There is nothing worse than the feeling you’re being watched. But that’s exactly what can happen with a webcam and an infected computer. Specialized malware designed specifically to access every area of your computer can target your webcam and turn it on, keeping the webcam light switched off, so you’ll never know it happened.
Remote access Trojans (RATs) are dangerous for a whole host of reasons, but their ability to peer directly into your life raises the stakes and makes them a whole lot more terrifying to deal with.
In that, it’s no wonder that RATs are one of the most common types of malware online, and one that you need to watch out for, even if they use sneaky tactics to remain obscured.
Hackers target webcams to catch you in the act
Webcams, IP cams, and security cams are all up for grabs
It’s an unfortunate fact that your webcam is a security and privacy vulnerability in your home. Without the right protections, there is a chance your webcam, IP cam, and security cameras can be turned against you, used to capture video in what should be a safe space.
It’s actually a two-fold issue. You may think that a hacker requires the use of malware to gain access to the various types of cameras in your home. However, with the combination of misconfigured security settings and online tools that scan the internet for such devices, it can be as simple as using default login credentials to peer directly into your home.
That’s not to say that malware isn’t used to access webcams. The most commonly used type of malware used to access webcams is remote access Trojans, which is typically a bundled malware package with multiple tools designed for infiltration and data collection. This type of malware is alarmingly common, too. According to Bitsight research, RATs are the second-most common type of malware, behind only infostealer malware.
Once installed, a remote access Trojan can wreak havoc, giving the attacker extensive access to your system. File access and control, keylogging, screen captures, remote desktop access, and more are all on the table. And of course, the ability to turn your webcam on without notifying you or switching on the tell-tale blinking LED.
You can see some good examples of how a RAT can be used to control webcams and provide access to other cameras on your network in scambaiting videos. Scambaiters often gain access to remote networks using a RAT, then turn the tables on the scammers. It’s great to see scammers being taken down, but it also illustrates just how powerful this malware is.
Your webcam’s LED light is lying to you
Disconnect it or cover it
It’s the blinking LED that is a real problem. We’re accustomed to checking the light next to or around the webcam to show its status, and the indicators are easy to understand. Light on, webcam on.
However, a core RAT feature is webcam control, and especially without alerting you. This process, also known as camfecting, isn’t present in every remote access Trojan, and its success depends on how your webcam is wired into your system.
In that, the biggest issue anyone with an integrated webcam faces is the inability to fully switch it off. Some modern laptops have a proper hardware switch for the webcam, such as the Framework and Librem laptops. But the majority of laptops still have integrated hardware without a specific security switch. Others hide the webcam in the keyboard, meaning you have to physically open the keyboard for it to work.
If the webcam light is connected directly to the camera’s power, it should light up whenever the webcam is in use. However, if the webcam light is controlled using software or firmware on the target device, there is a stronger chance that the webcam light will be disabled.
Either way, it’s a common enough RAT feature to be worried about; it’s a real privacy problem.
Anyone using a USB webcam has an easier option: disconnect it from the USB port when you’re not using it. If it’s not plugged in, it can’t be accessed or used.
Grab the nearest roll of tape
And check your login credentials on every device
Back in 2016, there was collective surprise and worry when images of Meta CEO Mark Zuckerberg’s taped-up webcam were published online. It immediately sparked conversation around webcam privacy and security: if one of the world’s richest and most powerful tech-bros was covering his webcam, should we all do the same?
The answer is still, as it was then, yes. You should absolutely keep your webcam covered at all times when using a laptop or device with an integrated camera. It’s one of the easiest pieces of privacy protection you can take, and most folks have a roll of tape lying around somewhere. I’d also advise you to keep your smart TV camera covered for the same reasons.
If you want to go a little bit more upmarket and stylish, you can opt for a Webcam Cover, which typically only costs a few bucks and blends in a little better.
Alternatively, you could opt for a laptop that takes webcam privacy seriously. At IFA 2024, Honor revealed the MagicBook 14 Art, with a unique proposition for this problem. Instead of embedding the webcam in the bezel or under the screen, the MagicBook 14 Art webcam is completely separate, attachable using magnets.
It’s a novel solution to protect against someone accessing your webcam, and the laptop looks incredibly stylish while protecting your privacy.