Not a day goes by that we don’t hear about cybersecurity threats – be it data breaches, phishing scams, ransomware, and viruses – but what about protection against someone remotely accessing your webcam?
After all, Facebook founder Mark Zuckerberg and former FBI Director James Comey both put tape over their computer’s camera when not in use, so perhaps you should, too.
Aug 08, 2018 Porn Blackmail Scam Rattles Mac Users: What You Need to Know. Posted on August 8th, 2018. These porn blackmail emails appear to be fake. Yes, your Mac’s camera can be hacked, but in the case of the porn blackmail scam, we have no indication that the threat is real. The video the scammer’s claim to have of you is not real. Mar 01, 2018 A hacker can take over your camera to snoop and take pictures, as federal prosecutors disclosed in the case of an Ohio man in January. Apr 14, 2018 The exploit can hack CCTV camera by getting the IP camera internal user list and setting a new password for one of them according to your choice.
You don’t need to be a powerful person in the public eye to be concerned. In January, the U.S. government charged an Ohio man for 13 years of cyber theft , alleging he used malware to steal personal data from thousands of people, plus take over cameras and microphones that allowed him to 'to surreptitiously record images and audio.'
If you’re not sure what to do, the following are a few precautions you can take to minimize the odds of this happening.
Unplug or cover up
If you’re using an external webcam – that is, one that plugs into your computer’s USB port – only connect it when you need it. Yes, it can be a pain to remember to plug it in whenever you want to Skype or FaceTime with someone, but at least you’ll know 100% noone is spying if there’s no camera connected.
Some external cameras have a small cover you can close over the webcam lens, so be sure you take advantage of this when you’re not using it. If your webcam doesn’t have this, you can point it to the ceiling until you need it (but that doesn’t mute the microphone) or place a small piece of electrical tape on the front of the webcam. But don’t place it directly over the lens or else it could leave a sticky residue. You can also buy little stickers or covers to place over your laptop’s lens.
More: 5 security mistakes you're probably making
More: A Website live streamed unsecured webcams like one at a daycare center
Use anti-malware software, good passwords
If your laptop or desktop has a built-in webcam, be sure to have good computer security software installed (which you should have anyway, of course). A strong security suite includes antivirus, anti-spyware, a firewall, and other tools to keep the bad guys from getting in. It’s critical to keep the security software up to date.
Many webcam hackers use Trojan horse malware to secretly install and run remote desktop software without your knowledge. You may think you’re downloading one thing, when in fact it’s carrying a hidden payload. Don’t click on attachments or any suspicious links in an email, text, or social media message.
Some web browsers also notify you if your webcam is being activated and you may be prompted to agree.
Be sure your wireless network has strong security settings and a good password – not the default one that came with the router — to prevent outsiders from accessing your Wi-Fi network without your consent. Resist using free, unsecured public Wi-Fi hotspots in cafés, hotels, and airports.
Another tip is to go to the webcam’s settings/options and enable some kind of notification when it’s being used, such as a small light that turns on near the webcam or a sound alert – if it doesn’t do it already. Most will have a small light illuminate when activated.
More: Virgin Media hack risk is a wake-up call to check your router
More: How to keep hackers out of your router
More: Hackers hid malware in CCleaner, a free app meant to clean out computers
Repair? Beware!
If you need to have your computer repaired, take it to a trustworthy source and then ensure remote access programs aren’t on your laptop or desktop you didn’t install yourself. If you find something, immediately uninstall it and bring it to a trusted source.
On a related note, be cautious about where you solicit remote tech support. Don’t let a technician take control over your computer to help you, unless you fully trust the source.
More: Web-connected medical devices are great. Unless...
More: Time to do a 15-minute cybersecurity makeover
Follow Marc on Twitter: @marc_saltzman. E-mail him at www.marcsaltzman.com.
Zoom, the popular video call service has had a number of privacy and security issues over the years and we’ve seen several very recently as Zoom has seen usage skyrocket during the coronavirus pandemic. Now two new bugs have been discovered that allow hackers to take control of Macs including the webcam, microphone, and even full root access.
Update 4/2: Zoom has issued an apology for its privacy and security gaffes, patched these two most recent Mac bugs, and laid out a plan for the next 90 days to improve the service.
But if you’re still wanting to switch to another option, check out our roundup of 10 Zoom alternatives here.
Reported by TechCrunch, the new flaws were discovered by Ex-NSA hacker Patrick Wardle, now principal security researcher at Jamf, who detailed his findings on his blog Objective-See.
Mac Camera Hacked
Wardle goes through a history of Zoom’s privacy and security issues like the webcam hijacking we saw last summer, the calls not actually being end-to-end encrypted as the company claims, the iOS app sending user data to Facebook, and more.
That brings us to today. Wardle’s new bug discoveries mean Macs are vulnerable to webcam and mic takeover again, in addition to taking gaining root access to a Mac. It does have to be a local attack but the bug makes it relatively easy for an attacker to gain total control in macOS through Zoom.
Mac Camera Hacked
As such, today when Felix Seele also noted that the Zoom installer may invoke the AuthorizationExecuteWithPrivileges API to perform various privileged installation tasks, I decided to take a closer look. Almost immediately I uncovered several issues, including a vulnerability that leads to a trivial and reliable local privilege escalation (to root!).
Wardle describes the entire process in technical detail if you’re interested but the flaw comes down to this:
To exploit Zoom, a local non-privileged attacker can simply replace or subvert the runwithroot script during an install (or upgrade?) to gain root access.
Then, a second flaw Wardle discovered allows access for hackers to access a Mac’s camera and mic and even record the screen, all without a user prompt.
Unfortunately, Zoom has (for reasons unbeknown to me), a specific “exclusion” that allows malicious code to be injected into its process space, where said code can piggy-back off Zoom’s (mic and camera) access! This give malicious code a way to either record Zoom meetings, or worse, access the mic and camera at arbitrary times (without the user access prompt)!
Zoom didn’t respond to TechCrunch after a request for comment. With the millions of people using Zoom with the current global health crisis, hopefully, we see a fix real fast!
Mac Camera Hacking
FTC: We use income earning auto affiliate links.More.