Camfecting: how hackers attack by accessing your webcam


Much like the wooden horse of Greek mythology, a Trojan horse is a type of malware that is often disguised, in this case as legitimate software or program. Once installed on a device, it can give hackers full remote access to a person’s computer.

UNSW cybersecurity expert Professor Salil Kanhere said we shouldn’t assume that Trojan horse attacks only happen in spy movie plots. This, he says, happens frequently to ordinary people today.

Typically, Trojans are used to take control of a person’s device – so that the hacker can access your computer files or steal your data, or often they will insert more dangerous malware into your device. He said.

“What’s alarming is that it also gives them remote access to your computer, including devices like your webcam, which means they can basically watch anything on the other side. side of the objective This type of attack is known as camfection.

“It’s a total invasion of our privacy and it doesn’t just happen to your computer, it can happen on your phone, tablet, and other networked devices in your home, like security cameras. “

How does an attack work?

For some people, the story of hackers accessing a person’s computer without their permission may not be new, but hackers always find new ways to disguise the Trojan.

By posing as a bank, government agency, or charity, hackers create the illusion of authenticity and authority – often with a demanding or urgent request that requires immediate action from the recipient. If they then proceed to open or download the files attached to the spam email, the malware then installs the Trojan files on the computer.

“Most of the time when this happens, the victims don’t even know it even happened,” says Professor Kanhere.

“The transaction is almost automatic and often nothing happens after pressing the download button, so people may think that there is a problem or that it is an empty file, so they check it out. ‘ignore and don’t think much about it.

“It wasn’t always that simple – not that long ago, hackers had to write malware, which meant they needed specialized knowledge in computer programming. Nowadays, Trojans and all the tools necessary to launch such attacks can be bought and sold on the dark web.

Why is this happening?

Professor Kanhere says there must be a strong motivation to hack another person’s webcam, as the attack is usually planned and deliberate.

“One reason why this is happening could be that hackers want to capture images or videos of the other person in a compromising position and potentially use it as blackmail for financial gain – this is a very perverse truth, but it happens.

“Whether we use our laptops, phones and other devices for business or social purposes, most have a built-in camera, so it’s very easy for hackers to access visual images of the victim at all times.

“We also know that government intelligence agencies can also use this approach to collect restricted or sensitive information. “

Installing anti-virus software and activating your firewall while browsing the Internet are ways to strengthen your defense in the event of a cyber attack. Image: Shutterstock

Work on your defense

While it’s not always possible to completely avoid a stealth attack, there are ways to boost your defense when an attack occurs. And it comes down to cyber hygiene and a little more knowledge of your computer.

“First, check which apps and programs are allowed to access your camera and microphone. Make sure that you only allow apps that really need to access the camera, for example, Microsoft Teams for business meetings, and not random ones that you don’t remember installing.

“Second, turn on your firewall. This will help protect your network by filtering and blocking traffic that attempts to gain unauthorized access to your computer.

“And finally, installing antivirus software is another line of defense, as it actively filters and scans your computer for malware.”

If you come across random folders on your computer containing pictures or videos that you yourself can’t remember, that’s a red flag that something fishy is going on, says Professor Kanhere.

Even information and IT professionals are not immune to these types of hacker attacks.

An image of Mark Zuckerberg, founder of social media giant Facebook, sitting at his desk, holding a cutout cardboard, called attention to something peculiar in the background – his laptop’s camera was covered in duct tape .

On most computers, a green or red light will appear to let us know the camera is in use. But this is not always the case when a Trojan horse has infiltrated your computer system, explains Professor Kanhere.

“Covering your laptop’s webcam lens is a simple, low-tech way to provide additional protection against hackers who might attempt to illegally gain access to your computer’s camera. “


Comments are closed.