If you look around you, there's probably at least one internet-connected camera staring you in the face right now. It could be on your laptop, tablet or phone. They are everywhere and a hacker with the right skills, tools, and luck can access that device to spy on you.
Webcams are a serious privacy concern and the fact that they are built into so many things now make it paramount that you know how to mitigate or prevent hackers from using your own hardware against you.
The main attack vector for webcam hacking is malware. This can be part of another software download, an internet worm or some other delivery method such as email attachments. These malware packages can take low-level control of your computer, including the camera. Sending footage or image back home.
While malware is a wide, scattershot approach, sometimes specific camera models will have bugs in their firmware which, once discovered, makes them a target for hacking. For example, it was recently discovered that a wide range of D-LINK IP cameras was vulnerable to hacking, leading to a lawsuit by the FTC.
However you might be hacked, here are some ways to make it harder to become a victim of camera spying. While no defense is foolproof, by following these guidelines you can tilt the odds sharply in your favor.
While there's plenty of great free antivirus software out there, they can and do miss some malware. Which is why you should also install a specialized anti-malware package to deal with this other type of malicious software.
Some webcams have a physical power switch or can be unplugged if they are external. If you can disable the camera in this way while not using it then it's a good idea to do it. Physical disconnection is not possible with laptops or other mobile devices, but desktop users still have this option.
Many webcams have an indicator light which comes on when it is streaming or recording. If the light is coming on when it shouldn't, you should run a malware scan just to be sure. Unfortunately, this is not the most foolproof way to detect spying, since some malware can disable the light while still operating the camera.
The most effective method for built-in cameras is to stick something over the lens so that spying visually is impossible. A small piece of clear tape or a piece of sticky note will usually do. You can take it off when you want to use the camera.
This is by far the most important one. Webcams and IP cameras from respectable companies tend to get security updates quickly. Check often and update your camera's firmware and software as soon as possible.
One way of using webcams to spy on people is to intercept the actual video stream. On platforms like Skype this is unlikely thanks to their encryption, but by using a VPN you encrypt ALL data leaving your computer. In which case, there is essentially zero chance of anyone piggybacking on the camera stream.
We've picked out our favorite VPNs of 2018, which is a good place to start if you don't already have one.
When it comes to IP cameras connected independently to your WiFi network, one of the biggest mistakes people make is not changing the default username and password. Which means that a hacker who manages to bypass your firewall can take over the camera with ease. This is such a simple precaution, yet many people never touch the defaults, leaving them open to exploitation.
On mobile devices, malware is just as much of a problem. Rooted devices running homebrew software and users who sideload applications outside of the official app stores are at a higher risk here. While the malware filters on Google and Apple's app stores aren't perfect, it's very unlikely you'll pick up anything nasty there. If you're not getting your software there, there is no way to tell what has been tacked on by the anonymous provider.
Most of us just absentmindedly tap "allow" when an app asks us for permissions, but we shouldn't. In general, we should think about why a particular app would even need certain types of access. For apps that want camera access, this is twice as important. If you never intend to use the camera with a certain app, don't give it camera permissions. It doesn't need them. Only give camera permissions to apps where such permissions both make sense and you intend to make use of them.
Even if a hacker gets to your camera, they won't stick around long if there is nothing to see. Treat every camera lens pointed to you as live and don't do anything in front of them that you'd be embarrassed to see in public. If you need to do something truly private, don't do it in front of a camera.
The idea that someone could be spying on you through your various web-connected cameras is really terrifying But panic is not going to make the situation any better. So keep calm and follow these simple tips. Hopefully, you'll stay out of sight and out of mind.