You may have seen several people covering their laptop webcams, including government officials and a prominent high-profile CEO or two. This may have you asking why they would choose to cover their webcam, and if you should be doing the same thing.
Hackers want to access any high-profile system, and video taken from a webcam can easily be used for blackmail. Imagine the type of data you might be able to capture from a high-profile CEO, showing him or her working or conversations recorded without them knowing. Hackers can easily generate the most profit if they can capture video or audio to use as blackmail.
While it is unlikely they they would attack your laptop, you could still be a target it you have access to sensitive data or if your recorded activity can be used to gain access to other systems or devices.
Currently, the only way for a hacker to access your webcam is for them to gain access to your computer, which makes the attack similar to any other type of remote attack. You might receive an email with an attachment that secretly installs a Remote Administration Tool, or you might respond to a social engineering attack that convinces you to surrender control via a fake IT support call. Your laptop could be compromised and you wouldn’t even know they have taken control of your webcam, because they can disable the webcam activity LED.
Best Practice Recommendations
- Keep the webcam lens (usually located at the top center of the laptop screen) covered, with a piece of opaque sticky tape except when actively being used.
- Keep your laptop closed when it isn’t actively being used.
- Always your software up to date, especially your web browsers and all associated plug-ins.
- Enable your firewall at all times.
- Always run anti-virus and routinely check for malware.
- Avoid clicking links in emails, even when you know the sender.
- If you get an email telling you your email account has been compromised or someone needs to verify your security setting, don’t click the link in the email. Contact the site directly.
- If you get a call from IT asking for access to your computer. Refuse them access and call your internal help desk directly. Ask questions and verify their identity before you allow any remote access.