The AchieVer Posted February 11, 2019 Share Posted February 11, 2019 Should you be scared of your laptop’s webcam? Pretty much every laptop – and for that matter, tablet and smartphone – has at least one camera fitted that's pointing at how all the time. But how worried should we be about eyes on us? Can the nefariously-minded switch them on to spy on us? Last week, WSJ's Joanna Stern posted a piece in the Personal Tech column that pondered an interesting question related to the cameras that are now embedded into modern laptops – "How secure are these tiny eyes into our private lives?" Interesting question. Well, tell me Personal Techcolumn, how secure are these things? The bad news is, it was possible for Mr. Heid [a certified ethical hacker ethical hacker and chief research and development officer at Security Scorecard] to get into my Windows 10 laptop's webcam and, from there, my entire home network. He also eventually cracked my MacBook Air. That sounds pretty bad, and might have many reaching for the electrical tape to cover their cameras. However, the very next sentence deflates much of the drama of its predecessor. The good news is that both operating systems were initially able to thwart the hacker. It took me performing some intentionally careless things for him to 'succeed.' Hmm… "some intentionally careless things." Must read: Apple products you shouldn't buy (February 2019 edition) This is where the narrative starts to fall apart. In fact, the hoops that Stern had to go through to allow the "hacker" access to a Windows 10 machine were quite detailed. Stern even goes as far as admitting to having "played along" with Heid's requests. When I opened the attached Word doc, Microsoft 's built-in, free anti-virus software, Windows Defender, immediately flagged it. When I clicked the link to the "reel," the file that began downloading was identified as a virus and deleted. The system worked, but I wanted to see what would happen if I were someone who didn't have anti-virus turned on in the first place, or who turned it off because it got annoying. I went into Windows settings and disabled real-time virus protection. I was able to download the 'reel' without issue. But when I double-clicked the document, Microsoft Word opened it in a protected view. I intentionally dismissed the warning sign and enabled editing of the document. That's a lot of playing along. In fact, it's only a few steps short of a hacker asking the victim to mail them the laptop, making sure to write the login password on a post-it note. Getting into a macOS system was even more convoluted. Hacking a 2015 MacBook Air running the latest MacOS version, Mojave, also required a multistep process (and some missteps by the "victim"). This time the malware was embedded in an .odt document, an open-source file format. To open it, I downloaded LibreOffice. The free version of the popular open-source office suite isn't in the Mac App Store, however, so I had to disable the Mac security setting that prevents unverified developer software installation. This is something that comes up often when downloading the many popular apps that aren't in the App Store. (I could have paid $14 for a version in the App Store, however.) Once I installed LibreOffice, I turned off its macro security setting, per the hacker's instructions. There are scenarios where you might do this—say, for instance, because your company used a specially designed inventory spreadsheet or sales form—but for most people, it's a bad idea. Note: According to the piece, Heid was able to pull all this off using "off-the-shelf hacking tools," whatever they might be. I'm sorry, but short of taking a screwdriver and wrenching the camera out of the laptop's bezel, I don't see any way to prevent a hacker gaining access to the system's camera when someone so compliant is at the wheel. If someone is willing to download this, install that, and disable the other, it's like the hacker is sitting at the keyboard, and pretty much has free reign over the system. I'm also confident that someone paranoid enough to have a piece of tape over their webcam isn't likely going to be as obedient, and if they happen to strike that perfect balance between suspicious and obliging, there's little to prevent the hacker coming up with some bogus story to get them to remove the obstruction ("oh, that take on the screen is covering the flux capacitor that's needed to power the decode circuits."). Rather than make me wary of webcam security, Stern's piece reinforces just what a good job modern operating systems do of protecting users from hackers, even throwing up warnings to try to protect them from their unconscious incompetence. For enterprises that hand out laptops to all and sundry, this is where educating users about risks, about not ignoring warnings, and maybe not being so compliant when dealing with random folks remotely who ask them to disable stuff pays off dividends. Maybe there is also a case for having laptops that don't have cameras installed, and to use detachable USB cameras where needed. But that only removes one attack surface. There's nothing stopping the hacker from just asking the oh-so amenable user to just email them the information they want. I also find it interesting that the piece is worried about webcams, and suggesting that sticking tape over them is sensible, while saying nothing about the built-in microphones that are also present in modern laptops. The piece does go on to make some sensible recommendations in relation to password usage – which can be distilled down to "don't reuse passwords, and change ones that have been compromised" – which I think helps to accomplish a lot more than covering a webcam camera does. That said, if you're using a crusty old laptop running an old operating system that hasn't seen updates in a while, then covering the webcam might not make some sense, but the truth is that it'll just be the tip of the security headache that you're facing. That said, if covering your webcam camera makes you feel better, go for it. It's your laptop, and those eyes are looking into your work and life space. You can use something as simple as electrical tape or a sticky note, you don't need to invest in some special sticker to do the job. But I'd also recommend that you have a bit of a think about why you're doing this. Source Link to comment Share on other sites More sharing options...
Last week, WSJ's Joanna Stern posted a piece in the Personal Tech column that pondered an interesting question related to the cameras that are now embedded into modern laptops – "How secure are these tiny eyes into our private lives?" Interesting question. Well, tell me Personal Techcolumn, how secure are these things? The bad news is, it was possible for Mr. Heid [a certified ethical hacker ethical hacker and chief research and development officer at Security Scorecard] to get into my Windows 10 laptop's webcam and, from there, my entire home network. He also eventually cracked my MacBook Air. That sounds pretty bad, and might have many reaching for the electrical tape to cover their cameras. However, the very next sentence deflates much of the drama of its predecessor. The good news is that both operating systems were initially able to thwart the hacker. It took me performing some intentionally careless things for him to 'succeed.' Hmm… "some intentionally careless things." Must read: Apple products you shouldn't buy (February 2019 edition) This is where the narrative starts to fall apart. In fact, the hoops that Stern had to go through to allow the "hacker" access to a Windows 10 machine were quite detailed. Stern even goes as far as admitting to having "played along" with Heid's requests. When I opened the attached Word doc, Microsoft 's built-in, free anti-virus software, Windows Defender, immediately flagged it. When I clicked the link to the "reel," the file that began downloading was identified as a virus and deleted. The system worked, but I wanted to see what would happen if I were someone who didn't have anti-virus turned on in the first place, or who turned it off because it got annoying. I went into Windows settings and disabled real-time virus protection. I was able to download the 'reel' without issue. But when I double-clicked the document, Microsoft Word opened it in a protected view. I intentionally dismissed the warning sign and enabled editing of the document. That's a lot of playing along. In fact, it's only a few steps short of a hacker asking the victim to mail them the laptop, making sure to write the login password on a post-it note. Getting into a macOS system was even more convoluted. Hacking a 2015 MacBook Air running the latest MacOS version, Mojave, also required a multistep process (and some missteps by the "victim"). This time the malware was embedded in an .odt document, an open-source file format. To open it, I downloaded LibreOffice. The free version of the popular open-source office suite isn't in the Mac App Store, however, so I had to disable the Mac security setting that prevents unverified developer software installation. This is something that comes up often when downloading the many popular apps that aren't in the App Store. (I could have paid $14 for a version in the App Store, however.) Once I installed LibreOffice, I turned off its macro security setting, per the hacker's instructions. There are scenarios where you might do this—say, for instance, because your company used a specially designed inventory spreadsheet or sales form—but for most people, it's a bad idea. Note: According to the piece, Heid was able to pull all this off using "off-the-shelf hacking tools," whatever they might be. I'm sorry, but short of taking a screwdriver and wrenching the camera out of the laptop's bezel, I don't see any way to prevent a hacker gaining access to the system's camera when someone so compliant is at the wheel. If someone is willing to download this, install that, and disable the other, it's like the hacker is sitting at the keyboard, and pretty much has free reign over the system. I'm also confident that someone paranoid enough to have a piece of tape over their webcam isn't likely going to be as obedient, and if they happen to strike that perfect balance between suspicious and obliging, there's little to prevent the hacker coming up with some bogus story to get them to remove the obstruction ("oh, that take on the screen is covering the flux capacitor that's needed to power the decode circuits."). Rather than make me wary of webcam security, Stern's piece reinforces just what a good job modern operating systems do of protecting users from hackers, even throwing up warnings to try to protect them from their unconscious incompetence. For enterprises that hand out laptops to all and sundry, this is where educating users about risks, about not ignoring warnings, and maybe not being so compliant when dealing with random folks remotely who ask them to disable stuff pays off dividends. Maybe there is also a case for having laptops that don't have cameras installed, and to use detachable USB cameras where needed. But that only removes one attack surface. There's nothing stopping the hacker from just asking the oh-so amenable user to just email them the information they want. I also find it interesting that the piece is worried about webcams, and suggesting that sticking tape over them is sensible, while saying nothing about the built-in microphones that are also present in modern laptops. The piece does go on to make some sensible recommendations in relation to password usage – which can be distilled down to "don't reuse passwords, and change ones that have been compromised" – which I think helps to accomplish a lot more than covering a webcam camera does. That said, if you're using a crusty old laptop running an old operating system that hasn't seen updates in a while, then covering the webcam might not make some sense, but the truth is that it'll just be the tip of the security headache that you're facing. That said, if covering your webcam camera makes you feel better, go for it. It's your laptop, and those eyes are looking into your work and life space. You can use something as simple as electrical tape or a sticky note, you don't need to invest in some special sticker to do the job. But I'd also recommend that you have a bit of a think about why you're doing this. Source
straycat19 Posted February 11, 2019 Share Posted February 11, 2019 Web cameras are a vulnerability that have been used in many illegal ways. Whether the average user is a prospective victim is always a matter of debate. However, putting tape over the lens isn't necessarily the best fix. Intelligence agencies and law enforcement go a step farther and physically disconnect the camera in their laptops. That's not to say they don't use webcams. Aftermarket webcams have several advantages over the built in versions. They have better lens systems, can be used as hand held cameras depending on cord length, and they can be removed when not in use which makes them secure. None of my laptops have functional built in web cams, they have all been disconnected, and don't have an ugly piece of tape on the bezel. Link to comment Share on other sites More sharing options...
flash48 Posted February 11, 2019 Share Posted February 11, 2019 6 hours ago, straycat19 said: Web cameras are a vulnerability that have been used in many illegal ways. Whether the average user is a prospective victim is always a matter of debate. However, putting tape over the lens isn't necessarily the best fix. Intelligence agencies and law enforcement go a step farther and physically disconnect the camera in their laptops. That's not to say they don't use webcams. Aftermarket webcams have several advantages over the built in versions. They have better lens systems, can be used as hand held cameras depending on cord length, and they can be removed when not in use which makes them secure. None of my laptops have functional built in web cams, they have all been disconnected, and don't have an ugly piece of tape on the bezel. In addition to built-in web cams, laptops also have built-in mics. Perhaps the microphone also needs to be disabled as well. A hacker may not be able to see but, they can hear. Link to comment Share on other sites More sharing options...
Kalju Posted February 11, 2019 Share Posted February 11, 2019 9 hours ago, The AchieVer said: Should you be scared of your laptop’s webcam? Should you be scared of your laptop’s webcam? The correct answer is - Yes, You should. But much more You should be scared of Your phone built in cameras (yes, it is true cameras, but not camera) and microphones. Link to comment Share on other sites More sharing options...
C.G.B. Spender Posted February 11, 2019 Share Posted February 11, 2019 Sorry if this ruffles your tinfoil hats, but literally nobody is interested in any of our lives. If you want to be "safe" throw away your devices and cut your internet cable. Otherwise keep using your devices normally, Link to comment Share on other sites More sharing options...
Jogs Posted February 11, 2019 Share Posted February 11, 2019 Cameras are much easier to negotiate, just cover them and its okay. But real problem is the microphone, its really difficult to make them non working. Manufacturers should start to provide physical covers or switches for cameras and microphones. Phone are much worse, users carry them everywhere. And phones have cameras on both sides that's a bigger problem. Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.