The term “cyber security” typically calls to mind images of IT professionals furiously typing lines of gibberish into a command line terminal on a computer, setting up firewalls, defending against viruses, and building secure wireless networks. But there’s more to cyber security than just code, permissions, and settings.
The practice of covering webcams with a piece of tape requires no knowledge of IT procedures. At first, as far back as 15 years ago, those who covered their webcams with tape were viewed as paranoid. But now FBI Director James Comey and Facebook CEO Mark Zuckerberg actually encourage the practice.
Simply covering a webcam when it’s not being used, however, isn’t enough to ensure total security against webcam hackers. Students interested in pursuing a degree in cyber security can learn how hackers gain access to webcams and other private feeds, what they can do once hackers gain access, and how to keep webcam access private.
A Weak Link In Personal Security
Hackers use a number of programs that, once installed on a computer, allow remote access to webcam and microphone feeds. One of the most popular is called Meterpreter.
“Meterpreter has the power to do numerous and nearly unlimited things on the target’s computer. The key is to get Meterpreter installed on their system first,” informs anonymous hacker and Null-Byte Wonder How To contributor OccupyTheWeb in the 2016 blog post, “How To Secretly Hack Into, Switch On, And Watch Anyone’s Webcam Remotely.”
“[Meterpreter can be installed by getting] the victim to click on a link to a malicious website, send a malicious Microsoft Office document or Adobe Acrobat file, and more,” Null-Byte Wonder wrote. Once Meterpreter is installed, according to OccupyTheWeb’s eye-opening article, the hacker can use Metasploit on his or her own computer to run Meterpreter remotely.
Many programs like Metasploit and Meterpreter were originally written for surveillance purposes or ethical hacking. Unfortunately, programs that are supposed to be used ethically can also be used unethically.
“Through the tools that carry out online surveillance, it is possible to intercept the information flow taking place between devices and the microprocessor of the target device,” Giuseppe Vaciago and David Silva Ramalho wrote in a journal entry, “Online Searches and Online Surveillance: The Use of Trojans and Other Types of Malware as Means of Obtaining Evidence in Criminal Proceedings,” in Digital Evidence and Electronic Signature Law Review.
“[Intercepting information flow allows] the remote control centre to monitor in real time whatever is displayed on the screen (screenshot), keyed in through the keyboard (keylogger), verbalized through the microphone, or seen through the webcam of the target system under surveillance.”
As technology progresses, the danger of video and audio feed hacking is growing. Now, instead of just webcams and onboard microphones, hackers have access to smart watches, GoPro cameras, WiFi-connected CCTV security cameras and baby monitors, drones, connected toys, and personal assistants such as Amazon Alexa and Google Home.
Vulnerabilities In A Webcam-Hacked System
In the TV series Mr. Robot, written by Sam Esmail, a street vendor gives a music CD to a targeted victim. When the victim plays the CD on his computer, a hacker gains access to his webcam and blackmails him.
The Mr. Robot scene illustrates how unassuming social engineers can enable a dangerous hack. With access to a webcam and microphone, a hacker can do anything from watching a victim undress to learning enough to steal the victim’s identity.
Webcam hackers will know exactly when you’re not going to be home, making burglary planning easier. Recorded audio files could also be used for blackmail, and simply eavesdropping on conversations can provide valuable clues to passwords.
In the near future, authentication technology will begin to make use of webcams and microphones in an effort to boost authentication security. In fact, biometrics technologies such as face recognition, fingerprint readers, and iris scanners have already found their way onto some devices.
Soon, 4-D authentication may be used. “We propose to add another key to the current scheme: an encrypted string that encapsulates a gesture that the user is supposed to make with his hands, in front of a webcam, apart from his password,” Bhavana Borkar, Shiba Sheikh, and P.D. Kaware wrote in their paper, “4D Password Mechanism,” in the Imperial Journal of Interdisciplinary Research.
However, since 4-D password technologies will make use of webcams, a compromised webcam could easily mean a compromised authentication.
Protect Against Hacks And Exploits
So how are people supposed to protect themselves against hackers gaining access to webcams, microphones, and other data feeds?
Cyber security professionals can protect a network against Meterpreter/Metasploit attacks by, ironically, using Metasploit to discover vulnerabilities. Those vulnerabilities can then be patched. IT personnel can ensure that applications and programs are run with the smallest number of privileges possible and that networks are limited specifically to trusted hosts.
Individuals also can take the following steps to decrease the chances of a webcam hack attempt:
- Cover your camera and/or microphone with either a strip of tape or a purchased webcam cover.
- Turn devices off when they are not in use. Booting back into tablets, laptops, and other devices may take an extra minute or so, but a device that is turned off is exceedingly more difficult to hack.
- Install trusted antivirus software and keep it updated. The malware used to access webcams can be easily eliminated through antivirus scans.
- Go into the webcam settings and turn on the notification light. The little light on webcams will be lit whenever it is in use, so if the light is on when you are not using the webcam, a hacker may well be accessing it.
- Secure your wireless network with a complex password that will be difficult for hackers to decrypt.
- Secure IoT devices and anything else that connects to a network by changing the factory default administrator names and passwords on each device.
- Do not click on links or open attachments from unknown email sources. And be careful not to agree to terms that give access to webcam and audio feeds.
- Disable remote access on all computers or devices. If need be, you can turn them back on at a later time to allow remote customer service support.
“Hackers may contact you saying there are some problems with your computer,” software and marketing expert Omri Toppol wrote in his 2016 Log Dog’s blog post, “How to Check if Your Webcam was Hacked.” “They will try and convince you to download remote-access software that will allow them to fix those alleged problems.”
Be cautious and don’t trust unknown emails, links, customer service messages, or social network profiles.
Maryville University – Online Degree in Cyber Security
Maryville University’s online cyber security bachelor’s degree offers advanced training in current ethical hacking techniques, mobile security, digital forensics, and malware analysis. All skills are learned and practiced in Maryville University’s virtual training lab. Upon graduation, students may qualify for high-paying positions such as networking consultant, information security manager, security analyst, or network architect in some of the world’s largest tech companies. Contact Maryville University for more information.
How To Secretly Hack Into, Switch On, And Watch Anyone’s Webcam Remotely – https://null-byte.wonderhowto.com/how-to/hack-like-pro-secretly-hack-into-switch-on-watch-anyones-webcam-remotely-0142514/
Online Searches and Online Surveillance: The Use of Trojans and Other Types of Malware as Means of Obtaining Evidence in Criminal Proceedings – http://journals.sas.ac.uk/deeslr/article/viewFile/2299/2252
Mr. Robot, “eps1.2_d3bug.mkv,” Season 1 Episode 2, Directed by Jim McKay, Written by Sam Esmail, USA, July 8, 2015
4D Password Mechanism – http://imperialjournals.com/index.php/IJIR/article/viewFile/458/442
How To Check If Your Webcam Was Hacked – https://getlogdog.com/blogdo