Many people think a “webcam” is nothing more than the camera in your monitor that allows you to FaceTime with your mom in Wichita. But a webcam is any video camera that sends its images via the Internet. If you can view the feeds of your office building’s security cameras from your iPhone, those cameras are webcams.
Webcam hacking is not just the fantasy of screenwriters. It happens in real life. And unlike the characters in a TV show, in the real world, you can’t foil corporate hackers by placing a little piece of duct tape over your camera. You need those cameras, whether they are monitoring your entry or allowing your employees to chat with customers.
A webcam intrusion can potentially expose the inner workings of your offices to millions of people worldwide. A hacker who just wants to cause trouble can send your webcam feed to Shodan, a new search engine for the Internet of Things. There it can be seen by anyone until you secure your cameras.
You definitely need to make sure your company’s internet-enabled cameras are secure, because a hijacked webcam can harm your company’s reputation, and depending on what becomes visible to the public, trigger major HIPAA or FINRA violation fines.
How do these attacks happen?
Hackers find security gaps in the hardware or software of cameras, and then hijack them as quietly as possible so that the owners don’t know the cameras are being used or the feeds diverted. Sometimes their jobs are easy, because certain brands or models of camera have known weaknesses. Sometimes they have make more of an effort, as in the case of these three activities:
Clickjacking. You think that you’re clicking on an ordinary link or video player control, but what you’re really doing is turning on your webcam and microphone and allowing the hacker access to those feeds.
You’ve Got Malware! Hackers trick you into downloading and opening malicious files, on the web of via email.
Direct Access Attack. The hacker gains direct control of your computer network and your cameras.
How can I protect my webcams?
Since there are several ways to hack a webcam, you need several protection strategies. These strategies may sound difficult to implement, but your IT service provider can make all of them happen for you.
1. Password-protect the devices you can. This isn’t possible for built-in webcams, but you can require password access for security cameras.
2. Rename your cameras’ default administrator account and change the default administrator password. Manufacturerers usually post the default admin names and passwords for their devices in the “support” section of their websites, where they are easily found by hackers.
3. Install webcam protection software that alerts you whenever your webcam is being used.> Not only will you learn about hacks, but also if one of your programs is accessing your cameras for no good reason.
4. Make sure your firewall is in good working order.
5. Update your firmware regularly.
6. Scan for malware regularly.
7. Ask yourself if you really need to connect all of your cameras to the Internet. Even if your cameras were intended to stream online, they can be set to local-only mode. You may decide that most of your camera feeds don’t need to be viewed from afar.
A final note:
A managed IT service that continually maintains your firewall, updates your firmware, scans for malware, and handles administration tasks will protect you against webcam hacks and all other intrusions into your company’s computer network. If security and privacy are a big concern for your firm, you may want to consider signing up with an IT managed service provider.
Dateline: February 1, 2016
Author: CMIT Solutions of Gilbert and Mesa