Day 61 - So, you think webcams can't be turned on without the indicator light?

2 days ago, I wrote this list about improving your security online and practices that you should follow. The last point on that list was Tape your webcam. The question that most people seem to have is:

  1. Are there any existing exploits which can turn on your webcam without turning on the light that is there next to it? How widespread are these lights?

  2. Why should I tape the webcam if I have nothing to hide? (This was the argument used by Shailene Woodley’s character in the movie Snowden (2016)).

I think the FBI director Comey answered both these the best:

I saw something in the news, so I copied it. I put a piece of tape — I have obviously a laptop, personal laptop — I put a piece of tape over the camera. Because I saw somebody smarter than I am had a piece of tape over their camera.

From npr.org

And what did he say about the second question?

You go into any government office, we all have our little camera things that sit on top of the screen. They all have a little lid that closes down on them, You do that so that people who don’t have authority don’t look at you. I think that’s a good thing.

From hindustantimes.com

The existence of exploits might be questioned now, but by the time that these exploites are released to the public, it will most certainly be too late to tape your webcam.

Moreover, if you know about the Lower Merion School District case in which the School district gave laptops to all their students and installed an anti-theft tracking software and used that to capture photos of their students at periodic intervals. Most students noticed that the green light next to their camera used to flash now and then, and they found it creepy but the people at the school reassured them that it was a technical glitch (which is the easiest out) and let it go. They paid heavily for their indiscretions and SICK actions, it must be noted though that the photos are out there and they might have been deleted or handed over, nonetheless some people have seen it.

Further research for about 30-40 minutes on sites like the StackExchange site for Information Security, Quora and news websites led me to several articles that detailed exploits and attackers getting access to webcams and using those to click pictures. There is a dearth of articles in 2014 and 2015, which is intriguing, but 2013 was the time that this issue was at it’s highest popularity and there are many articles from the second part of that year. So, read on!

By this time, after reading all of that, I think you should be sufficiently convinced about 1. the possibility of the existence of exploits 2. that someone or the other is watching and it’s not right to let them watch without your permission.

On a sidenote, I didn’t find those articles in the exact chronological order that I have presented them in (obviously). After creating a list entry for each of them, I had to sort them. I probably did using Quick Sort, because I inherently created year pivots and grouped all of 2016’s articles together, same for 2015, 2013 and then once I had a clear distinction between these two sets, I moved the whole 2013 before 2015 and so on. Probably not traditional quick sort but I think that’s the algorithm that comes closest to describing what I did.

POST #61 is OVER