Pinterest Stumbleupon Whatsapp
Ads by Google

Without wishing to scare you, the short answer is: it’s very easy for anyone to view your webcam. The long answer is: some networked webcams require nothing more than a secret URL, while most USB or built-in laptop webcams would need the computer to be compromised first.

Here are three ways of viewing a webcam without your knowledge.

The Obvious: Spy Software

Remote Administration Tools (or RATs) are often installed in corporate environments to help upgrade, configure and track machines remotely. In 2010, two high schools in the Lower Merion School District had lawsuits brought against them for using the remote monitoring features of an application called LANrev without students knowledge. The Mac laptops had been issued and were owned by the school, used by the students for home study. However, the security software that had been installed on these machines contained a feature called Theft Track, which enabled the administrators to remotely view the webcams.

Despite claims that the feature was only used in cases of reported laptop theft, many students reported briefly seeing the webcam indicator light flicker on, and some took measures to tape over camera. The district later admitted 56,000 images of the students had been taken.

A newer version of the software has since been released which has this feature removed.

Ads by Google

Fix the problem: tape over the webcam if you’re using a borrowed machine – you never know who might be watching.

The Easiest: Bugged Networked Cameras

Particular models of TRENDnet cameras that have since been patched and are no longer sold (though thousands remain in use) were vulnerable to the degree that any sane person would find terrifying: you need only know the public IP address of the camera. These cameras are typically used in small businesses, home security, and to monitor children and babies.

Although TRENDnet tried their best to contact the leaked list of affected IP addresses, a year on about 5% of them remain accessible. You can see from the screenshot below that most are now inaccessible. However, it is still possible to scan for these cameras, and more up to date lists can be found on hidden TOR nodes (What is the TOR network? How the Tor Project Can Help You Protect Your Own Online Privacy How the Tor Project Can Help You Protect Your Own Online Privacy Privacy has been a constant issue with virtually all major sites that you visit today, especially those that handle personal information on a regular basis. However, while most security efforts are currently directed towards the... Read More ).

exploited-webcams

I’m not making this up: here’s the live stream from that restaurant which isn’t yet fixed. If you know where it’s located, do let them know.

A number of Foscam branded cameras were all subject to a similar bug, requiring the attacker to simply hit Enter when asked for a username and password to view the live stream. Unfortunately, Foscam also specialise in baby monitors. The difference in this case was that these baby monitors had a built-in speaker, through which the parents could remotely soothe their child. As it turns out, so could anyone who accessed the cam using the hack, as two families (August 2013, April 2014) found out the hard way – having woken up to obscenities being shouted at their babies.

… the camera then turned from his petrified daughter to point directly at him. “Then it screamed at me,” Adam said. “Some bad things, some obscenities. So I unplugged the camera.” (Quote from FOX19 interview)

Fix the problem: if you own a FOSCAM (model numbers: FI8904W, FI8905E, FI8905W, FI8906W, FI8907W, FI8909W, FI8910E, FI8910W, FI8916W, FI8918W, and FI8919W), update the firmware immediately. TRENDnet customers, visit the support page to see the full list of affected models and to download an update.

trendnetBetter still – don’t plug a camera into the Internet, and if you absolutely must, then ensure you register the device with the manufacturer’s website so that should a security breach occur, you’ll be the first to know about it and able to take action. The trouble is of course, that bugs such as this can be in the wild for years before anyone has the slightest clue – as was the case with the recent HeartBleed OpenSSL bug Massive Bug in OpenSSL Puts Much of Internet At Risk Massive Bug in OpenSSL Puts Much of Internet At Risk If you're one of those people who've always believed that open source cryptography is the most secure way to communicate online, you're in for a bit of a surprise. Read More .

More Difficult: Any Webcam

Hacked networked cameras are one thing – they’re designed to broadcast their images anyway, just not normally to the entire world – but is it possible to access any old regular laptop webcam? And would you even know if it was being accessed?

The good news is that generally speaking, no, a hacker can’t simply sit here and type in a URL to look at your webcam. What they can do though, is systematically scan a network for vulnerable operating systems and automatically inject a Trojan if something useful is found. This is fairly easily thwarted by staying behind firewalls, closing ports that aren’t needed and staying up to date with security fixes – in other words, taking a basic level of precautions. This is why using Windows XP is now thoroughly dangerous What The Windows XPocalypse Means For You What The Windows XPocalypse Means For You Microsoft is going to kill support for Windows XP in April 2014. This has serious consequences for both businesses and consumers. Here is what you should know if you are still running Windows XP. Read More : there will be untold numbers of bugs left unfixed from this point forward.

Armitage - a GUI for the Metasploit framework which makes finding and exploiting vulnerabilities very easy indeed
Armitage – a GUI for the Metasploit framework which makes finding and exploiting vulnerabilities very easy indeed

Instead, it’s more likely a hacker will simply ask you to install a Trojan, and you’ll do it quite willingly. This might be through a malicious email attachment disguised as a .scr or .exe file; a rogue webpage which you visit in a vulnerable browser (Internet Explorer 9 ,10 and 11 were recently affected by this nasty bug), or something as simple as a phone call from a purported Microsoft employee What Should You Do After Falling For A Fake IT Support Scam? What Should You Do After Falling For A Fake IT Support Scam? Search for "fake tech support scam" and you will understand how common it is across the world. Some simple precautions after the event could help you feel less of a victim. Read More offering to fix your virus infected Windows machine (which wasn’t infected, but now is).

The point is that once the attacker has installed their Trojan root kit on your machine, anything is possible – including opening up your webcam stream. The tool most commonly in use today is called Metasploit, which once installed opens up a smorgasbord of remote control functions, including key logging and remote viewing of webcams. Your system is thrown wide open for the hacker.

Most webcams have some kind of LED that indicates when it’s on, but depending on the hardware this can be bypassed – so you wouldn’t even know.

So the answer to “how easy it for someone to hack my webcam?” is really… it depends. But you can make it as difficult as possible by having the latest security updates installed and running a reputable virus protection system, as well as simply educating yourself about the various attack vectors that hackers will use How A Computer Virus Spreads Online, And What You Can Do To Stop It How A Computer Virus Spreads Online, And What You Can Do To Stop It Viruses are tricky. They exploit your computer's every possible vulnerability; and if there are none, they'll wait until you make a mistake -- by opening an attachment you're not supposed to or clicking on a... Read More .

  1. yapity
    June 3, 2016 at 8:17 am

    Glad to know it isn't that easy for built-in cams. I actually work supporting security cameras, and I know about some of these other brands that are so vulnerable. I can't believe they're still in business. Thankfully none of our cameras are vulnerable this way as far as I know.

    I read about a girl who had her webcam hacked by this guy she was chatting with and then I was really paranoid.

  2. Qat
    March 5, 2016 at 9:25 am

    This article was extremely helpful and well written. Thank you very much for putting a lot of thought into it, Mr. Bruce.

Leave a Reply

Your email address will not be published. Required fields are marked *