Q: Can my webcam be hacked and turned on without me knowing? — Deborah
A: After the recent high-profile case of the school that was accused of remotely spying on their students via the MacBooks that were issued to the students, a lot of misinformation and hype has been generated about “webcam spying.”
The circumstances that allowed the school’s IT staff to remotely turn on the webcam has little in common with the average Internet connected computer that happens to have a webcam.
The school had pre-loaded the computers with special software that would allow them to track and remotely access them in the event they were stolen or lost.
By default, the average computer or laptop with a webcam is not vulnerable to this exploit just because it is connected to the Internet, so any rumors of this nature or untrue.
What is possible, however, is that your computer can get compromised in a number of ways that would allow a specific remote user to access your webcam (or your entire computer for that matter).
The two most likely scenarios are that someone with malicious intent gets their hands on your computer (and not for very long!) and secretly installs a special remote access program or you are tricked into allowing something to be installed via an email message, malicious Web site, instant message, or social network.
The same ‘Trojan horse’ tactics used to infect computers with viruses and other malicious programs applies to this exploit by way of ‘social engineering’ tricks.
For instance, a common tactic in the past was to send an email or instant message that said “I can’t believe you got caught on camera doing that!” with a link to the supposed video.
When you clicked on the link, it would take you to a Web page that looked very much like a Facebook page with an embedded video. When you clicked on the video to watch it, you got a pop-up that said that you needed to update your ‘Flash Player’ software in order to view the video.
And of course, conveniently located on the page was the official-looking Adobe Flash button that would allow you to get to this video that had you thoroughly concerned. When you clicked on the Adobe button, a program installation window popped up and when you told your computer to run this installation programm you just infected your computer.
If you don’t keep your computer updated with the latest patches for your operating system and security programs, it’s even possible for your computer to get infected by simply visiting a malicious website (known as a ‘drive-by download’).
Once these silent spy agents slip into your computer, the remote hacker can pretty much do whatever they want with your computer as if they were sitting in your home at your desk.
To make things worse, once they get into your computer, they can disarm your security programs or sidestep detection because you told your computer to allow this program to be installed.
A potential (but not absolute) indication that something or someone is accessing your webcam is when the webcam’s little LED indicator is on but you are not using your webcam in any program.
If you are using a desktop system with a plug-in webcam, you may want to disconnect it until you can get a tech savvy person to look ‘under the hood’ of your computer to make sure you have not been compromised.
If you have a laptop with a built-in webcam, you can try disabling it until you can get someone technical involved, but that can be equally as technical depending upon which operating system you are running (it’s different for just about every situation).
The best way to avoid becoming a victim of this type of secret spy software is to avoid clicking on or downloading anything that you are not absolutely sure is safe. When in doubt, leave it out (and by rule you should doubt just about everything you encounter)!
Data Doctors Computer Services
Data Doctors Data Recovery Labs
Data Doctors Franchise Systems, Inc.
Weekly video tech contributor to CNN.com
Host of the award-winning “Computer Corner” radio show