Microphone and camera hacking is when an attacker gains remote access to a device’s camera and microphone – usually with the intent to record or spy on the device user.
Dubbed ‘camfecting,’ historically, it’s individuals who have been viewed as the main victims of webcam hacks. However, businesses are also at significant risk of camera and microphone hacking. Smartphones, laptops, PCs, and CCTV systems are all vulnerable, and a successful breach can be devastating. Through camera and microphone access, hackers can record meetings, learn information about your business and clients, or even gain deeper access to your devices and probe for sensitive data to use in a ransomware attack.
Anyone who’s ever taped over their device’s webcam is aware that camera and mic hacking is a risk. But what are the signs that a hack has taken place?
Anthony Green, CTO of cyber security company FoxTech, discusses how to spot a camera or microphone breach.
“The IBM Security ‘Cost of a Data Breach Report’ found that it takes, on average, 207 days between a hacker breaching a system, and the victim becoming aware of the attack. With video conferences cemented as a lasting legacy of the pandemic, and a boom in employees using potentially insecure personal devices for business tasks, it’s more crucial than ever that organisations can spot the signs of a camera and microphone hack, so they can work to swiftly eject the attacker from their system before it’s too late.”
FoxTech provide their guide to spotting the clues that your camera and microphone have been hacked.
The webcam indicating light is on – but you’re not using your camera
On a laptop or desktop, most webcams will have an LED indicating light which turns on when the webcam is in use – such as when you are in a video conference or meeting. If this light appears when you are not using the webcam, it might be a cause for concern. Keep an eye on your security camera’s LEDs too – fast blinking is usually an indication that someone is trying to connect to your camera. If it’s not you trying to connect, then you need to get your in-house security team, or a third party cyber security consultancy firm, to investigate.
You webcam light turns on when you launch your browser
If your webcam light is activated every time you launch your browser, this is clear evidence that an attacker has gained access to your webcam and mic through a malicious browser extension. To find out which extension is the culprit, reboot your computer, and, one by one, deactivate your browser extensions – keeping an eye on the indicator light.
You can hear strange background noises
If you can hear any unusual sounds in the background of your business calls, or through your CCTV cameras, this is another sign that your camera has been hacked. Sometimes, hackers deliberately make themselves known through your camera’s two-way communication function. Listen out for anything from voices trying to stir up conversation to minor noises such as a small beeping.
Increased network traffic or data usage
For an attacker to access your device’s webcam or mic, or your CCTV camera, they must send the video and audio files through your router. Most routers and gateways will monitor data traffic, and some will show when the traffic came through. If there are large spikes in traffic at times you know you haven’t accessed your camera, then it’s an indication that intruders may have gained access.
You notice unusual application settings
Malware can change your device setting to make it easier for the intruder to gain access. On smartphones, PCs and Macs, hackers will enable the camera and microphone on an unexpected application (or on an app they have installed themselves). Look out for new apps on your device that you don’t remember installing and check your application permission settings. Make sure that camera and microphone access is only permitted on apps where it is strictly necessary.
Checking an Android phone
Settings > Apps > Advanced > App permissions > Camera (or Microphone) > Use toggle next to each app to revoke permission.
Checking an iPhone
Settings > Privacy > Camera (or Microphone) > Use the toggles next to each app to revoke permission.
Checking a PC
Settings > Privacy > Camera (or Microphone) > Use the toggles next to each to revoke permission.
Checking a Mac
Settings > Security & Privacy > Privacy > Camera (or Microphone) > Untick the box next to each app to revoke permission.
So, what can businesses do to protect themselves from camera and microphone hacking?
Anthony comments:
“Revoking unnecessary app permissions, and regularly reviewing them, is a great first step to protecting your business. In the cyber security industry, devices are known as ‘endpoints’. According to a recent study by the Ponemon Institute, 68% of organisations have experienced one or more endpoint attacks that successfully compromised their data and/or their IT infrastructure. It’s vital to make it difficult for attackers to gain access to your system through insecure endpoints, so enhancing the security of your devices will enhance the security of your whole organisation.”
Organisations should:
- Read the Device Security Guidance resources on the National Cyber Security Centre’s website (NCSC)
- Find out more about endpoint security through FoxTech’s video resource: does endpoint security matter?
- Be aware that bring your own device (BYOD) policies increase the risk of endpoint security attacks. Boost your security by following the NCSC’s steps to making BYOD as safe as possible.
- Always install the latest software updates. Security issues may not be fixed on outdated software.
- Get a free CyberRisk score from FoxTech, which will provide your organisation with a detailed report showing how high or low your risk is of being hacked.