How to check if your webcam has been hacked and what to do to prevent it

The ‘camfecting’, the attempt to hack a webcam and activate it without the permission of its owner, is a phenomenon that has proliferated as a result of the Covid-19 pandemic due to the rise of teleworking and video calls.

The ‘webcams’ are used daily to connect their users with other people both professionally and personally. They are present in everyday equipment such as mobile phones, laptops and tablets. However, the ‘software’ company specialized in cybersecurity ESET points out in its latest report that they can also pose a great danger.

This act of ‘hacking’ and espionage “not only invades privacy, but can seriously affect people’s mental health and well-being”, which is why ESET points out that “it is more important than ever to be more aware of the risks and be prepared to take steps to improve our online privacy and security.

The cyber attacker can manage to ‘hack’ a ‘webcam’ through remote access trojans (RATs, for its acronym in English), which are a type of ‘malware’ that allows remote control of the victim’s device. Thus, he can turn on his ‘webcam’ without activating the light, make recordings and send the video files.

These RATs can infect a device like any other ‘malware’ through malicious links or attachments in ‘phishing’ emails or in messaging and social networking applications, as well as other malicious mobile ‘apps’ that impersonate the appearance of the official.

The attacker can also use ‘exploits’ that take advantage of vulnerabilities and bugs in programs to gain unauthorized access to a computer or take control of a system.

Home security devices, such as CCTV cameras and baby monitors, pose a particular situation, not quite the same as mobile phones or computers with integrated cameras.

These devices are designed to keep people safe, but “they could be hijacked by criminals,” they point out from ESET. This could happen through vulnerability exploits or it could be done by simply guessing our passwords, or forcing them through automated software that tests stolen logins across new accounts to see if we’ve reused them.

HOW TO KNOW IF THE WEBCAM HAS BEEN HACKED

ESET underlines that “webcam hacking is a real threat”, and therefore points out some signs that the user should pay special attention to in order to know if their camera has been compromised, for example, in case the light of this component lights up when it is not being used by the user.

Another aspect to take into account is the “strange” files saved on the computer, since if an attacker has ‘hacked’ the ‘webcam’, it is likely that there are saved files of this activity on the computer, especially those located in ‘Documents ‘ or in the video folders on the hard drive.

The company also encourages users to check if they see any “unusual” applications on their device, which could contain RATs. And pay attention to the configuration, since this type of ‘malware’ usually disables some security function.

In the event that someone contacts the user to inform him that his camera has been ‘hacked’, one should not fall into what could be a trap from the start. As the Director of Research and Awareness of ESET Spain, Josep Albors, explains, “opportunistic fraudsters often use some information from a previous breach, such as an old email and password, as ‘proof’ that they have accessed your device and your webcam” and “they will try to trick you into sending them money in cryptocurrencies to prevent them from emailing compromising images or videos to all your contacts.”

However, to prevent someone from accessing the ‘webcam’, ESET recommends having the device software always updated and with the protection of an ‘antimalware’ program. Also confirm that it is protected by a strong and unique password, in addition to a two-factor authentication system (2FA) if possible.

The company also advises not to click on the links of unsolicited communications and, finally, to cover the camera lens when it is not being used, although this measure will not prevent criminals from listening through the microphone of the device.

.

By Editor