Why Your Computer Microphone and Webcam are Security Risks
Is someone eavesdropping?
As our world gets more interconnected, stories of hacking Internet of Things (IOT) devices have frequently made headlines over the past couple of years—like the stranger who hacked a Seattle couple’s baby monitor and used it to peer around their home remotely and tell the pair’s 3-year-old, “I love you.” But did you know that your pre-installed computer web camera and microphone are vulnerable to these kinds of attacks too?
Without installing any external devices, bad actors could be watching and listening to you, monitoring your home and anyone in it.
How does the hack happen?
According to antivirus software provider Norton, Cybercriminals can gain control over your device—including your webcam—by tricking you into installing malware on your computer. Norton advises you should never click on suspicious links in emails or download files from people you don’t know. Hackers commonly gain access to your devices this way.
Your computer can also be hacked in other ways. The camera and mic built into your computer is designed to be accessed remotely, either by you or the manufacturer’s server. Usually, this connection uses port forwarding or Peer to Peer (P2P) networking.
Using port forwarding means the camera could be accessed through your computer’s external router.
P2P networking means that the device initiates communication directly to the provider’s servers for broadcasting, device data collection and controlling app to connect to the device. Although this is potentially more secure than port forwarding, it’s only as secure as the manufacturer of the webcam or audio device chooses to make it.
Once a hacker gets in, you have a RAT on your system, or Remote Access Trojan.
In addition to taking control of your camera and microphone, RATs can survey your activities, including recording what you type on the keyboard such as usernames and passwords, take screen shots, look at your browser history, chats and emails, browse and copy files and more. A RAT can also use an infected computer’s bandwidth (internet connection), carrying on other nefarious activities from your IP address.
How You Can Protect Your Computer
1. Unplug or cover up
Just like Facebook founder Mark Zuckerberg, I physically cover up my webcam. This minor line of defense also avoids being caught off guard if my camera accidentally activates during a meeting. I suggest using a folded Post-it note with the adhesive on the back of the monitor. Never tape over your camera—it will leave a sticky residue on the lens. If you’re using an external webcam, only connect it when you need it.
2. Make sure your essential software is up to date
Keeping your software up to date helps patch vulnerabilities and could prevent hackers from accessing your device.
Updating your software is easy, and it doesn’t take long.
How to update software on a PC:
Open Windows Update by clicking the Start button in the lower-left corner. In the search box, type Update, and then, in the list of results, click either Windows Update or Check for updates. Click the Check for updates button and then wait while Windows looks for the latest updates for your computer.
How to update software on a Mac:
Choose System Preferences from the Apple menu, then click Software Update to check for updates. If any updates are available, click the Update Now button to install them. Or click “More info” to see details about each update and select specific updates to install.
You can also make it easy on yourself and set your computer to make automatic updates.
3. Use a firewall to protect your network
A firewall provides security by monitoring traffic coming in and out of your network. As the name indicates, it puts up a barrier to keep risky communication out. It is likely your computer came with a firewall installed. However, you or your computer’s administrator needs to turn it on.
How to turn on Windows Firewall:
- Open Windows Firewall by clicking the Start button, clicking Control Panel, clicking Security, and then clicking Windows Firewall
- Click Turn Windows Firewall on or off
- Click On, and then click OK
How to turn on Mac Firewall:
- Choose System Preferences from the Apple menu
- Click Security or Security & Privacy
- Click the Firewall tab
- Unlock the pane by clicking the lock in the lower-left corner and enter the administrator’s username and password
- Click Turn On Firewall or Start to enable the firewall
- Click Advanced to customize the firewall configuration
4. Avoid all suspicious links
As mentioned in the beginning, cybercriminals most often gain control over your device by tricking you into installing malware. It is easy to say, “Don’t click on suspicious links or emails,’’ but this is not always easy to detect.
Some examples I have come across with clients include receiving an email that is just one letter off from a familiar sender address, an angry email threatening a lawsuit that looks legit, or emails that appears to be from a vendor the company does business with, including a request for payment of services or a contract renewal, complete with a correct logo.
However, if you examine these emails, there is always something just a bit off about them (and fortunately the clients called me to check before clicking anything, yay!).
You might have an occasion to download an image or file from the internet. If you are not sure of the source, do these two things: Check to make sure there is https at the beginning of the URL. Copy the url, go to The Google Safe Browsing Transparency Report and paste it into the search box to see if Google thinks the site is safe. You can read more tips on determining if a site is safe to interact with on the hashedout blog.
Examine all emails closely and only download files and click links between people you trust. If something seems fishy, call or text the sender first to verify their email, or ask your IT support for help.
5. Avoid chatting with strangers online
There are several situations where a person would want to chat with a person online—dating sites are one. Unfortunately, there are bad actors lurking online who would love to get detailed personal information from you or get you to download malware. So, if you can’t (or don’t want to) avoid chatting with someone you don’t know, follow a few safety guidelines:
- Don’t share anything related to your financial accounts, including where you bank, your wealth or anything that might be used to gain access to your accounts.
- Don’t overshare personal details about yourself, including your pet’s name, your date of birth, address, high school, family names or other information that could lead to someone attempting to break your passwords or security questions.
- If you are on online dating sites, you’ve probably already posted a photo of yourself. Don’t share photos of your home or neighborhood, or anything else that would identify you.
6. Use trusted tech support
I’ll never forget going to an estate sale, having a nice chat with the kind senior couple in residence, and having them ask me to help them reset their Wi-Fi password. I gently explained to them that as much as I wanted to help, I was a stranger to them, and it is not safe. With that information, I could tap into their computer and look at their private information or worse. We worked out that they could have a trusted grandson come and help them.
Point being, make sure you trust the person accessing your system. Unethical technicians could install remote-access programs when working on your computer, either in a repair shop or by remote access. Always encrypt and password protect your personal data before allowing a technician to access your computer.
To encrypt a drive on Mac
- Open the Finder and connect the drive to your Mac.
- Ctrl+click or right-click the drive in the Finder sidebar and select the Encrypt option.
- The disk will be encrypted once you enter your password of choice—be sure to use a secure one—and save it in your password locker.
To encrypt a drive on Windows 10
- Locate the hard drive you want to encrypt under “This PC” in Windows Explorer.
- Right-click the target drive and choose “Turn on BitLocker.”
- Choose “Enter a Password.”
- Enter a secure password.
- Choose “How to Enable Your Recovery Key” which you’ll use to access your drive if you lose your password. You can print it, save it as a file to your hard drive, save it as a file to a USB drive, or save the key to your Microsoft account. I recommend you both print it and save it to your Microsoft account.
- Choose “Encrypt Entire Drive.” This option is more secure and encrypts files you marked for deletion.
- Unless you need your drive to be compatible with older Windows machines, choose “New Encryption Mode.”
- Click “Start Encrypting” to begin the encryption process. Note that this will require a computer restart if you’re encrypting your boot drive. The encryption will take some time, but it will run in the background, and you’ll still be able to use your computer while it runs.
It is also a good idea to change the password for any programs a technician accessed after they are done and run anti-malware software.
7. Install and run security software on your devices
Both Mac and Windows 10 come with preinstalled antivirus software. You have to activate Windows Defender, and should do so. But don’t consider this total protection. Two free antivirus programs to try are Spybot Search and Destroy, and Malwarebytes.
For paid versions, I like Kaspersky Anti-Virus.
If you own a Mac and think you are immune to threats, that is no longer the case. In 2019, Mac had more threats than Windows 10. Time to beef up security!
8. Use a virtual private network (VPN)
VPNs mask your computer’s IP address and makes your location untraceable, an important layer of security when browsing the internet. A VPN also encrypts data in transfer, allowing personal and confidential data to tunnel from one device to the next, away from prying eyes. This anonymity follows your device, so you are protected if you are out and about using a public Wi-Fi network.
One downside of VPNs is that it may slightly slow down internet speeds. The trade-off for secure data is worth the minor inconvenience.
9. Change your wireless router password
Routers come with a default password, and many consumers never bother to change it, or remove the sticker displaying the password.
Did you know these default passwords can be looked up on the internet? I have had to do this for friends and family members who forgot their password—it is amazingly easy. If you have never changed your default password, you’ve left a door open, making a hacker’s job easier. They can then gain access to your network, not only accessing your webcam and mic but also things like your emails, social media, Google calendar or bank accounts that you’re logged in to.
To change your router username and password:
- Go into security settings online for your router. Create a network name that is uncommon, and a complex password. Store this information in a password vault or keep in a secure place.
- You’ll be asked to select an encryption type. Select Wi-Fi Protected Access 2, also known as WPA2. Make sure to save your information before exiting.
It’s creepy to think a cyber criminal could be spying on you through your own computer. These recommendations may seem like a lot of work. When you consider the alternative—potentially getting hacked, putting your family at risk, having your identity stolen or bank account wiped out, the extra effort doesn’t seem so bad.