Are you being spied on by your devices?
So much has been said this year about data privacy and security and that's definitely causing awareness in users about the importance of keeping their data and privacy safe. Tapping your cameras is a good start to avoid being spied, however, it's not enough.
BY SEPH BRAND
MAY 20, 2018
The former FBI director James Comey was asked back in September 2016 if he covered his laptop’s webcam with tape, here's what he said.
“Heck yeah, heck yeah. Also, I get mocked for a lot of things, and I am much mocked for that, but I hope people lock their cars … lock your doors at night. I have an alarm system, if you have an alarm system you should use it, I use mine.”
The question is if he does it, why not us? And you may wonder who could be accessing your camera and microphone at this moment? The answer is simple and terrifying: apps like WhatsApp, Facebook, Snapchat, Instagram, Twitter, LinkedIn, Viber among others. Apps what most of people use daily.
Moreover, you can think the whole thing sounds paranoid but Felix Krause described in 2017 what an app could do when an user grants access to their camera and microphone, and that would be the following:
- Access both the front and the back camera.
- Record you at any time the app is in the foreground.
- Take pictures and videos without telling you.
- Upload the pictures and videos without telling you.
- Upload the pictures/videos it takes immediately.
- Run real-time face recognition to detect facial features or expressions.
- Livestream the camera on to the internet.
- Detect if the user is on their phone alone, or watching together with a second person.
- Upload random frames of the video stream to your web service and run a proper face recognition software which can find existing photos of you on the internet and create a 3D model based on your face.
So, who could take advantage of the data obtained through your camera and microphone?
Years ago, Edward Snowden revealed an NSA program called Optic Nerves. The operation was a bulk surveillance program under they captured webcam images every five minutes from Yahoo users’ video chats and then stored them for future use. It is estimated that between 3% and 11% of the images captured contained “undesirable nudity”.
Government security agencies like the NSA can also have access to your devices through in-built backdoors. This means that these security agencies can tune in to your phone calls, read your messages, capture pictures of you, stream videos of you, read your emails, steal your files … at any moment they please.
Hackers can also gain access to your device with extraordinary ease via apps, PDF files, multimedia messages and even emojis.
An application called Metasploit on the ethical hacking platform Kali uses an Adobe Reader 9 (which over 60% of users still use) exploit to open a listener (rootkit) on the user’s computer. You alter the PDF with the program, send the user the malicious file, they open it, and hey presto – you have total control over their device remotely.
Once a user opens this PDF file, the hacker can then:
- Install whatever software/app they like on the user’s device.
- Use a keylogger to grab all of their passwords.
- Steal all documents from the device.
- Take pictures and stream videos from their camera.
- Capture past or live audio from the microphone.
- Upload incriminating images/documents to their PC, and notify the police.
I hope this article achieves to teaching you some digital mindfulness, which means being careful on the internet and taking precautionary measures to save yourself from major issues in the long run, all due to something so simple like install an antivirus or put a little bit of tape over your camera.
A good first step to counteracting these issues is studying what permissions an app asks for. Think about if certain apps really need camera or microphone access. If your common sense says "no", then you shouldn't grant permissions to that app and better look for a more secure alternative. Always check the reviews before downloading an app in order to know if it is trustworthy.
Cover your webcam with tape, and plug out your microphones when you aren't using them is never too much care on the subject. You never know who’s watching, or what’s happening in the background on your device. It’s better a little of paranoia than be too much trusting.