It’s surprisingly easy to get into an unprotected webcam. Whether it’s through malware or the network itself not being secured against the internet, webcams are a major source of vulnerability in tech. A solid antivirus is a good start, but it doesn’t solve the root of the problem, the ‘unsecured’ part.
Tape and Stickers
Tape, sticky notes, and stickers are common sights on laptops in public. Most of the time, they work totally fine – if you turn on the webcam, all you see is a haze. However, have you tested the microphone as well? Can you hear yourself? The sticker can’t block that. The sticker may also leave residue, or fall off and render the system worthless.
The little camera slide that some new computers come with is better, but also not perfect. Just like tape, they don’t deactivate the microphone!
Tape is a stopgap, and it won’t protect you from someone getting into the microphone, which can be equally dangerous to your privacy. Some recommend using the aux jack from a broken set of headphones to keep the external microphone form activating, but if you don’t already have a pair with microphone enabled, that’ll cost you money.
There’s a number of websites that compile unsecured webcam footage. In fact, many are open to the public, like Insecam.org. Is it a crime to access unsecured devices? Maybe, it depends heavily on the state, and whether or not the webcam was secured. Even stranger, certain webcams are subject to more rules than others – anything that can record audio may be subject to Federal wiretapping laws in the US, for example. Insecam allows users to trawl through unsecured cameras, and some, like cameras used by weather stations, are entirely public, and just have a nice view of the city. Nothing nefarious is happening with access to this camera. However, baby monitors and personal computers also pop up on the site – and while users can write to request that their computer is removed, they would need to know it’s there in order to ask.
These websites only have access because webcams don’t usually ask the user to create a password for them during set up. The computer itself may be password protected, but the camera software is uniquely accessible as long as the computer is on the network. Even then, if the computer has good antivirus, that doesn’t extend to things like doorbell cameras or baby monitors – the network needs to be exceptionally well-secured to keep these IoT devices safe, not just the computer or phone they’re hooked up to.
Some applications require access to the webcam to function. Things like Skype, Microsoft Teams, or Zoom are obvious! However, some apps don’t really need that information, but they’re getting it anyway. Facebook’s excessive use of personal cameras and computers has been noted before. The app doesn’t need to be open for it to hear you, unless you deny it access to the microphone at first download. Other apps don’t make a point of telling you that they can hear or see you when they’re open, so it’s important to check the permissions a website or download needs for itself before you download it. Android will allow you to individually remove permissions for apps. For example, if you don’t want Discord to have access to your camera, all you have to do is tell it ‘no’ on an Android device’s settings.
It is important to note that doing this for apps will sometimes prevent them from working as intended. To use Discord again, Discord won’t allow you to upload photos unless it’s allowed to use the camera. TikTok is similar – you may have pre-recorded footage to upload, but it wants access to the camera. At that point, the choice is up to you! Just know that permissions may be revokable, and it’s a trade.
What You Should Do
Covering the webcam with tape or a sticky note is a stopgap. What you should do is password protect those items. Legally, it’s a gray area to access a network without authentication features, but bypassing a password is generally illegal. This means that if someone gains access to the webcam even after you’ve password-protected it, it may be possible to prosecute them.
Make sure that apps aren’t using the webcam when they don’t need to be, either! Facebook was notorious for requiring access to location, microphone, webcam, speakers, etc. when it probably didn’t need them. Why? Lots of reasons: they want to sell you ads, they want to sell your data, they want to sell you ideas… basically, anything and everything can be sold to you, the user, if they know enough about you to trigger certain responses. It’s how Cambridge Analytica got to so many people! The better the profile they make, the better their odds are.