[PSA] Just a reminder to many of you out there. Don't forget to put a piece of tape over your webcam if it's integrated into your computer. ( conspiracy )

submitted by jasenlee

They can easily be hacked giving a full window into your home. I've noticed many friends lately who are getting lax about this so I thought I'd throw out a reminder.

Yukken

I bet who ever has to view those videos has caught me picking my nose a few times. I can only imagine the things they see.

arrggg

This is good advice for your phone and tablet too.

DannyMac

OK, you've stopped video monitoring.... You forget that laptops that have built-in cameras also have built-in mics?

jasenlee

Didn't forget but some prevention and awareness is better than none. It's a "the more you know" kinda situation. Maybe not perfect but better than nothing.

DaBagel

For anyone who is on OSX and doesn't want tape on their computer, there's an idownload blog post with a isight camera disable/reenable script. http://www.idownloadblog.com/2015/02/19/disable-isight-mac/

And here's an icon to go with it. http://www.iconarchive.com/show/mono-general-3-icons-by-custom-icon-design/camera-icon.html

timsandtoms

The problem with software solutions is that they're software solutions. What prevents other software from just undoing the change you made?

DaBagel

Well it's a matter of trusting software that you haven't reviewed yourself. Now someone smart enough to write a malicious program that can undue preventive measures without needing you to type your admin password is a big what-if and would not have been preventable anyway. So if you don't trust the software then use tape, or both!

And really the best way to be safe is write all of your own code. But that is horribly unrealistic.

RainWindowCoffee

One time my husband and I had a conversation about setting up skype on my recently purchased laptop. The conversation included phrases about whether or not the lap-top had a built in microphone. Later I got on my computer and received an error message saying something like "Problems detected with microphone, click here to resolve".

I hadn't looked up anything to do with skype or microphones on my computer, just had a conversation about it in the vicinity of the computer...

Questionssm

I always laugh at this kind of stuff. just plain silly. Better get your tinfoil hats out. Someone thinks they are more important than they really are.

timsandtoms

Except it actually happens. No one gives a shit about if you're important or not, but storage is cheap, and you might become important in the future.

Questionssm

No they don't.

Vvswiftvv17

How much of it comes from programs you gave permission too though? Like FB?

rape_train

Just disable the device or delete the driver.

timsandtoms

If you can disable it with software, they can re-enable it with software.

rape_train

You're kinda dumb.

You remove the driver.

GeorgeMcFly

Get a new computer perhaps. End of Financial Year Specials?

timsandtoms

...the driver, which is just software, and can be reinstalled? That driver? There's no reason that they couldn't detect and install the appropriate driver for your webcam.

rape_train

You don't know what you're talking about.

GeorgeMcFly

What are you replying to?

timsandtoms

Would you mind explaining it to me? If there's something I'm misunderstanding, I'd much rather be wrong than ignorant.

GeorgeMcFly

Or smash it with a hammer

Apoplectic1

Thankfully mine has a little plastic switch that I can slide over and cover it.

Kabuthunk

Seems wildly over paranoid to me.

But then, I'm going under the assumption that, having posted a variety of anti-status-quo, politically and financially controversial things, that if there were some entity that wished to watch me surreptuoisly through my webcam, they would have been watching for a long, long time by now.

At which point, should that be the case, covering the webcam would likely trigger some event such that my every motion being monitored would result in our doors being kicked down and men in black (tm) dragging me to an interrogation room.

That, or far more likely due to the present lack of door-kicking, should my banal, uninteresting thoughts that are being parrotted by hundred of thousands of others as well be SO requiring of being monitored without physically stopping my computer use itself or alerting me directly in any way, I would assume that my place is bugged and watched 24/7.

But that's paranoia to the point of ludicrous, and its far more likely that nobody gives a fuck about me one way or the other.

timsandtoms

You're probably right about no one caring... Right now. But storage is cheap, they can record you now in case they need that footage later. It's kind of the entire business model of the NSA.

Kabuthunk

Oh, I already live under the assumption that all data to and from my computer is being recorded and saved somewhere for current or later use.

I no longer even bother to entertain the notion that digital privacy exists.

timsandtoms

While you're probably right about everything being recorded and saved, that's no reason not to take precautions to prevent additional data from being created, such as by via your webcam.

OftenTooRude

Even more insidious: Built-in microphones in laptops. Sometimes the only fix is to take a drill to them.

Questionssm

Can't tell if serious.

jasenlee

It's actually very serious.

People are now developing viruses which can transmit by sound. Seems ridiculous right? But think of old telephones or old modems. Those tones they were essentially sending were data when a modem was doing a handshake or you touch-tone dialed.

People are now working on viruses that are two-fold where it infects your computer and then can start communicating to other computing devices via high-pitched frequencies. Some are worried that once they get even more sophisticated the tones will be of such frequency it won't be heard by a human ear much like a dog whistle. It's such a new thing that I don't think anyone has a handle on what people plan on doing with them.

And this is not some tin-foil shit. Top security experts are very concerned about it. Here are a couple of articles I found:

OftenTooRude

That's interesting, though it's not the reason why I said what I said before – the prospect of my own hardware being turned into a bug is bad enough for me.

However, here's what's unclear to me about your badBIOS news/theory:
Yes, we know that many modern software-upgradeable BIOSes/firmwares can be infected by certain viruses/worms.
Okay, they've proved computers can transmit information via speakers and microphones, possibly even inaudibly, by using high frequencies. So far, so good.
But that should only work if the other computer is actively listening and converting the captured sounds into binary data to then run. However, if there's some kind of virus/worm running on machine B that's capturing the transmitted data whistled by machine A, then machine B is already infected by something. That make the whole effort kinda superfluous, at least for simple virus propagation, because if you require infection to become infected, you have a chicken-and-egg problem.
So is there actually any vulnerable BIOS/firmware that's somehow so badly designed that the BIOS somehow will turn just the right acoustic signal sequence into executable code?
If so, then it sounds like that may be a purpose-built TLA-engineered backdoor, which some virus writer found out about and uses contrary to user or TLA-intent. Any other vulnerability that could have the BIOS turn sound into executable code and run it sounds extremely weird and unlikely.

Most importantly, they haven't really addressed this crucial chicken-and-egg problem question in those two articles you posted. The first one mentions the word backdoor, but neither article spells out the implications of the existence of such a backdoor in BIOSes: It would pretty much mean and require that a powerful TLA has already tricked and/or strong-armed vendors into including a terrible backdoor in the BIOSes they ship.

red_q

Saw you guys on /v/all , thought I'd butt in a bit. It's up to you how much tinfoil you use, but turning on a webcam while avoiding the indicator LED is definitely possible:

http://www.washingtonpost.com/blogs/the-switch/wp/2013/12/18/research-shows-how-macbook-webcams-can-spy-on-their-users-without-warning/

It goes deeper than you'd think. MacBooks had their "webcam-on" indicators - supposedly - hardwired in. That means, it's a hardware function, not software, so it shouldn't be possible to hack it. Yet, here we are. Goes to show that no matter how secure you think your technology is, you aren't safe from human/engineering mistakes, or backdoors for that matter.

There were also some Flash vulnerabilities that allowed turning on webcams while avoiding their indicator lights - this worked on cams that had their LED turned on by software, AFAIK. Speaking of Flash, it's a total security train wreck, and as it's still used sometimes on the internet, you'd better use caution with it.

Some more on this:

Windows registry keys: http://blog.erratasec.com/2013/12/how-to-disable-webcam-light-on-windows.html

Flash hack: http://feross.org/webcam-spy/

ex-redd

Way ahead of you http://imgur.com/YaJFHKp

HomerSimpson

It isn't just America. Just because America is the only one really found out doesn't mean we are the only one.

timsandtoms

Also worth noting is if you have a tablet or smart phone, just how many apps you've given camera permissions to. If you have a rooted Android phone, you can use something like App Ops to revoke permissions to the camera for apps that don't need it. If you have an Apple phone, you can try using this .

jasenlee

I wish I could send this comment to the top. This is another important one people forget about.

praivo

Or get a laptop that has a LED indicator of the webcam being on (or has no webcam) and you won't need any ugly tape.

timsandtoms

While that's definitely a good idea, SOME cameras can be activated without the LED indicator, and regardless, even if you do see that they've turned it on, you would only notice after they were already able to record you. Which might suck if you're jerkin' it.

HomerSimpson

Cameras don't just activate. They have a startup period. And in that time you have plenty of time to cover the camera.

timsandtoms

That start-up period isn't enough time to react. I recorded how long it takes my Logitech C920 to start up, here's the video . Even then, there have been cameras that can be activated without the LED showing.

HomerSimpson

Must depend on the camera. But my camera starts out black for like 3 seconds then displays the content it shows. Also your camera isn't a laptop camera which is the point of the thread which will make it obviously faster or better than a laptop cam.

timsandtoms

It'll definitely vary camera to camera, I'm just saying that it's not something that can be relied on as the main thing to keep you safe. And if you wanted to go full conspiracy-nut, there's no reason they couldn't make the camera seem to take longer than it actually does to start up(Hell, Windows intentionally takes longer than needed to load, if you have an SSD), so they could start it sooner than you thought possible if they intended to spy on you. But that's too far into conspiracy-nut to be reasonable.

I tested my camera(Canon Powershot A2500), phone(LG 900G), and tablet(Nvidia Shield Tablet, rear-facing camera) as well. My camera takes about one second to start, my phone takes about one second to start, and my tablet goes from having no apps open, to having the camera image displayed on screen in about two seconds. Cameras are cameras, the tech isn't going to vary vastly between integrated and standalone, the biggest bonuses are just going to be more room for better optics and built-in microphones, neither of which would affect the time it takes to translate an image from light into something that the computer can read.

HomerSimpson

Oh I agree 100% that you shouldn't rely on it at all. My point is there is a delay nonetheless.

They could but isn't it still just an application on a computer? So it will still require some startup time even if they make it look like they are delaying it. And if they did make it look like it was being delayed you would still notice it being turned on due to the indicator. I am more worried about the built in microphone that is "always ready" and has no indicator which is honestly more scary to me than my stupid face on screen for less than a second.

You are right. But it also relies on where you are and when the camera is activated. As I said it is still using an application to function. So at some point if your computer is hogging or if you are in a dark area it will take longer for it to view the image that is up.

gramman74

Good point. I seem to remember a school, that was using school assigned laptops to spy on kids. anybody remember that ?

gramman74

Thanks

Dissident_Aggressor

Happened in Pennsylvania, yes.

gramman74

Thanks

fuckthisshitagain

I wonder how many times they've turned on some "terrorists" camera only to find some fat dude wanking.

ScreaminMime

Not sure if that is better or worse than hacking in during toilet time... can they tell a difference?

ex-redd

Reminds me of Cartman introducing Kyle to Chat Roulette in South Park. "Guy whacking it. Guy whacking it. Guy whacking it...."

jasenlee

That must be the worst part of their job. I can hear it already...

"Shit Rob... I just cycled through the latest rolls of those on the lists and hit 3 whackers in a row. Can I please take my smoke break 10 minutes early?"

Megaptera

It's always hit or miss with chat roulette.

Professor_Chemical

Dude, good thing I don't have a webcam. I get viruses regularly.

HomerSimpson

Can't tell if cerial.