Laptop Cameras and Security

There’s the old saying/joke that goes, “just because you’re paranoid doesn’t mean they’re not after you”. If I remember correctly it comes from Jospeh Heller’s Catch-22. Imagined fears can be real. Whilst my time in security has seen me interact with technology e.g., I’ve analyzed data sets for anomalies, trends etc., I’m not much of a “hardware” guy. This means that when I come across articles or attend conferences, I’m always interested in hearing what those who work in these areas have to say. A few years ago, I was asked to demonstrate/talk about Krav Maga by an Israeli cybersecurity company that was putting on a conference in Boston – an event that was prestigious enough to have Apple’s Mike Wozniak as one of the speakers. Before I went on stage (I’ve also performed “air keyboards” on stage at Boston’s Wang Theater, so I see myself as being in “Show Business”), I had the opportunity to listen to a security consultant talk about how laptop cameras were vulnerable to hacking. After hearing his talk, I started to black tape the camera on my laptop, along with implementing some other very simple measures that he talked about; perhaps the most important being to keep up to date with security patches and operating system updates which the software companies regularly provide and download to our machines/computers – this was an area in which he worked and was regularly frustrated e.g., security professionals working for Apple/Microsoft find a vulnerability that hackers can exploit, produce a fix/solution, prepare an update and download it/make it available - and the user, for whatever reason doesn’t install it, and then gets hacked or has their machine contaminated by a virus etc. One of the end results being that the user then complains about how bad the company’s operating system is. My takeaway from this was to make sure I kept my operating system up to date and install patches and version updates as they became available. I’m sure there are software people out there who can point to a “patch” which led to a system failure or vulnerability, but as a general approach I believe staying up to date with version updates/patches is the safest strategy. In this article I want to look at laptop camera vulnerabilities and how to address them.

                Over the years I’ve received several emails “claiming” that my laptop camera has been hacked and that those hackers have obtained compromising images of me. The fact that a) my camera is taped over when I use my laptop and b) I’m a middle-aged man who leads a pretty boring life, I don’t believe that’s worth me making a Bitcoin payment to an Albanian gang to ensure that such photographs and film aren’t shared to the greater public. One of the things I always ask people who are being blackmailed is what are the actual consequences of the “information” being exposed if they were to do nothing and allow it to happen. Blackmailers often rely on the emotional response/reaction of those that they target and the “secret” that they threaten to expose is often something that can be rationally dealt with and explained, without any judgment e.g., we may think that something we did in our childhood/teenage years is “compromising” to who we are now, but in reality, nobody really cares or sees it as significant. In 2009, David Letterman, admitted on air to an affair with an assistant and former attorney, Stephanie Birkett, after being blackmailed and extorted by a CBS television producer, Jow Halderman. As soon as he went public, Halderman’s “power” was extinguished/eliminated, and taken away. Whilst something a blackmailer/extortionist (blackmail involves “information” whereas extortion involves the threat of violence/harm to a person or their property) has on you may seem devastating and ruinous it is often worth taking a more sterile and clinical look at the effects of what they are suggesting/promoting rather than getting caught up in the emotional aspects and responses of their claims/allegations. Letterman did this, and it may be that until you read this you had forgotten about his affair etc., and that is part of the power of claiming a story as your own, rather than letting a blackmailer/extortionist take control of it. If your camera is always “physically” protected by covering it, you never have to wonder or imagine what it might have captured regardless of how you live your lifestyle etc.  

                Laptop cameras are notoriously easy to hack. My latest has a toggle switch that allows it to be “mechanically” disabled i.e., no need for tape anymore. When a manufacturer creates/allows such a safety feature it is an acknowledgement of a flaw/vulnerability. Up until the 1990’s automobile manufacturers were concerned more about performance than safety, however due to the extent of car crime in the 1980’s they were “forced” to address certain issues e.g., I could break into my 1984 Vauxhall Maestro with a coat wire, or tennis ball cut in half, used to push air into the lock; I was a bit of a space-cadet in those days, and used to sometimes lock my keys in the car. Attempting to do these types of things on a modern vehicle is a waste of time as the manufacturers addressed these types of issues/vulnerabilities. The fact that my laptop has such a toggle switch is an admission by a manufacturer about the software vulnerabilities that hackers can exploit regarding laptop/computer cameras. Sometimes simple mechanical solutions such as black tape – that can be removed when necessary - offer the best security.