Camfecting: How Hackers Attack Your Devices Via Your Webcam

Just like the wooden horse of Greek mythology, a Trojan is a type of malware which is often disguised as legitimate software or program. Once installed on a device, it can give hackers full remote access to your computer so it’s vital to beware of malicious files called Trojans which could give hackers access to your computer.

University of NSW cybersecurity expert Professor Salil Kanhere says it’s important not to assume Trojan attacks only occur in spy thriller movie plots. He says it’s actually happening frequently to ordinary people today.

“Typically, Trojans are used to take over control of a person’s device – so the hacker can gain access to your computer files or steal your data, or often they will insert more harmful malware onto your device,” says Prof Kanhere.

“What is alarming is that it also gives them remote access to your computer, including peripherals such as your webcam,” he adds, “…meaning they can essentially watch whatever is on the other side of the lens. This type of attack is known as camfecting.”

“It’s a complete intrusion on our privacy and it’s not just limited to your computer, this can happen on your phone, tablet as well as other networked devices in your home like security cameras,” he says.

How does an attack work?

To some people, the story of hackers gaining access to a person’s computer without their permission may not be a new one, but hackers are always coming up with fresh ways to disguise the Trojan.

By posing as a bank, Government agency or charity, hackers create the illusion of authenticity and authority – often with a demanding or urgent request which requires immediate action from the recipient. If they then proceed to open or download any files attached in the spam email, the malware then installs the Trojan files onto the computer.

“Most of the time when this occurs, victims remain unaware that it has even happened,” says Prof Kanhere.

“The transaction is almost automatic and often nothing happens after you hit the download button so people may think there’s a glitch or it’s an empty file, so they disregard it and don’t think much of it.

“It wasn’t always this easy – not too long-ago hackers needed to write the malware which meant they needed specialist computer programming knowledge. Nowadays, Trojans and all the tools needed to launch such attacks, can be bought and sold on the dark web,” he adds.

Why does it happen?

Prof Kanhere says there needs to a strong motivation to hack into another person’s webcam, as the attack is usually planned and deliberate: “A reason why this happens could be that hackers want to capture images or videos of the other person in a compromising position and potentially use it as blackmail for financial gain – it’s a very perverted truth but it happens.

“Whether we’re using our laptops, phones, and other devices for work or social purposes, most have an in-built camera so it’s very easy for hackers to get access to visual footage of the victim at any given time.

“We also know that government intelligence agencies can use this approach to gather restricted or sensitive information too,” he adds.

Work on your defence

While it’s not always possible to avoid a cyber attack completely, there are ways to strengthen your defence when one does happen. And it comes down to cyber hygiene and getting to know a little bit more about your computer.

Prof Kanhere gives these tips:

1. Firstly, check which apps and programs have permission to access your camera and microphone and make sure you’re only allowing apps that really need access to the camera. For example, Microsoft Teams for work meetings, and not random ones you don’t remember installing.
2. Secondly, turn on your firewall as this will help protect your network by filtering and blocking out traffic that is trying to gain unauthorised access to your computer.
3. Next, install antivirus software programs as another line of defence because they actively filter and check for malicious malware on your computer.
4. Then, check your computer for random folders containing images or videos which you don’t recall recording yourself because this is a red flag that something fishy is happening. You should delete these images or videos immediately.
5. You can cover your webcam lens on your computer or laptop when you’re not using it. Usually a green or red light appears to let us know when the camera is in use but this is not always the case if a Trojan has infiltrated your computer system.

Prof Kanhere says the last item shows that even information and computer technology professionals are not immune to these sort of hacker attacks. An image of Mark Zuckerberg, founder of social media giant Facebook, sitting at his desk drew attention to something peculiar in the background – the camera of his laptop was covered in tape. So even Zuckerberg recognises this low-tech but effective fix.

MYOB’s 11 Cybersecurity Tips For SMEs Working From Home