It wasn't until a three-year-old's parents heard a strange voice in their son's bedroom that they realised it was possible for hackers to intrude so intimately on their privacy. According to Huffington Post, the hacker could watch their infant son through the camera built into the baby monitor and could even remotely turn it to watch the parents.
The Internet of Things (IoT) Makes Hacking Easier
Baby monitors aren't the only devices with cameras targeted by hackers. Any electronic device connected to the internet could be infiltrated: desktop computers, laptop computers, tablets, security cameras, mobile phones and more.
Attacks don't even have to focus on the equipment supporting the webcam. Hackers can enter home networks through any unsecured or lightly secured entry point on the network.
The boom in consumer IoT devices has created a universe of vulnerable entry points into home networks. An overwhelming number of manufacturers implement only basic passcodes on devices, sometimes as simple as 123456. In some cases, devices aren't protected with codes at all.
Or, if the devices do have some level of security, most vendors do not update the security settings of IoT devices as often as PC and tablet makers.
Most equipment owners aren't aware when someone seizes outside control of their equipment. Unfortunately, women are frequently targeted by hackers for varying reasons, including voyeurism and profit. Some hackers focus on both purposes at the same time.
How the Crimes Occur
One of the most high-profile webcam hacking incidents in the U.S. involved 2013 Miss Teen USA, Cassidy Wolf. A former classmate silently watched her through the webcam on the computer in her bedroom. He eventually emailed photos to her and threatened to release them to the public if she didn't undress for him in front of the camera. She filed a complaint with the FBI, who prosecuted the hacker. The court sentenced him to 18 months in prison for the crime.
The most common approach hackers take to enter the lives of targets is through email messages that claim to offer information or entertainment to readers. Users click on the files attached to the messages or click on links embedded in the correspondence to access the information. Techies call this baiting technique "phishing."
Another tactic involves enticing email recipients to visit a website hackers know is of great interest to victims. Called “waterholing”, the website actually downloads malware onto the viewer’s machine.
When readers follow the sender's instructions, they unwittingly download malware onto their devices. In many instances, they allow a RAT (Remote Access Trojan) into their systems. These viruses are particularly invasive forms of malware that can give a hacker complete, unrestricted control of a device.
How to Protect Against Webcam Intrusions
It takes a strong line of defence to prevent intrusions. One simple option is to avoid clicking on links in suspicious emails, instant messengers and advertisements. If an unsolicited email comes from what appears to be a reputable source, such as a bank or important service provider, users should contact the company directly for the information they need. However, they should not use the phone number provided in the email. Organisations' official websites always contain valid customer service phone numbers.
Mark Zuckerberg, the founder and CEO of Facebook, popularised and legitimised a crude but effective solution to webcam hacks by placing a piece of opaque tape over the lens of the camera. Some external webcams come with covers for the lenses. It's also quick and easy to unplug external webcams when they aren't in use.
Although many of the dozens of IoT devices in homes have password protection, many manufacturers include the default passwords in the user manuals for the devices. That may seem practical, but those user manuals are often available online — to anyone. In most cases, it's not even a challenge to gain access to manuals.
When possible, device passwords should always be changed to lengthy, complex combinations of letters (upper and lowercase), numbers and exotic characters.
Kaspersky Labs offers a free Android app called IoT Scanner. The software analyses your home network, makes a list of all connected devices, and reveals common cybersecurity vulnerabilities.
The internet provides a wealth of information and draws people together, but consumers need to always focus on a strong line of defence, consisting of strong internet security and extreme diligence.
Kaspersky Internet Security received two AV-TEST awards for the best performance & protection for an internet security product in 2021. In all tests Kaspersky Internet Security showed outstanding performance and protection against cyberthreats.