+1.877.297.7816
Contact Us

How camera
hacking threatens
remote workers—
and their
organizations

Author: Phil Muncaster

The webcams in our laptops, tablets and phones have probably never gotten more use than they have during the COVID-19 pandemic. The public health crisis has turned millions of workers' homes into offices and launched thousands of video conference calls for work and virtual socializing. But if webcams aren't secured, they're readily accessible to anyone—even bad actors intent on compromising systems and stealing data.

Given the abrupt, en masse shift to remote work, organizations are more susceptible to camera hacking (also called camfecting) than ever, thanks to the increased reliance on video conferencing apps. But by following a few best practices, the threat can be effectively neutralized.

What is camera hacking? 

Camera hacking is exactly what it sounds like: it's when a hacker accesses and activates a webcam without the owner's permission and uses it to spy on whatever's within the webcam's field of vision—including the webcam owner. Hackers usually turn off webcam lights to stay undetected.

There are several ways an attacker could hijack a webcam. It doesn't matter whether the camera is a standalone unit or is built into a laptop or a mobile device. The risks are manifold:

  • Remote-access Trojan malware can hide inside a legitimate-looking mobile application or be delivered through phishing emails, texts or social media messages. If it's clicked and opened, the covert download will grant a hacker complete remote access to a camera. (A UK man was jailed in January 2020 after using remote-access Trojan malware to spy on women via their webcams, Infosecurity Magazine reported.)
  • Unprotected webcams, or those protected with only factory-default passwords, are easily detected by attackers. In 2019, a team of white hat hackers working for Wizcase accessed cameras in 15,000 personal devices worldwide.
  • Insecure home Wi-Fi routers are also easy targets. Once attackers have access to the home router, they could move laterally to hijack user webcams.
  • Videoconferencing apps are also a potential entryway. PhD candidate Keenan Ryan wrote on Medium about a SQL injection flaw he found in Zoom that could have enabled an attacker to remotely manipulate camera settings.

What's the potential impact?

Organizations are most at risk of targeted attacks on specific employees. By hijacking webcam feeds, hackers could eavesdrop on sensitive meetings, exposing your organization to the risk of corporate espionage or insider trading.

Other risks associated with camfecting include burglary or theft from physical offices—although this is more likely to stem from the hacking of security cameras in office buildings; as well as extortion and spying of employees caught on camera at home in October 2020. Extortion and spying is the most common of these scenarios, but targeted attacks on corporate cameras for espionage purposes are more covert—and often more effective.

How to prevent phone camera hacking

The low-cost and obvious option of putting a strip of dark tape over the camera—a technique favored by former FBI boss James Comey, per Engadget—is just not feasible, given how often a user would have to remove it and reapply it, since video conferencing apps are now central to facilitating remote work. The focus should instead be on securing devices as effectively as possible with mobile device management tools and training users to be more cautious.

Secure mobile devices by ensuring that:

  • Employee devices are equipped with up-to-date antivirus software and running the latest versions of operating systems and software
  • Remote workers protect home Wi-Fi networks and webcams with strong unique passwords, switch on WPA2 security and disable universal plug and play

Improve staff training and awareness with tips on:

  • Locating webcam videos stored on their hard drive
  • Changing the security settings in their webcam apps
  • Avoiding use of public Wi-Fi

Secure your remote workforce with Verizon's Enterprise Mobility Management and Security solutions.