Webcam security in the age of Zoom

Webcams now play such a large role in our lives that it can be easy to forget their potential risks. Many people don’t realize that cybercriminals can exploit laptop webcams, phone cameras, and standalone webcams if they’re used incorrectly. The exploding popularity of video calls and personal livestreams also means that more cameras are in use at any given time, creating more opportunities for attackers.

Webcam usage is only going to rise as more of us work remotely, connect with loved ones on platforms like Zoom, and experiment with apps like Twitch and Instagram Live. So it’s important you take some precautions to keep out would-be attackers.

How attackers target your webcams

Webcam attacks can begin much like any other type of data breach. Attackers can gain access through malware or other malicious code that finds its way onto your devices. Many suspicious emails and fake online forms are designed to trick you into downloading these files, which will give the attacker access to the internal or connected webcam. This type of attack has earned the name “camfecting.”

With a successful camfecting attack, the attacker might gain control over webcam functionality. This can include:

• Turning the camera on or off
• Looking through the webcam at the subject and their surroundings
• Capturing photos or videos
• Listening through the webcam microphone, if it has one

Similar attacks have been used on building security cameras to spy on businesses and their employees or customers. But by targeting an individual’s webcam, attackers can collect private information that is seen or discussed by the user. They can also use stolen video footage, screengrabs, or audio recordings for blackmail or ransom demands.

As with most cybersecurity threats, webcam attacks are still evolving. Emerging technology like facial recognition is creating a new avenue for attackers. Also, employee tracking tools – which became increasingly popular in the shift to remote work – can be hacked for bulk footage and data about a company’s employees. Along with the ethical questions about employee surveillance, employers need to be extra vigilant when using or considering this technology.

Steps you can take to prevent webcam hacks

Keeping your webcam secure is a worthwhile effort as we continue with near-daily video calls on Zoom, Duo, Google Meet, and other platforms. Follow these steps to help keep you, your family, and your business safe:

• Take time to adjust the camera settings on your various devices and browsers. Go through and limit webcam permissions to only those tools and sites that need it. Check out specific developer guides for more detailed steps (Mac, iPhone, Windows, Android, Chrome, Firefox). Remember: You can always grant one-time access to sites and apps on a case-by-case basis. Just make sure you trust them before doing so!
• Keep a lookout for unusual activity on your camera’s indicator light. If it turns on unexpectedly, it can be a sign that someone’s gained access. If that happens, disable your webcam, scan your device for suspicious files, and consult an IT expert as soon as possible. Be aware that some attacks may be able to turn off the light or activate the camera without triggering the light.
• Consider a privacy cover that can conceal your webcam’s lens when it’s not in use. You can use a piece of tape or sticky note for a similar effect. Laptop users should remove these covers when closing their laptop, as they can potentially damage the screen if kept on.
• Run antivirus and antimalware programs as they can detect unauthorized webcam access and warn you about suspicious activity. They can also help block untrustworthy apps that would connect to webcams. A number of browsers and operating systems have built-in antivirus tools, but you should check if they provide coverage for webcam security and consider standalone tools if they don’t.
• Know what’s visible while your webcam is on – during and after work hours. For example, put any company documents away before starting your Twitch stream, and keep private personal items out of sight during work meetings.

Using video software correctly and securely

Securing your camera hardware is a major win. But what about the software that connects to it? There are best practices you should follow when using Zoom and other video conferencing apps. Protecting both your hardware and software will give you the best defense and peace of mind.

Like any app or online account, strong password habits are a must with any software that uses your camera – whether on your laptop, phone, or tablet. Create long, complex passwords for these accounts, and make sure you don’t reuse these passwords elsewhere. This will make it much harder for cybercriminals to gain access, and minimize the risk to your other accounts if a single set of credentials are stolen.

A password manager will make this a painless process. With 1Password, you can create, store, and securely share login details for the different video platforms you use – along with the rest of your apps and online services. It can also notify you if any of your favorite apps are breached, so you can update the affected passwords immediately. No person or business is off limits from a cyber attack – Zoom itself suffered a major data breach in 2020. So staying alert is crucial, as is putting the same level of effort into protecting each account.

For video conferencing tools in particular, there’s also the matter of unwanted guests. It’s possible for people to join, disrupt, or spy on video meetings they weren’t invited to – a trend called “Zoombombing.” This extra company may simply be out to annoy you and your fellow participants, but they can also listen in and overhear confidential information.

Prevent this by making sure that your video meetings are set up as private/invite-only. Refer to a platform’s user guide for help with this, or your company’s IT team, if you have one. If someone asks to join during a call, double-check they’re someone you know. And if you do notice any uninvited guests sitting on a call or being disruptive, don’t be afraid to kick them out or mute them.

It’s okay to not have your webcam on

Video calls have brought families, friends, companies, and their clientele together in a way that few could imagine just a couple years ago. But this doesn’t mean you have to keep your webcam on at all times, or use it in every possible situation. Sometimes, in fact, it’s better that you don’t.

Looking at yourself on camera all day can be a mental drain. Like social media and other evolving technologies, it’s something we’re learning the risks of together – in real time. In a post-pandemic world filled with webcam calls, many have developed what’s been called “Zoom dysmorphia.” This involves personal self-image issues and anxieties about how we appear in the distorted lenses of our webcams.

It’s crucial that we all build a sustainable relationship with our webcams. We all want to feel like we’re in the same room with the people we’re speaking with, but it shouldn’t be at the expense of our long-term health.

If you run a business, make it optional for team members to turn their cameras on during meetings. Maintaining work culture is crucial but businesses should strive toward a relaxed approach that puts employee wellbeing first. And disabling webcams more often could reduce the associated security risks, as an added benefit.

In the age of Zoom, few people can live with their webcam permanently turned off. So find a balance that works for you. Turn it off when it’s not needed, or when you’re just not feeling like being on camera. And when you do have it on, take sensible precautions to ensure the wrong people don’t gain access.

Andrew Zangre

Content Marketing Manager