers and bored students alike switch on their webcams to stay connected with the rest of the world. But while online cameras can provide a lifeline to friends and family, and a near-ubiquitous way of participating in meetings, they also put us at risk.
Whether it’s financially motivated cybercriminals, stalkers, bullies, trolls, or just plain weirdos, the tools and knowledge to hack webcams have never been easier to find online. That puts the onus on us all to become more aware of the risks, and take steps to improve our online privacy and safety. A lot of it is common sense. Some of it needs to be learned behavior.
The truth is that “camfecting” doesn’t just invade your privacy. It could seriously impact your mental health and wellbeing. For every creep who's been arrested and jailed, there are many more still stalking the digital world looking for victims.
How does webcam hacking happen?
When it comes to cyberthreats, our attackers often hold most of the cards. They get to choose when to strike, and how. And they need only get lucky once to make a return on their investment of time and resources. A cybercrime underground economy worth trillions annually offers them all the tooling and know-how needed to launch attacks.
Here are a few ways they might be planning to invade your privacy:
- Remote Access Trojans (RATs) are a special type of malware that allows an attacker to remotely control a victim’s machine or device. In so doing they could turn the camera on without activating the light, and record and then send the video files to themselves. The same software can be used to log keystrokes, enabling them to steal passwords, banking details and more. RATs can be deployed like any other malware via:
- links or malicious attachments in phishing emails
- malicious links in messaging apps or on social media
- legitimate-looking but malicious mobile applications
- Vulnerability exploits are theoretically another way that hackers could hijack webcams to invade people’s privacy. Software contains errors because it is written by humans. And some of these errors can be exploited to help malicious actors do things like remotely compromise devices. Security researchers and hackers are in a never-ending race to find these first. Apple recently paid a researcher over US$100,000 for a vulnerability he found in macOS that could have enabled webcam hacking, for example. If we don’t keep our PCs, Macs and devices up to date with the latest software and OS versions, the bad guys could still exploit them.
Exposed home security devices are a slightly different case, but still represent a major privacy risk. These are the CCTV cameras, baby monitors and other devices that are increasingly part of the smart home. Yet although they’re designed to keep our families safer, they could be hijacked by attackers. This could happen via vulnerability exploits, as above, or it could be done simply by guessing our passwords, or “brute forcing” them via automated software that tries stolen logins across new accounts to see if we have reused them.
The threat is real
Unfortunately, camfecting is far from a theoretical threat:
In 2019, an international policing operation targeted the sellers and users of the Imminent Monitor RAT. Some 13 of the RAT’s “most prolific users” were arrested and 430 devices seized, although police warned that it had been sold to over 14,500 buyers globally.
In January 2022, a UK man was jailed for over two years after using RATs and other cybercrime tools to spy on women and children. He is said to have used fake profiles on messaging apps to make contact his victims, persuading them to download the RATs via malicious links. This provided access to their machines and devices, where he hijacked webcams and searched for saved photos and videos containing compromising images.
RELATED READING: Android stalkerware threatens victims further and exposes snoopers themselves
See the light: How to check if someone may have hacked your webcam
Unfortunately, many webcam hackers reside far from the victim, in countries that turn a blind eye to this kind of activity—especially when it’s done by professional cybercriminals looking to extort their victims or sell personal data online. That makes it more important than ever that we take proactive steps to check if we’re being targeted.
Here are a few signs your webcam has been hacked:
- The camera indicator light comes on – although some hackers can hide their attacks by switching the camera light off, that’s not always the case. If it turns on when you’re not using it, the device may have been hijacked.
- There are strange files on your computer – even if a hacker has stolen footage from your webcam, there may still be saved files on your computer. Have a look for anything unusual especially in the documents or video folders part of your hard drive.
- There are some unusual applications on your system – one of the most common ways hackers remotely record via your webcam is with a RAT. Run a malware scan and see if it alerts you to any software that shouldn’t be on your PC or device.
- Your settings have been changed – another thing malware such as RATs typically does is interfere with the security software running on your machine, or the underlying operating system, to make life easier for them. Check to see if any security features have been disabled.
What if you’re actually contacted by somebody who claims they hacked your webcam? This is less of a tell-tale sign than you might think. Opportunistic scammers will often use some information from a previous breach, like an old email and password, as ‘proof’ that they’ve accessed your device and webcam. They’ll try to trick you into sending them money in cryptocurrency to prevent them from emailing compromising images or videos to all of your contacts. Check the above tips and unless there’s any hard evidence the scammers are telling the truth, just ignore these sextortion attempts.
How to prevent webcam hacking
Staying safe from webcam hackers requires alertness and best practice security. Ensure your PC, mobile, or smart home device is always on the latest software and pre-loaded with anti-malware software. Make sure it’s protected by a strong and unique password or passphrase, as well as two-factor authentication (2FA) if possible. Don’t click on links in any unsolicited communications. And cover your camera lens when not in use, although that won’t stop criminals from listening in through your microphone.
Be also sure to check out this advice from ESET Global Security Advisor Jake Moore, whose tips will serve parents and everybody else well.
To learn more about more dangers faced by children online as well as about how technology can help, head over to Safer Kids Online.