Webcam Hacking: How to Tell if Someone Can Spy on You Through Your Webcam
Camfecting doesn’t “just” invade your privacy – it could have a serious impact on your mental health and well-being. Here’s how to keep an eye on your laptop’s camera.
Our 24/7 digital lives mean that we increasingly sit in front of a screen, whether it’s a laptop, smartphone or other device. This usually means that we are also sitting in front of a camera. Some of us rarely used this feature, until the pandemic hit and saw housebound workers and bored college students turn on their webcams to stay connected with the rest of the world. But while online cameras can provide a lifeline for friends and family, and a near-ubiquitous way to join meetings, they also put us at risk.
Whether it’s financially motivated cybercriminals, stalkers, bullies, trolls, or just plain weirdos, the tools and knowledge needed to hack webcams have never been easier to find online. This forces us all to become more aware of the risks and take steps to improve our online privacy and security. Much of it is common sense. Part of it has to be learned behavior.
The truth is, camfecting doesn’t just invade your privacy. It could have a serious impact on your mental health and well-being. For every creep that has been arrested and imprisoned, there are many more still stalking the digital world in search of victims.
How is webcam hacking done?
When it comes to cyber threats, our attackers often hold most of the cards. They can choose when to hit and how. And they only have to get lucky once to recoup their investment of time and resources. An underground economy of cybercrime worth trillions a year provides them with all the tools and know-how needed to launch attacks.
Here are some ways they might consider invading your privacy:
- Remote Access Trojans (RAT) are a special type of malware that allows an attacker to remotely control a victim’s machine or device. By doing so, they could turn on the camera without activating the light, record and then send the video files to each other. The same software can be used to log keystrokes, allowing them to steal passwords, banking details and more. RATs can be deployed like any other malware via:
- malicious links or attachments in phishing emails
- malicious links in messaging apps or social media
- Legit-looking but malicious mobile apps
- Vulnerability exploits are theoretically another way for hackers to hijack webcams to invade people’s privacy. The software contains errors because it is written by humans. And some of these errors can be exploited to help malicious actors do things like remotely compromise devices. Security researchers and hackers are in an endless race to find them first. Apple recently paid a researcher over US$100,000 for a vulnerability he found in macOS that could have enabled webcam hacking, for example. If we don’t keep our PCs, Macs, and devices updated with the latest versions of software and operating systems, bad guys could always exploit them.
Home Security Devices Exposed are a slightly different case, but still represent a major privacy risk. CCTV cameras, baby monitors and other devices are increasingly becoming part of the smart home. Yet, although they are designed to keep our families safe, they could be hijacked by attackers. This can happen via vulnerability exploits, as above, or it can be done simply by guessing our passwords, or “brutally forcing” them via automated software that tries stolen logins on new accounts to see if we reused them.
The threat is real
Unfortunately, camfecting is far from a theoretical threat:
In 2019, an international law enforcement operation targeted sellers and users of the Imminent Monitor RAT. Some 13 of the RAT’s “most prolific users” have been arrested and 430 devices seized, although police have warned it has been sold to more than 14,500 buyers worldwide.
In January 2022, a A British man has been jailed for more than two years after using RATs and other cybercrime tools to spy on women and children. He allegedly used fake profiles on messaging apps to contact his victims, persuading them to download the RATs through malicious links. This gave him access to their machines and devices, where he hijacked webcams and searched for photos and recorded videos containing compromising images.
See the light: How to check if someone has hacked into your webcam
Unfortunately, many webcam hackers reside far from the victim, in countries that turn a blind eye to this type of activity, especially when it is carried out by professional cybercriminals seeking to extort their victims or sell personal data by line. It is therefore more important than ever that we take proactive measures to check whether we are being targeted.
Here are some signs that your webcam has been hacked:
- The camera light comes on – although some hackers may conceal their attacks by turning off the camera light, this is not always the case. If it turns on when you’re not using it, the device may have been hacked.
- There are strange files on your computer – even if a hacker has stolen footage from your webcam, there may still be files saved on your computer. Look for anything unusual, especially in documents or video folders on your hard drive.
- There are unusual applications on your system – One of the most common ways for hackers to remotely record through your webcam is with a RAT. Run a malware scan and see if it alerts you to software that shouldn’t be on your PC or device.
- Your settings have been changed – another thing malware like RATs typically do is interfere with the security software running on your machine, or the underlying operating system, to make their lives easier. Check if any security features have been disabled.
What happens if you are contacted by someone claiming to have hacked into your webcam? It’s less of a telltale sign than you might think. Opportunistic scammers often use certain information from a previous breach, such as an old email and old password, as “proof” that they accessed your device and webcam. They will try to trick you into sending them money in cryptocurrency to stop them from emailing compromising images or videos to all your contacts. Check the tips above and unless there is hard evidence that the scammers are telling the truth, just ignore these sextortion attempts.
How to prevent webcam hacking
Staying safe from webcam hackers requires vigilance and security best practices. Make sure your PC, mobile device, or smart home device is always on the latest software and preloaded with anti-malware software. Make sure it’s protected with a strong, unique password or passphrase, as well as two-factor authentication (2FA) if possible. Do not click on links in unsolicited communications. And cover your camera lens when not in use, though that won’t stop criminals from eavesdropping through your microphone.
Also be sure to check out these tips from ESET Global Security Advisor, Jake Moore, whose advice will be helpful for parents and everyone else.