Camfecting: How hackers attack your devices through your webcam


Just like the wooden horse in Greek mythology, a Trojan is a type of malware that is often disguised as legitimate software or program. Once installed on a device, it can give hackers full remote access to your computer. Therefore, it is important to be wary of malicious files called Trojans that could allow hackers to gain access to your computer.

University of NSW cybersecurity expert Professor Salil Kanhere says it is important not to assume that Trojan attacks will only appear in spy thriller movie plot. He says it happens a lot to ordinary people today.

“Typically, Trojans are used to take control of a person’s device – so the hacker can gain access to your computer files or steal your data, or often they inject more malicious malware onto your device,” says Prof. Kanhere .

“What is worrying is that they also get remote access to your computer, including peripherals like your webcam,” he adds, “… which means that they can see essentially anything that is on the other side of the lens. This type of attack is known as camfecting. “

“This is a complete invasion of our privacy and is not just limited to your computer, it can also happen on your phone, tablet, and other networked devices in your home such as security cameras,” he says.

How does an attack work?

The story of hackers gaining access to a person’s computer without their permission may not be new to some people, but hackers are always finding new ways to disguise the Trojan horse.

By posing as a bank, government agency, or charity, hackers create the illusion of authenticity and authority – often with a demanding or urgent request that requires immediate action from the recipient. Then, if they continue to open or download files attached to the spam email, the malware will install the Trojan files on the computer.

“Most of the time when this happens, the victims don’t know that it happened in the first place,” says Prof. Kanhere.

“The transaction is almost automatic and often nothing happens after you hit the download button so people think there is an error or it is an empty file so they ignore it and don’t think much about it.

“It wasn’t always that simple – not long ago hackers had to write the malware, which meant they needed specialized knowledge of computer programming. Nowadays, Trojans and all the tools needed for such attacks can be bought and sold on the dark web, ”he adds.

Why is this happening?

Prof. Kanhere says it takes a strong motivation to hack someone else’s webcam because the attack is usually planned and deliberate: “One reason for this could be that hackers might be hacking images or videos of the other person in a compromising position want to record and possibly use it as blackmail for financial gain – it’s a very perverse truth, but it happens.

“Whether we use our laptops, phones, and other devices for work or social purposes, most have a built-in camera so that hackers can access visual footage of the victim at any time.

“We also know that government intelligence agencies can also use this approach to gather restricted or sensitive information,” he adds.

Work on your defense

While it is not always possible to completely avoid a cyberattack, there are ways to strengthen your defenses if it does happen. And it’s about cyber hygiene and learning a little more about your computer.

Prof. Kanhere gives these tips:

  1. First, check which apps and programs have access to your camera and microphone, and make sure you only allow apps that really need access to the camera. For example, Microsoft Teams for work meetings and not random meetings that you can’t remember having installed.
  2. Second, turn on your firewall as this will help protect your network by filtering out and blocking traffic that is trying to gain unauthorized access to your computer.
  3. Next, install antivirus software programs as another line of defense as they will actively filter your computer and scan for malicious malware.
  4. Then check your computer for random folders of pictures or videos that you can’t remember taking them yourself as this is a red flag that something is wrong. You should delete these pictures or videos immediately.
  5. You can cover your webcam lens on your computer or laptop when you are not using it. Usually a green or red light will appear to let us know when the camera is in use. However, this is not always the case when a Trojan has infiltrated your computer system.

Prof. Kanhere says the last point shows that even information and computer technology professionals are not immune to this type of hacker attack. A picture of Mark Zuckerberg, founder of social media giant Facebook, sitting at his desk drew attention to something strange in the background – the camera on his laptop was covered with tape. So even Zuckerberg recognizes this low-tech but effective solution.

MYOB’s 11 Cyber ​​Security Tips for SMBs Working from Home


About Author

Leave A Reply