thepoliblog

How to Block the Evil Eye on Your Computer

“Webcam000c1” by Simon.zfn – Own work. Licensed under Public domain via Wikimedia Commons – http://commons.wikimedia.org/wiki/File:Webcam000c1.jpg#mediaviewer/File:Webcam000c1.jpg

You may have turned your webcam off.  But malware may have subsequently turned it back on.

You may think that your face, voice, actions, and the appearance of your current location are private, when they are not.

This danger has been known for a while.  The Wikipedia page on webcams says “… privacy is lost when Trojan horse programs allow malicious hackers to activate the webcam without the user’s knowledge, providing the hackers with a live video and audio feed.  …  Some webcams have built-in hardwired LED indicators that light up whenever the camera is active [, but] sometimes only in video mode. It is not clear whetherthese indicators can be circumvented when webcams are surreptitiously activated without the user’s knowledge or intent, via spyware.”

We have recently learned that the problem is far worse than that.  We know that from a report by Morgan Marquis-Boire that was published by The Citizen Lab (University of Toronto, Munk School of Global Affairs), as summarized by two recent articles in the Washington Post: How your cat video addiction could be used to hack you, by Andrea Peterson and Barton Gellman, and U.S. firm helped the spyware industry build a potent digital weapon for sale overseas, by Barton Gellman.  Both articles contain important revelations that are not discussed in this blog post, and are well worth reading.  The second article even provides a link for downloading Marquis-Boire’s report.

The report and the articles describe how watching a YouTube video,or visiting just about any web site, or updating a Flash player or Java, can result in malware being surreptitiously installed on your computer, without the web site cooperating or even knowing that it was infectious.

This has become another route by which hackers can install in your computer malware for turning on your webcam, against your will and without your knowledge.

The present blog post will concentrate on ways to prevent being viewed when you think that your webcam is off, but has secretly been turned on.  As discussed below, defences against being overheard are fewer than defenses against being seen.

The countermeasures described here are fairly obvious, and may be well known.  But the obvious is often what most needs to be repeated.  (That is why there are sermons and other pep talks.)

The history of breached defenses against hacking suggests that there is probably no way to ensure that any defense based on software or on electronics cannot be overcome.  So the safest defenses are physical blocks that only you can control and inspect.  These blocks are all free or inexpensive, and are very simple.

If your webcam can readily be disconnected, by far the best countermeasure would be leave the webcam physically disconnected from the computer except when you want the webcam to be activated.  That would prevent capture of your audio as well as of your video, unless you are using a voice-operated computer or a headset with a microphone, which would provide alternate routes for audio signals to enter your computer.

If it is cumbersome to disconnect and reconnect your webcam, it may be possible to hang a piece of paper or cardboard or cloth over the webcam’s optical aperture.  The webcams audio transmissions would continue, however.

If the placement of the webcam makes it difficult to loosely drape anything over its optical aperture, then it should still be possible to block the aperture with an opaque removable adhesive tape: transparent or semi-transparent tape that hosts a strategically-placed piece of paper, or a small adhesive bandage (either a strip or a disk), or a removable adhesive sticker such as those that children play with, or such as the stickers that are used to temporarily mark luggage or other items.  Of course, you’d want to be sure that the adhesive never touches any optically coated lens or screen.  Again, these methods would not block the audio.

The caption on http://en.wikipedia.org/wiki/Webcam says “Webcams typically include a lens (shown at top), an image sensor (shown at bottom), and supporting circuitry.” “Sweex USB webcam PCB with without lens close up” by Original uploader was Mike1024 at en.wikipedia – Originally from en.wikipedia. Licensed under Public domain via Wikimedia Commons – http://commons.wikimedia.org/wiki/File:Sweex_USB_webcam_PCB_with_without_lens_close_up.jpg#mediaviewer/File:Sweex_USB_webcam_PCB_with_without_lens_close_up.jpg”

It is a shame that to protect themselves against criminals and intrusive governments, everyone now has to take precautions that formerly were needed only by dissidents in countries run by repressive governments.

One of several versions of the painting “The Scream” (title: Der Schrei der Natur, ‘The Scream of Nature’) . The National Gallery, Oslo, Norway. (This is the caption in http://en.wikipedia.org/wiki/The_Scream .) “The Scream” by Edvard Munch (1863–1944) – WebMuseum at ibiblioPage: http://www.ibiblio.org/wm/paint/auth/munch/Image URL: http://www.ibiblio.org/wm/paint/auth/munch/munch.scream.jpg. Via Wikipedia – http://en.wikipedia.org/wiki/File:The_Scream.jpg#mediaviewer/File:The_Scream.jpg

If you wish to comment on this post but do not see a box where you can submit a comment, that is because the mechanism for commenting is not available on any page that contains more than one post.  Comment boxes are available only on pages that contain only a single.  So click here, scroll to the bottom of the resulting single-post page, and submit your comment.