Camfecting doesn’t just invade your privacy – it could seriously impact your mental health and wellbeing.
Our 24/7 digital lives mean that our screen time is increasing, whether that’s a laptop, a smartphone or another device. It means we’re also sitting in front of a camera. Some of us rarely used it, until the pandemic. Since that, it has become a new normal to stay connected with the rest of the world. However, while online cameras can provide a lifeline to friends and family, and a way of participating in meetings, they also put us at risk.
Whether it’s financially motivated cybercriminals, stalkers, bullies, trolls or just plain weirdos, the tools and knowledge to hack webcams are easy to find online. Thus we should become more aware of the risks, and take steps to improve our online privacy and safety.
How does webcam hacking happen?
When it comes to cyberthreats, hackers often hold most of the cards. They get to choose when to strike, and how. And they need only get a chance to make a return on their investment of time and resources. A cybercrime underground economy worth trillions annually offers them all the tooling and know-how needed to launch attacks.
Here are a few ways hackers may invade your privacy:
1. Remote Access Trojans (RATs) are a special type of malware which allows an attacker to remotely control a victim’s machine or device. They can turn the camera on without activating the light, and record and then send the video files to themselves. The same software can be used to log keystrokes, enabling them to steal passwords, banking details and more. RATs can be deployed like any other malware via:
- links or malicious attachments in phishing emails
- malicious links in messengers or on social media
- legitimate-looking but malicious mobile applications
2. Vulnerability exploits are another way that hackers could hijack webcams to invade your privacy.
Software contains errors because it is written by humans. And some of these errors can be exploited to help malicious actors do things like remotely compromise devices.
Security researchers and hackers are in a never-ending race to find these first.
Apple recently paid a researcher over US$100,000 for a vulnerability he found in macOS which could have enabled webcam hacking.
If we fail to keep our PCs, Macs and devices up-to-date with the latest software and OS versions, the bad guys could still exploit them.
3. Exposed home security devices are a slightly different case, but still represent a major privacy risk.
These are the CCTV cameras, baby monitors and other devices which are increasingly part of the smart home. Yet although they’re designed to keep our families safer, they could be hijacked by attackers. This could happen via vulnerability exploits or simply by guessing our passwords, or brute forcing them via automated software.
The threat is real
Unfortunately, camfecting is far from a theoretical threat.
In 2019, an international policing operation targeted the sellers and users of the Imminent Monitor RAT. Some 13 of the RAT’s most active users were arrested and 430 devices seized.
In January 2022, a UK man was jailed for over two years after using RATs and other cybercrime tools to spy on women and children. He is reported to have used fake profiles on messengers to make contact his victims, persuading them to download the RATs via malicious links.
This provided access to their machines and devices, where he hijacked webcams and searched for saved photos and videos containing compromising images.
How to check if your webcam got hijacked
Unfortunately, many webcam hackers reside far from the victim, in countries which turn a blind eye to this kind of activity.
Here are a few signs your webcam has been hacked:
- The camera indicator light comes on – although some hackers can hide their attacks by switching the camera light off, that’s not always the case. If it turns on when you’re not using it, the device may have been hijacked.
- There are strange files on your computer – even if a hacker has stolen footage from your webcam, there may still be saved files on your computer. Have a look for anything unusual especially in the documents or video folders part of your hard drive.
- There are some unusual applications on your system – one of the most common ways hackers remotely record via your webcam is with a RAT. Run a malware scan and see if it alerts you to any software that shouldn’t be on your PC or device.
- Your settings have been changed – another thing malware such as RATs typically does is interfere with the security software running on your machine, or the underlying operating system, to make life easier for them. Check to see if any security features have been disabled.
- What if you’re actually contacted by somebody who claims they hacked your webcam? Scammers often use some information from a previous breach, like an old email and password, as ‘proof’ that they’ve accessed your device and webcam. They try to trick you into sending them money in cryptocurrency to prevent them from emailing compromising images or videos to all of your contacts. Check the above tips and unless there’s any hard evidence the scammers are telling the truth, just ignore these sextortion attempts.
How to prevent webcam hacking
Staying safe from webcam hackers requires alertness and best practice security:
- Ensure your PC, mobile or smart home device is always on the latest software and pre-loaded with anti-malware software.
- Make sure it’s protected by a strong and unique password or passphrase, as well as two-factor authentication (2FA) if possible.
- Don’t click on links in any unsolicited communications. And cover your camera lens when not in use, although that won’t stop criminals from listening in through your microphone.