'Common sense' precautions needed for safer Webcam use

Be mindful of the small indicator light next to the Webcam and ensure that it is off when not in use, says Michael Sentonas, chief technology officer for McAfee Inc, Asia Pacific.

However, some vendors provide the option of turning off the activity light, according to Tina L. Douglas, an established author on identity theft.

That said, the simplest way to ensure that one's privacy is not compromised is simply to unplug the Webcam or cover it with an opaque tape or modesty shield, say security experts.

In light of the recent high-profile Webcam cyberbullying cases, they have once again highlighted easy ways of staying safe from unauthorized access of Webcams, such as ensuring one do not expose too much personal information online.

"Anyone accessing and building their social networks should be careful about the personal information they make available about themselves. [This is because] information can be misused by cyberbullies to gain information about an individual, and in some cases, their contact details and actual location," said Sentonas.

Unfortunately, a lot of people "expose" themselves too easily. "In many cases, people have been persuaded to take or send inappropriate photographs of themselves, either by friends or those they have had contact with only online, sometimes not even knowing who the person could be on the other end of the PC."

Once a low-cost tool for Web users to visually communicate with each other, Webcams are now being abused for inappropriate purposes. Recently, an American student committed suicide days after roommates streamed an intimate video of him with another man.

In another spycam incident in Philadelphia, a school's IT employee remotely turned on the Webcam in an Apple laptop that was issued to students. Two students filed lawsuits against the school and were awarded US$610,000 as compensation. The police have decided not to press charges against the school's administrators.

Experts say Webcams are operated by programs, and hence can be easily hacked for remote access. These Webcams and computers become part of a huge botnet network composed of millions of computers, which are controlled by certain individuals or a ring of hackers and cybercriminals.

Symantec Singapore's senior technical consultant, Kwee Anping, revealed that there have been reported backdoor and information stealer programs that exploit vulnerabilities on the system, which enables the control of these devices, although these are not common.

"However, there is a possibility that this may change as malicious software with remote access capabilities were highlighted as one of the top 10 new malicious code families in a [recent] Symantec report," Kwee added.

Research firm Gartner said Webcams are capable of data leakage and must be treated like any other device. In a study, the company forecast that by next year, Web conferencing will be available to 75 percent of corporate users, but this also gives rise to threats directed at privacy and security of data.

"Unsecured Webcams have the potential to violate user privacy and can break laws that regulate the use of surveillance...In worst-case scenarios, they lead to viral videos that ruin lives and careers," said John Girard, vice president of info security and privacy research center, Gartner.

In a study, he warned that users may be recorded "live" without their knowledge. Hackers can simply write programs that capture video and stream it to a server, and be installed by unknown Web users unwittingly.

Sentonas concurred. He said: "While there are legitimate applications available that act as a 'nanny-cams', there have also been many examples where people have been caught remotely accessing and control cams without being authorized."

He explained that an experienced hacker could undertake such an act using more advanced techniques. "However, the major concern is [for] unauthorized applications running on your machine that have the ability to capture your sensitive personal information and, in more severe cases, control devices such as Webcams."

Douglas explained that if a hacker has direct access to LAN, he might be able to capture images and spoof them through passive capture on unswitched public networks such as unencrypted Wi-Fi, using readily available free tools.

"Criminals can also hack into video server gateways easily if the connection parameters such as network address translation traversal are insecure," she added.

While the possibility of having a Webcam remotely switched on is a real security threat, experts recommend the following steps to ensure that the Webcam can be free from hacks and malware. These simple "common sense" steps, which are often neglected, include:

• Covering the Webcam or unplugging it if it is an external device.
• Avoiding clicking on unknown e-mail attachments as these may be the source of malware when such e-mail messages are opened.
• Exercising caution when downloading files from the Internet, ensuring the Website is legitimate and reputable, and avoiding downloading from non-Web sources such as Usenet groups, IRC channels, instant messaging clients and P2P.
• Enabling firewall and updating antivirus programs, ensuring security patches are recent.
• Securing wireless connections to ensure the network does not get infected by malware and spyware. Enabling WEP/WPA encryption and using a strong password and disabling SSID broadcasting.

For enterprises, Girard also recommends using secure VoIP for remote access over the Internet and setting clear and appropriate policies to ensure employees comply with Webcam and computer usage.