Earlier this year, Mark Zuckerberg, CEO of Facebook, unintentionally revealed (in a photo he posted to his Facebook account) that he covers up the webcam and audio port on his laptop. He literally has a small piece of masking tape over the pea-sized camera lens and another one on the audio port where headphones plug in. The social media universe was quick to pick up on this, leading to all sorts of speculation and theory crafting about the possible implications.
What does Zuckerberg know that we don’t?
For starters, Facebook is able, technically, to listen in on your conversations. Recall that you may have granted Facebook permission to access your microphone. Coincidentally or not, many FB users have reported online ads popping up for obscure things that they may have discussed within earshot of their phone or laptop, but had not actually typed into any search engine or device. For now, Facebook denies using a phone’s microphone to serve ads or customize news feed stories.
Webcams are also vulnerable; hackers can easily gain access to cameras embedded into mobile phones, tablets and laptops as well as stand-alone surveillance cameras. Webcam hacking was in the news after the October 21st “Mirai botnet attack,” in which thousands of webcams, DVRs and industrial cameras were hacked and then networked together to attack large corporate servers.
The risk of a webcam security breach extends to Android and iOS devices. iOS is the operating system on Apple’s iPhone, iPad and iPod Touch products. In August, Apple issued a security alert after identifying the “Trident” flaw, which hackers could use to turn on the camera or microphone on a hacked device. Trident was delivered to victims via SMS text message links.
Android apps can also serve as a conduit for hackers. Last week, a popular Android app called AirDroid was reported to have a major security flaw. AirDroid, with over 20 million downloads, helps users manage their Android device from a web browser. But the data transmission process is not secure, allowing a hacker to easily create a man-in-the-middle attack. (Read more about “Man in the Middle” in a recent RPost blog.) AirDroid has access to a device’s contacts, camera and microphone, and other user data. Android is continually releasing new security updates to keep up with the continual emergence of new security vulnerabilities.
What could a hacker do with remote access to your webcam or microphone?
Imagine the Invisible Man, sitting on the armchair in your bedroom at night, watching you and listening to your private conversations. What could he do with that information? Blackmail you? Gain access to your online accounts? Jeopardize your privacy and safety? Certainly all this and more. Think of the webcam on your laptop as the Invisible Man; it can watch you and listen to you at any time, without your knowledge, transmitting a feed to hackers via your laptop’s Internet connection.
And, it could be recorded and easily posted on YouTube for the world to watch.
And by the way, don’t think you’ll see a recording light turn on when you’re being spied on through your webcam; that can be and is usually disabled remotely by the hacker.
What to do?
While some may suggest disabling your webcam and microphone to protect yourself, this may not be a practical solution for business professionals who need to use these devices for remote collaboration, web meetings, and Internet voice services.
Instead, we circle back to a variation of Zuckerberg’s simple, low-tech solution to defeat high tech surveillance.
But instead of just a piece of tape, we recommend placing a bandaid over your webcam — the bandaid padding will protect your camera, and you can peel it off whenever you want to use the webcam. If you choose the right size bandaid or trim one to fit, you can even muffle the microphone port.
Also, to further protect yourself from becoming a target, consider protecting personally identifiable information and information about your financial assets. Use secure email communications (RMail, for example) to keep your personal information personal.