Almost all of us use an electronic device with a camera on a daily basis. Be they on a smartphone, laptop or desktop computer, these cameras follow us everywhere.
What might surprise you though is that they can be used to spy on you remotely, and that the warning lights can be disabled.
Perhaps you're reading this article using a smartphone while on the toilet (almost a third of people admit to surfing the web there).
Now think again about that camera staring back at you. Where else do you position your computer, tablet or smartphone's camera, and what might someone see if they watched you constantly? Perhaps it's your bedroom antics, your daily nude stroll around the house or you picking your nose.
Because of this, and following an article I wrote about IT security experts using Post-it notes, electrical tape, Band-Aids and cigarette papers to secure their computer web cameras from hackers, I started covering up the cameras of my two laptops, desktop and smartphone in April.
This was in addition to already making use of anti-virus and other security software on my devices. A New York Times security writer also recently divulged that they did this too.
I, like many others, close the blinds at night, so I figured I should probably put some sort of blind on my devices if I cared about my privacy. When I needed to use them for video conferencing or the occasional "selfie", I could just take the tape off. It made perfect sense, even though it wasn't as practical as I had hoped.
Friends and work colleagues who saw the tape over my mobile's front- and back-facing camera laughed at me and called me "paranoid" and "crazy". This was about two months before revelations concerning mass surveillance conducted by the world's Western spy agencies came out.
I wrote the April article after reading another one about a 17-year-old boy from NSW's mid-north coast who, when he was 14, began hacking into peoples' computers using a program called Remote Administration Tools and remotely activating their web cameras. Discussion threads on forums discussing the use of such tools, or RATs, overflow with webcam screenshots, to celebrate both "hot female slaves" and "ugly slaves".
While writing the April article, I was reminded of a family friend who permanently used a greeting card to cover their external web camera, and of another article a former colleague of mine wrote in 2010 at ZDNet about a pioneer of public-key cryptography using tape over his laptop's web camera.
I recalled calling these people paranoid and crazy too. That was because they used Apple MacBooks, which uses a web camera that most people have understood to be "hard-wired" to the green light in a way that means that if it's in use it is illuminated so that you know it's active.
But new research from Johns Hopkins University in the US provides the first public confirmation that it's possible to covertly activate a MacBook's camera - without triggering the light - and demonstrates how. While the research focused on MacBook and iMacs released before 2008, the authors say similar techniques would probably work on more recent computers from a wide variety of vendors.
In fact, evidence already exists on hacker forums about people who have successfully been able to disable the warning light of web cameras on a number of vendors' device without much difficulty. Even a former FBI agent admitted recently that the agency has been capable of doing it for several years.
A US school was also found in 2010 to have, apparently accidentally, stored 30,000 laptop webcam images and 27,000 screenshot images while students were either at school or at home. Closer to home, schools using government-supplied laptops in Queensland were in May last year found by the Courier Mail newspaper to have software on them that took time-stamped screenshots, monitored printing, visits to websites and keystrokes of students.
Fairfax Media also reported last year that Melbourne-based Rentasaur leased laptops with software on them that tracked a user's location and had the capability to capture imagery.
So should you tape your web camera too or is it like putting your head in the sand? It's up to you, but you need to be able to make an informed decision. Don't consider it a crazy act: Vulnerabilities exist in devices and security can be reverse-engineered. And don't think that just because you use Apple or any other brand you're safe.
Now I just need to find a practical way of taping up the microphones... glue anyone?
- Sydney Morning Herald