Your Webcam Can Be Used Against You

webcamSmile! Your private life might be streaming live on the Internet!

Did you know hackers use viruses to commandeer the webcam on your computer, tablet, or smart phone? Makes you think about all the places you take these devices, and what they could be recording. In this month’s The Northwest Herald I talk about the dangers of unsecured webcams and microphones:

It’s not just your devices, but those of the people around you as well. Chances are, you’ve had a phone or tablet nearby during a private conversation with a lawyer, a doctor, a friend. What if someone else was watching and listening through that device?

Cameras can be hijacked in a number of ways. Cybercriminals can commandeer them with viruses, then extort you by demanding money for the deletion of potentially embarrassing photos and videos. Sometimes they have the nerve to imitate law enforcement, claiming that you have illegal content on your computer and will go to jail if you don’t pay their fee.

I’m fond of taping over the webcam unless you need to use it regularly – in which case a purse or pocket provides a lovely view of lint, should someone try to sneak a peek. That doesn’t help with microphones, of course, which is why it makes sense to store your mobile devices where they’re less likely to overhear private conversations.

I also strongly recommend to my fellow parents – get the computers and camera-equipped game consoles out of your kids’ bedrooms, NOW. There are some scary new statistics about the increase in predatory sexploitation which will make you want to take a hammer to every camera in the house.

Here are some articles about webcam security you might find interesting:

What are your concerns about webcam and microphone security? Share in the comments!

Image courtesy of renjith krishnan / FreeDigitalPhotos.net

 

Social Engineering: How Viruses Trick You Into Letting Them In

A recent wave of viruses that propagate via Skype and Yahoo Messenger illustrate the principles of social engineering: how viruses bypass security precautions by tricking you into letting them in.

The Skype and Yahoo Messenger worms distribute themselves via messages like  “Does my new hairstyle look good? bad? perfect?” and “My printer is about to be thrown through a window if this pic won’t come our right. You see anything wrong with it?” The accompanying link appears to point to an innocent jpg, but when you click on it you are actually running the worm.

Don’t confuse social engineering with social networking. Social networking means interactive Web 2.0 sites like Facebook, MySpace, LinkedIn and Twitter. Social engineering is the art of tricking you into installing viruses or malware on your computer. PC and Mac users alike can be drawn in by social engineering scams.

Social engineering is a common tactic used by viruses and malware. The Twitter worm we discussed in February uses direct messages to entice users into visiting a pseudo-Twitter login page that harvests login credentials. Scams like the faux Facebook Update arrive via email, and contain links to malicious web sites. Rogue antivirus software is all about social engineering: make users think their computers are infected with viruses that can only be removed by purchasing the fake software.

How do you avoid social engineering scams?

  • Links can look legitimate when they’re not. For example, I can spoof a link that says:http://support.microsoft.com. Now, before you click that, mouse over it without clicking and look at the status bar at the bottom of your web browser. (If you don’t see the status bar, go to the View menu and make sure Status Bar is checked. It may be under the Toolbars sub-menu.) You’ll note that the status bar reveals the true destination. In this case I used a safe example: my Tech Tips blog. But you can see how links can easily be redirected. The status bar trick works in email, too. It’s not foolproof (the status bar contents can be spoofed as well), but it is a good place to start.
  • If you get a message from someone, try doing a web search on the text of the message to see if it’s a known scam. For example, with the Skype and Yahoo Messenger trick, a quick search for “Does my new hairstyle look good? bad? perfect?” reveals news of the worm, especially if you pair the search with the word “virus.”
  • Don’t let your software protections lull you into a false sense of security. Yes, you need to run good security software and keep it up to date, but the point of social engineering is to get you to click, thus bypassing your protections.
  • And, as always: when in doubt, don’t click.