Microphone and camera hacking is when an attacker gains remote access to a device’s camera and microphone, usually with the intent to record or spy on the device user. Anthony Green, CTO of cyber security company FoxTech, discusses how to spot a camera or microphone breach.
Dubbed ‘camfecting,’ historically, it’s individuals who have been viewed as the main victims of webcam hacks. However, businesses are also at significant risk of camera and microphone hacking. Smartphones, laptops, PCs, and CCTV systems are all vulnerable, and a successful breach can be devastating. Through camera and microphone access, hackers can record meetings, learn information about your business and clients, or even gain deeper access to your devices and probe for sensitive data to use in a ransomware attack.
FoxTech provides its guide to spotting the clues that your camera and microphone have been hacked:
The webcam indicating light is on – but you’re not using your camera
On a laptop or desktop, most webcams will have an LED indicating light that turns on when the webcam is in use – such as when you are in a video conference or meeting. If this light appears when you are not using the webcam, it might be a cause for concern. Keep an eye on your security camera’s LEDs too – fast blinking is usually an indication that someone is trying to connect to your camera. If it’s not you trying to connect, then you need to get your in-house security team, or a third-party cyber security consultancy firm, to investigate.
Your webcam light turns on when you launch your browser
If your webcam light is activated every time you launch your browser, this is clear evidence that an attacker has gained access to your webcam and mic through a malicious browser extension. To find out which extension is the culprit, reboot your computer, and, one by one, deactivate your browser extensions – keeping an eye on the indicator light.
You can hear strange background noises
If you can hear any unusual sounds in the background of your business calls, or through your CCTV cameras, this is another sign that your camera has been hacked. Sometimes, hackers deliberately make themselves known through your camera’s two-way communication function. Listen out for anything from voices trying to stir up conversation to minor noises such as a small beeping.
Increased network traffic or data usage
For an attacker to access your device’s webcam or mic, or your CCTV camera, they must send the video and audio files through your router. Most routers and gateways will monitor data traffic, and some will show when the traffic came through. If there are large spikes in traffic at times you know you haven’t accessed your camera, then it’s an indication that intruders may have gained access.
You notice unusual application settings
Malware can change your device setting to make it easier for the intruder to gain access. On smartphones, PCs, and Macs, hackers will enable the camera and microphone on an unexpected application (or on an app they have installed themselves). Look out for new apps on your device that you don’t remember installing and check your application permission settings. Make sure that camera and microphone access is only permitted on apps where it is strictly necessary.
Checking a PC
Settings > Privacy > Camera (or Microphone) > Use the toggles next to each to revoke permission.
Checking a Mac
Settings > Security & Privacy > Privacy > Camera (or Microphone) > Untick the box next to each app to revoke permission.
Anthony said, “revoking unnecessary app permissions, and regularly reviewing them, is a great first step to protecting your business. In the cyber security industry, devices are known as ‘endpoints’. According to a recent study by the Ponemon Institute, 68 per cent of organisations have experienced one or more endpoint attacks that successfully compromised their data and/or their IT infrastructure. It’s vital to make it difficult for attackers to gain access to your system through insecure endpoints, so enhancing the security of your devices will enhance the security of your whole organisation.”