An article appeared about whether one should be scared of their computer’s integrated Webcam and microphone. Here, a Webcam and microphone integrated in a computer or monitor or a USB Webcam that is always plugged in could turn the computer in to a surveillance device. But it highlighted the fact that recent versions of operating systems and productivity applications are “secure by design” when used to default settings.
It went through two different “what-if” hacking scenarios with different software combinations to see how hard they were to penetrate in order to “open up” the Webcam. The trigger point was to receive a “loaded” document with instructions that the user must follow, something that can be done through an email phishing attempt. Here, the document would have a macro that would install malware to open up the Webcam and stream its vision remotely.
The first scenario involves a Windows 10 computer running the latest version of Microsoft Word while the second scenario involved MacOS 10.14 Mojave and the latest version of LibreOffice. All operating systems and applications were run in the default protected mode but MacOS Mojave was temporarily configured to admit software from other sources in order to admit LibreOffice on to the Mac.
What was highlighted was the recent operating systems’ flagging or blocking of questionable software when the article’s author was asked to click on the required link within the document. The operating systems having their own basic endpoint-protection software underscored the ability to keep users safe from rogue software. Even productivity application software running documents supplied by email or from questionable sources in a protected mode to inhibit the execution of macros was also highlighted.
This meant that neither the Webcam nor the microphone could not be accessed without the user knowing. It was demonstrating the recent “secure by design” approach of newer regular-computer environments that assured the average user of their data security. You may harden that attack surface by masking an integrated Webcam that is part of your computer or monitor, or disconnecting an external Webcam.
Unless you need to, keep your computer’s operating system, applications and endpoint-security utilities running in a “default-for-security” manner. This also includes updating them to the latest version, preferably with the software updating themselves.
If you are supporting other systems, don’t disable the computing environment’s security features unless you are sure they need to be disabled. Also educate the other users about data-security risks including the security warnings that will pop up on their computer.
If you are dealing with an old computer that is running a very old operating system and application software that doesn’t have the “secure by design” approach, you may have to cover or disconnect the Webcam. This is more so if it is found to be running the software “out of the box” without any patches or updates applied to it.
In most cases, the “secure-by-design” approach of most modern computing environments allows us to be able to use regular or mobile computer equipment in a secure manner.