Confounding that spying webcam: Low-tech tips for peace of mind

Webcameras and their possible misuse have been a hot topic lately, what with the alleged ‘laptop spycam‘ case currently ongoing against a high school in Philadelphia, US.

Now, by and large, webcams can be tremendously useful. They’re used in a huge variety of legitimate settings, from home security to cross-country family chats, from peak hour traffic monitoring to the porn industry (ahem).  In fact, webcams are only a concern if someone takes unauthorized control of one for their own ends.

Should I Be Worried?

Before looking into this though, firstly – is that even likely to happen to the average user? Do most people need to worry about a peeping-tom webcam?

Well, strictly speaking, if your computer is secure and uninfected, can’t be accessed remotely, and has some kind of physical protection (strong password, locked case, tied up with string) to prevent people from accessing it when unattended, then no, no worries – you’re good.

If your computer is not as secure as you’d like; if you don’t control the software installed on it; if you don’t know how to configure the settings on the programs installed – it’s still pretty unlikely, though there’s still a chance. Logically, it’s like the odds of being struck by lightning – possible, but improbable.

The trouble is, when it comes to privacy, ‘rational’ can have a hard time fighting ’emotional’. Personally, there’s just something about the thought of someone spying on me through my own webcam that creeps the bejeesus out of me. It’s like finding an eyeball staring back at you through the keyhole of a cupboard door.

So, let’s say you’d like that small possibility to be even slighter. How exactly could some depraved perv..ahem, attacker get control of your webcam? Well, there are really only a few ways your webcam can be taken over:

Pre-installed software

The program used to control a webcam may include a remote admin feature allowing someone not physically present to control it (usually over the Internet). Remote admin functionality could also be added in a separate program.

If you aren’t permitted to modify the control program’s settings, or aren’t allowed to install/uninstall programs (more true of company-issued laptops than personal owners), or just don’t know how to do it, well…basically, someone else has control.  Hopefully, they’re not the sort to snoop.


For those with full control of their system, trojans are probably more relevant. These are malicious programs (usually disguised as a PDF or document file) that secretly install other programs onto a computer. For spying to be a concern, the installed program has to be a backdoor  – which is basically remote admin software, only nastier. Examples include Backdoor:W32/Hupigon, Backdoor:W32/PoisonIvy and Backdoor:W32/SDBot.MB.

Again, the chances of getting hit by a trojan carrying a backdoor payload boils down to juggling probabilities – if the computer has no AV protection, if it is connected to the Internet and/or if you transfer files to it without scanning them first, if an infected file is a trojan and if it has a backdoor as its payload…You get the idea. It’s happened before, as this reports shows, but how likely you are to get hit really depends on how secure you are.

Direct interference

Possibly the least likely, but definitely the creepiest is when someone literally sits down at your computer and switches on the webcam, or installs remote admin software, without you being aware of it.  This is basically stalking behavior, with a few cases reported; there have even been movies (most recently, Alone With Her) made on this premise.

Is it a possibility? Yes. Is it likely? There’s absolutely no figures or surveys on this, so all I can say is that unless you have reason to believe you’re being stalked, most likely not.

How to Secure Your Webcam

So, how to ensure you’re as safe as can be from being spied on? And let’s assume I don’t just say ‘get a good antivirus program’ (because that’d be a shameless plug), or the usual stuff about protecting your computer. What can you do? A lot, actually.

You could choose a webcam with security features. Most webcams today come with an LED light that switches on whenever the cam is transmitting. Or get a webcam with a lens cover (oddly these seem to have fallen out of fashion, are people more trusting these days?).

Then there’s this cute humanoid figure-like ‘anti-peeping‘ webcam, with arms that move automatically or manually to cover its ‘eye-lens’ – I haven’t been able to get my hands on this yet, so if someone has this already, let me know how it works out!

If you already have a webcam, you can go through the settings for its control program – if there’s a remote admin feature included and you’re not using it, make sure it’s disabled. You may need to check the documentation for the program to do this.

If you’re using a wireless webcam setup, make sure your wireless network is secured, so that noone can nick the webcam feed off  your own network. Maybe not with WEP though; the stronger WPA2 would be nice.

Some less techie things you  can do are:

1. Unplug it when not in use (if it’s an external web-cam).
2. Turn it to face a wall when not in use (doesn’t mute the mic, though).

And for some really no-brainer fixes….


webcam covered with tape

Or Post-It notes (some students in the spycam laptop case reportedly used this as well).

webcam covered with a Post-It note

Or Blu-tack (I haven’t tried this myself, but a commenter in a forum mentioned it might help with blocking microphone transmissions as well).

Heck, even a tea cosy would do.

When IT savvy fails, a MacGuyver solution might do the trick.

CC image credit: Itiro


More posts from this topic


F-Secure Bringing a totally new Future for the Internet to SLUSH 2015

#SLUSH15 is almost here, and F-Secure’s participating in this year’s event in a big way. There’s going to be a big #smartsecurity announcement about the Internet of Things, as well as a couple of presentations from F-Secure personnel. SLUSH, a well-known exposition for startups in the tech industry, has become a huge international event. Both SLUSH and F-Secure call Helsinki home, so it’s only natural for F-Secure to be an active participant at the annual conference. F-Secure made waves last year after the cybersecurity company hacked the venue’s bathrooms to get people talking about online privacy. Several of the company’s researchers and personnel also put in appearances at last year’s SLUSH, including cyber security expert Mikko Hypponen, and F-Secure’s Executive Vice President, Consumer Security, Samu Konttinen. [youtube] [youtube] And they’re both back this year! This year, Samu will be giving a keynote address on SLUSH’s Silver Stage. His talk is called “Your home, your rules – The internet of what ifs”, and runs from 11:45am to 12:00pm (Helsinki time) on November 11th. Samu’s enthusiasm for topics related to security and online privacy will give people valuable insights into how IoT devices are creating new security challenges, and what people can do to protect themselves. Mikko will be appearing on SLUSH’s Black Stage at 9:25am (Helsinki time) on November 12th, where he’ll deliver a talk called “The Online Arms Race”. Mikko recently did an interview about this same topic for, so you can check that out if you want a quick preview about Mikko’s thoughts on this matter. You can follow all of F-Secure’s SLUSH news by following @FSecure_Sense, @FSecure_IoT, and @FSecure on Twitter.

November 10, 2015

Advertising – to block or not to block? (Poll)

I have become pretty immune to advertising on the net. The brain develops an algorithm to locate the relevant content and filter out the junk around it. Frankly speaking, ask me about what ads there were on the page I just visited, and I have no clue. And I believe that’s true for many of us. Except that our internal ad-blockers aren’t perfect. The advertising may still affect us unconsciously. This issue has been in the headlines a lot since Apple introduced a simple way to implement ad-blocking on iPhones and iPads. Many took advantage of the opportunity and released new tools, among them the excellent F-Secure ADBLOCKER. And many media providers got upset as this development will no doubt increase the usage of ad blocking, and thus reduce advertising revenues. Some newspapers are already attempting to prevent users with ad-blockers from using their site at all. And some publishers admit that advertising has gone too far and they had it coming. So let’s take a look at the pros and cons of advertising. First the pros. Advertisers pay for your “free” stuff. It makes it possible to get a lot of excellent services and content without paying money. Instead you pay by exposing yourself to ads and letting companies profile you for targeted advertising. Some may actually find ads, especially well targeted ads, useful. They may contain special offers and campaign codes that are of true value to you. Advertising can be entertaining. And then the longer list, the cons. Advertising often disturbs your user experience. You have to locate the beef among glossy blinking ads. And you may even have to dodge pop-ups to actually see your content. Advertising may lure you to make more, often unnecessary, purchases. That’s basically the objective of advertising. Advertising often tries to trick you into opening the advertiser’s site. For example by mimicking a Next- or Download- button in the ad. Advertising may show content that is unsuitable for the viewer. Advertising can be a way to deliver malware. Ads are delivered from separate servers. A compromised ad server may show infected ads on sites with a good reputation. I.e. in places where you don’t expect to run into malware. Advertising will consume bandwidth and make pages load more slowly. This can cost you real money depending on your data plan. Advertising is the main reason to track you. Many companies attempt to profile you as accurately as possible to make targeted advertising more effective. Good targeted advertising may not be evil in itself, but misuse of the collected data is a real threat. It seems likes the cons win hands-down. But there is one argument in favor of advertisement that deserves some more attention. The publishers who take an aggressive approach against ad-blocking typically say that blocking ads is like taking a free ride. You try to benefit from free content without paying the price. And this is an argument that can’t be dismissed just like that. Remember that advertising is the engine for a significant part of the net. Imagine that 100% of the users would use 100% effective ad-blockers. What would our virtual world look like in that case? I don’t know, but it would definitively be a different world. But on the other hand, it’s easy to find sites where advertising definitively has gone overboard. So it is understandable if the advertisers receive little sympathy for their fight against ad-blocking. This is yet another question without any clear and simple answers. So let’s pass it to you, dear readers. What do you think about advertising on the web? [polldaddy poll=9139628]   [caption id="attachment_8591" align="aligncenter" width="1024"] Article trying to defend advertising. The beef is there under the ad. ;)[/caption]   Safe surfing, Micke   Image: iPhone and screenshots  

October 22, 2015