The In’s and Out’s of Webcam Hacking
What is webcam hacking?
Webcam hacking occurs when hackers gain access to the cameras on electronic devices like smartphones, laptops, CCTVs, baby monitors, home surveillance and home security systems, tablets, and PCs. Hackers then use this backdoor channel to your devices to gain complete control of your devices, steal information, or simply spy on you without your consent.
Should you be concerned about webcam spying?
A study conducted by the A. James Clark School of Engineering at the University of Maryland found that a hacker attack takes place every 39 seconds. With a record 200 billion devices estimated to be connected to the Internet by 2020, hackers have an open field to target unsuspecting individuals who aren’t tech savvy and spy on them remotely through their own devices. Macs and Microsoft-based operating systems are not immune, nor are iPhones and Android phones.
The webcam hacking epidemic is a growing concern, even amongst the most tech savvy of individuals. In fact, former FBI Director James Comey has admitted to putting tape over his computer camera when it’s not in use.
Being watched without your knowledge by people who don’t know you - or who do know you, in some cases - is a blatant breach of your privacy. Whether you have anything to hide or not is of little consequence. NSA leaks have already confirmed that the US government has back channel links to all iPhone and Blackberry cameras and microphones, which means Big Brother is watching you 24/7, and listening in to all your conversations.
How does that make you feel?
How does webspam hacking work? How do people hack you?
Simply being connected to the Internet makes any device vulnerable to hacking. If you have cameras on these devices and no anti-malware software to check for security breaches, the software that regulates your camera and facilitates its functions is susceptible to being compromised.
Here are the most popular ways hackers illegally break into webcams and spy on your devices:
1. Weak passwords
Software programs that guess passwords are a dime a dozen, and can easily break into devices that use 123456, qwerty, and other passwords on similar lines. These are lines of code that run on backend channels, and are programmed to decode dictionary words and popular number combinations that people use as passwords. Once they hit the right word and number combination, like qwerty123, your login credentials are compromised and your account information is accessible to hackers.
Malicious pieces of code, also known as Malware, are programmed to:
- Embed themselves in your device under the radar without your knowledge
- Operate silently in the background
- Exploit a lot of information about your device’s software
Malware is routinely spread via popular downloads. Wallpapers, pictures of celebrities, .exe files for basic functions, and browser plugins from questionable sources may all contain malware that is innocently downloaded onto your system and gives hackers access to your webcam.
Botnets are groups of computers with disreputable intentions that regularly search web properties to target software flaws in a website’s code, as well as online databases and operating systems. Botnets then use these lapses in software security protocols and manual errors to their advantage. This results in sneaky, and sometimes even hostile, takeovers of such properties. Once compromised, the botnet can access files that contain usernames and password logs of customers, and use this information to further hack thousands of users, as well as gain control of their digital devices.
OF NOTE: this is why using the same password across different websites is discouraged. It makes your device easier to hack, if even one of the apps or sites you are registered on is compromised.
4. Remote Access Trojans (RATs)
Remote Access Trojans, also known as Remote Administration Tools, are software programs that let someone control your device remotely from afar, which makes them very hard to track. Hackers that use RATs don’t need to be near you to hack your devices. The Trojan software they use to hack is inserted in freenet files, bit torrents, and P2P file transfers on platforms like Bearshare, Kazaa and Limewire. When you download any files from these sources, the Trojan software is sneakily installed on your device, and then runs in the background silently. This allows hackers to watch your activities, spy on you through your webcam, listen in on your conversations through your mic, and read data stored on your system.
Who is spying on your webcam? Who is behind webcam hacking attacks?
Most hackers are just regular individuals with a solid understanding of software security protocols and operating system vulnerabilities. While the probability of someone close to you hacking your webcam is rare, it isn’t unheard of. Hackers are usually random people who direct their efforts at any and every device connected to the Internet.
Basic dictionary scripts, which are simple lines of code, are freely available on the Internet and can easily be accessed by novices and kids trying to act cool. These are unsophisticated attacks that try to decipher weak passwords to gain control of your device cameras.
Then there are recreational hackers who aren’t looking to spy on you, but won’t hesitate to help others accomplish this goal by relying on their technical knowhow. They might not benefit directly from access to your webcams, but they most definitely aren’t above exploiting the information collected for gains like social media notoriety, or to teach a lesson to big corporations. Your privacy breach matters little to them at the end of the day.
Professional hackers are the ones that you need to be weary of. These are individuals who hack with a purpose, which include things like:
- Selling the information acquired to make a quick buck
- Bullying people online to do their bidding
- Hacking on behalf of paid clients to settle personal scores
- Creating live video feed links for others to watch you for free, in real-time, while they monetize such feeds with ads
- Using your camera to gain access to your device and turn it into a crypto mining machine
- Recording you in compromising positions to blackmail you
- Stealing information from your device like credit card numbers, passwords to confidential accounts, banking details, sensitive pictures, videos, and other classified information, either to steal money or gain the upper hand on people in positions of power.
- Using numerous cameras to drive a high volume of traffic to specific websites in the form of DDoS (Distributed Denial of Service) attacks in an attempt to take them down. This is usually done to try and censor their activities and/or blackmail them.
- Hack business websites to collect client information, proprietary trade secrets, audit files, business statistics and internal communications. In fact, according to Juniper Research, in 2019 alone, businesses will lose approximately $2 trillion due to cyber security attacks by hackers.
In addition to individuals, private organizations, rival businesses, government organizations, and disgruntled social media warriors groups could also be spying on you.
Real life examples of webcam hacking
The Toronto webcam hacking case
In August 2015, a 27 yea- old woman in Toronto was photographed watching Netflix with her boyfriend. Hackers later shared these images with her through her Facebook account. Remote Access Trojans were used to compromise her webcam and manipulate it remotely. Although the Toronto Police were informed and involved, investigations were inconclusive in leading to the actual source of the Trojans. This should serve as a chilling and creepy reminder to always keep your webcams covered and secure.
The OVH webcam DDoS attack
In September 2016, cloud computing firm OVH reported a concentrated DDoS attack on its servers by 145,607 cameras and DVRs, which sent over 1.5 terabytes per second of traffic to its website. These were regular cameras from compromised devices of unsuspecting individuals who unknowingly had malware-infested devices with remotely controlled webcams. While the people who were hacked were not harmed directly in this case, they were unwitting accomplices in a cyber security crime aimed at a corporate firm.
The software hacker from Ohio
In January 2018, Phillip Durachinsky, a 28 year-old programmer from Ohio was indicted on 16 counts of identity theft, cyber violations, and fraud in breach of the federal Wiretap Act. Durachinsky did not discriminate between his victims, and targeted individuals working in schools, corporations, small businesses, and government entities. Durachinsky installed malware on computers and then spied via webcams, created a database of child pornography, and stole information, including passwords, identities, tax records, pictures, videos, medical records, and anything useful he could get his hands on. He had been at it for 13 years before the FBI finally caught him.
These disparate cases are proof that nobody is safe from cyber hackers and webcam spying. Which brings us to the question of how to prevent webcam hacking? What steps can you take to stop your webcam from being compromised?
Precautions you can take today against webcam spying
- The simplest and easiest way to prevent webcam spying is to simply cover your device cameras with masking tape when the camera is not in use. While this isn’t always feasible, it’s the safest option.
- Use strong passwords. For as tempting as it may be, do not use the same passwords across different web properties. While this isn’t a failsafe measure, it keeps you safer from amateur hacking attempts, which make up a majority of cyber attacks.
- Do not download software, pictures, or other files from random sites. Only trust software from official sources. So, for example, only download Adobe products like Acrobat Reader directly from the official Adobe site, and not from random software download sites online. Beware of malware on peer-to-peer sites and bit torrents.
- Always logout from online sessions when you’re done. Idle data transfer sessions when you’re logged in to things like your bank account online make it easier for hackers to inject suspicious data packets alongside regular file transfers, which can capture the session and be used to gain access to your cameras and microphones.
- Keep your anti-virus software up to date. Install software security patches as soon as they are released. Keep your operating systems current as well.
- Restrict webcam access by modifying the settings on your device. Only allow trusted IPs to access your webcam. Do not allow unrestricted webcam access to all apps on your devices or the websites you visit.
- Use proxy servers and VPNs, which greatly reduce the chances that your camera will be hacked.
Stay vigilant. If you see the webcam LED blinking even when you aren’t using the camera, immediately cover it up, disconnect the device from the Internet, and reset your webcam settings. From there, uninstall suspicious apps and recent downloads. If everything else fails, reset your device to factory settings.
Frequently asked questions about webcam security and hacking
Can hackers see me via my computer camera?
Yes. And your webcam LED might not always turn on to indicate that the camera is in use.
Can they listen to my phone calls?
Hacking webcams is often used as a gateway to gain partial or total device control. If this is what the hacker intends to do, then your microphone is also vulnerable and it won’t be difficult to record videos and your calls, as well as listen in on your conversations.
Are they monitoring my Facebook messages?
If your camera is compromised and acts as a gateway to other apps and controls on your device, and you are logged in to your FB account, then yes.
Facebook demands total access to your device’s camera and microphone in its Terms of Service. Users must accept these conditions to install and use the app on their digital devices. Facebook has allegedly been using your camera to record your activities. Some experts claim that the social media giant tracks the content you look at so that it can serve more of what keeps you engaged, as well as accesses your microphone to record your conversations so that more targeted ads can be served.
Can hackers access the camera on my phone?
Yes. All cameras that are embedded in devices connected to the Internet like laptops, smartphones, CCTVs, baby monitors, and home security cameras, as well as IoT devices like refrigerators, washing machines and DVRs, are susceptible to hacking.
Is my webcam spying on me? How can I tell if my webcam has been compromised?
It could be. Does the webcam LED blink even when you’re not using it? If yes, then someone else is controlling it and possibly spying on you.
Apart from that, if you notice suspicious activity logs on your laptop and/or mobile phone, vanishing funds from your bank accounts (even in small sums), opened emails or messages that you never saw before, then something is awry and you should take immediate action.
Can webcam hacking be prevented?
Yes, there are several precautionary measures you can take to avoid being and easy victim of webcam hacking, which we’ve outlined above. Beyond that, software technology is constantly changing and evolving, so what’s secure today might be easily compromised tomorrow. Stay sharp and beware.
On a simpler note, you can always disconnect from the Internet, which will terminate the connection that’s being used to spy on you.
Is it possible to hack my laptop through my webcam?
Yes. Trojan spyware can use webcam hacking as a getaway to further explore your laptop’s software vulnerabilities, as well as access other applications like music players and browsers. In severe cases, hackers can use it to gain total control of your laptop.
Can my CCTV camera be hacked?
A Google search for ‘How to Hack a CCTV camera’ returns 20,80,000 results in 0.5 seconds. If you think at least one of those links doesn’t lead you to a proper guide to CCTV camera hacking, it’s time to log off, shut down, and stay away from the Internet for good.