Is it safe to leave your webcam uncovered after using video chat apps?

Stay ahead of the curve with our weekly guide to the latest trends, fashion, relationships and more

Stay ahead of the curve with our weekly guide to the latest trends, fashion, relationships and more

Please enter a valid email address

Please enter a valid email address

SIGN UP

I would like to be emailed about offers, events and updates from The Independent. Read our privacy notice

There’s a Black Mirror episode that seems closer to modern life than some of the other, more futuristic storylines. In it, a teenage boy is blackmailed into performing various dubious acts by nefarious strangers who say they’ll share what he’s been doing on his computer – including his webcam footage – unless he carries out their instructions.

It’s not so very far from the truth. Experts say that software has been around for the last 30 years that enables hackers to gain fairly easy access to computer cameras and inbuilt microphones.

And we’re all susceptible: “You can be compromised regardless of setup, no operating system is ‘unhackable’,” James Smith, head of penetration testing for cybersecurity firm Bridewell Consulting, tells The Independent.

“Malware can take over control over screen, webcam or microphone,” adds Snorre Fagerland, senior principal security researcher for cybersecurity software brand NortonLifeLock. “Always be a little cautious about your cybersafety.”

While many of us may have had our webcams pretty consistently covered in the past, the introduction of video conferencing and virtual socialising – from Zoom to Microsoft Teams to Google Hangouts – during lockdown has ensured cameras are spending a lot of time out in the open.

But just how safe is it to leave your webcam uncovered? Here’s everything you need to know.

“This depends on how alert and careful a user is and/or how strict security measures are implemented,” says Fagerland. “Malware can take over control over a screen, webcam or microphone.”

Smith agrees that it all depends on how well a device is “managed and maintained.” So, if a computer has comprehensive anti-malware software installed that is updated regularly as needed, with a user who’s vigilant against the risk of phishing attempts and clicking on links from unknown sources, the chances of a system being hacked are slimmer.

However, a simple piece of software left “unpatched” – which means there are vulnerabilities in a program or code – can act as a backdoor, putting the system at risk.

It’s also not just third-party software that poses a threat.

“There have been many operating system level vulnerabilities that allow a remote attacker to compromise a system,” says Smith. “Then you also have the risk of phishing attempts and social engineering, whereby a malicious actor would attempt to get the user to run or open a piece of malware.”

Pretty easy, it would seem.

“Once a system has been compromised it’s a trivial task to access a webcam,” says Smith. A hacker might gain access to your machine by exploiting a vulnerability in the system, such out-of-date software, or by tricking you into running a malicious piece of code disguised as a legitimate link or attachment. After that, “there’s trojan software that has been around since the early 1990s which has given a point and click solution for anyone wanting to remotely access cameras and microphones, and even the live viewing of activities being performed on the machine,” says Smith.

According to Fagerland, if a computer gets infected, many common malwares include a feature that either hijacks your camera or installs spyware that is secretly listening, watching and recording you.

Again, it all depends on how well a device is protected; once a hacker is in, it’s a cinch to access your computer’s webcam and microphone. The priority is to stop them gaining access in the first place.

According to Smith, there used to be urban legends that the Mac operating system was “unhackable”, but as the number of Mac users rose, so did the amount of Mac-specific malware.

“You can be compromised regardless of setup, no operating system is ‘unhackable’,” he says.

While some corporate systems may have more advanced solutions in place to protect users, all devices carry the same risk if they’re not maintained properly – and any piece of software can contain vulnerabilities that could give an attacker a foothold.

There are a range of possible culprits, including organised crime rings, who might hack webcams for bribery and blackmail purposes.

“In most cases, for home users and small or medium sized corporations, the ones attempting to hack into users’ devices are regular cybercriminals who are in it for the money,” says Fagerland. “Webcam access can be monetised in some settings, particularly if they can catch something on the footage that can be used for blackmail.”

Smith adds: “There’s also been a rise in domestic abuse cases where spouses have been spying on their partners.”

Covering your camera or, if it’s an external USB camera, unplugging it when not in use is key, according to Smith, as is making sure you’re aware of phishing attempts: “Do not click on any links or open attachments from untrusted sources,” he says.

Fagerland adds that installing anti-malware should be a priority: “The most effective way to protect yourself is by using security software that would keep camera and microphone hijacking malware at bay.”

To keep devices secure, you need to follow the “golden rules” for cyber safety, according to NortonLifeLock: think before you click on links and download attachments; be wary of emails, text messages and calls that prompt you to take immediate action; and ensure you have up-to-date security software.

Coronavirus lockdown means we’re potentially more susceptible to cyberattacks, according to Smith. Users are at risk of forgetting to cover up their webcams when not in use, as well as accepting far more remote meeting invites, which carry the risk of being phishing attempts disguised as what appear to be legitimate requests.

“You also have the fact that with employees working remotely their home networks may not have the same amount of protection in place as they would from a corporate location,” says Smith.

According to research from NortonLifeLock, 16.5 million Britons experienced a cybercrime in the last year – a number that could “potentially grow exponentially” as cybercriminals take advantage of the coronavirus outbreak to trick consumers into surrendering their sensitive information.

Not necessarily.

“Don’t assume that just because the LED isn’t on next to the camera that the camera isn’t active,” says Smith. “Treat the camera like you’re always being watched, as the activity LED can be suppressed.”

Equally, even if your webcam is covered (or unplugged if it’s an external USB camera), hackers can still hear you – a would-be attacker could eavesdrop on your conversation via the computer’s built-in microphone. Muting it won’t help, either; the mute function is software-based so an attacker would be able to unmute it.