The ‘camfecting’, the attempt to hack a webcam and activate it without the permission of its owner, is a phenomenon that has proliferated as a result of the Covid-19 pandemic due to the rise of teleworking and video calls.
The ‘webcams’ are used daily to connect their users with other people both professionally and personally. They are present in everyday equipment such as cell phones, laptops and tablets. However, the ‘software’ company specialized in cybersecurity ESET points out in its latest report that they can also pose a great danger.
This act of ‘hack‘ Y espionage “not only does it invade privacy, but it can seriously affect people’s mental health and well-being”, which is why ESET points out that “it is more important than ever to be more aware of the risks and be prepared to take measures that improve our privacy and security ‘online’.
The cyber attacker can manage to ‘hack’ a ‘webcam’ through remote access trojans (RATs, for its acronym in English), which are a type of ‘malware‘ which allows remote control of the victim’s device. So you can turn on your ‘webcam‘ without activating the light, make recordings and send the video files.
These RATs can infect a device like any other ‘malware‘ via malicious links or attachments in emails from ‘phishing‘ or in messaging applications and social networks, as well as in other malicious mobile ‘apps’ that supplant the appearance of the official one.
The attacker can also use ‘exploit‘ that exploit vulnerabilities and bugs in programs to gain unauthorized access to a computer or take control of a system.
Home security devices, such as CCTV cameras and baby monitors, pose a particular situation, not quite the same as mobile phones or computers with integrated cameras.
These devices are designed to keep people safe, but “they could be hijacked by criminals,” they point out from ESET. “This could happen through vulnerability exploits or it could be done by simply guessing our passwords, or forcing them through automated software that tests stolen logins through new accounts to see if we’ve reused them.”, they detail.
How to know if your webcam has been hacked?
ESET underlines that “the hacking of webcam it is a real threat”, and for this reason it points out some indications to which the user should pay special attention to know if their camera has been compromised, for example, in the event that the light of this component turns on when it is not being used by the user.
Another aspect to take into account is the “strange” files saved on the computer, since if an attacker has ‘hacked’ the ‘webcam‘, it is likely that there are saved files of this activity on the computer, especially those located in ‘Documents’ or in the video folders on the hard drive.
The company also encourages users to check if they see any “unusual” applications on their device, which could contain RATs. And to pay attention to the configuration, since this type of ‘malware‘ usually disables some security feature.
In the event that someone contacts the user to inform him that he has ‘hacked‘ the camera, do not fall into what could be a trap from the start. As the Director of Research and Awareness of ESET Spain, Josep Albors, explains, “opportunistic fraudsters often use some information from a previous breach, such as an old email and password, as ‘proof’ that they have accessed your device and your webcam” and “they will try to trick you into sending them money in cryptocurrencies to prevent them from emailing compromising images or videos to all your contacts.”
However, to prevent anyone from accessing the ‘webcam‘, from ESET they advise having the device software always updated and with the protection of a program ‘anti-malware‘. Also confirm that it is protected by a strong and unique password, in addition to a two-factor authentication system (2FA) if possible.
The company also advises not to click on the links of unsolicited communications and, finally, to cover the camera lens when it is not being used, although this measure will not prevent criminals from listening through the microphone of the device.