It’s a technology fact: virtual peripherals controls hardware peripherals in the virtual domain size.
Once a system is connected to the Internet, the virtual domain assumes the dimensions of the Internet: worldwide.
Your screen, your webcam, your microphone, your input methods, your disks… practically each part of your computer/smartphone/device is controllable by the Internet.
Sometimes these features are enabled by the owner, other times by pirates attacking the system of the victim with a malware and least but not last, standing to Snowden revelations, even Governmental interception systems has the capability of activate a data stream from you computer.
So you need to protect you peripherals from spy on you as the best as you can (look at creepware video on Symantec). Recent statistics of the Blackshades malware spread, that allegedly infected thousands of computers in the world, tell us that the criminal group controlling this creepware had access to thousands of webcams, spying on the owners in their private life. Miss Teen USA was herself a victim of this kind of spyware, installed on her computer and activated to take also naked shots while in her room. After that, she revealed in a interview, she was contacted by the pirate, asking a ransom to not publish her naked photos on the Internet.
This is an happy ending story, because the criminal (in this case known by the victim) was arrested and the photos destroyed but the experience has been incredibly fearsome for Miss Teen USA: she knows from now on that, even in her room, she may have not the privacy that all people expect.
Many campaigns are trying to sensibly people on this kind of threat. Webcam hackers may hit in the same way of other malware is installed in your system: untrusted software sources,/pirate software, malicious websites/emails, infected external devices, exploited software vulnerabilities and so on…
Here’s a video that try to publicize the phenomena.
But how can we protect ourselves from creepware? Prevention is the basic!
Safely browse the Internet, taking the right countermeasures when browsing unsafe websites (like using a sandbox or subscribing a service of safe browsing offered by most antivirus suits out there).
Do not install pirate software or from untrusted sources.
Use user privileges and rise the locking of the system (eg. UAC on Windows) to the top.
Do not open suspect emails, especially with attachments.
Keep the operating system and security suites updated!
But that’s not enough. You have always consider that one way or another your system will be compromised due to an user error or a system exploited by 0-day attacks.
This way, regarding to creepware you have to deactivate all peripherals when not in use:
- Disconnect the webcam, or turn it off with the switch or, if integrated, cover it with a piece of black sticker.
- Monitor the strange behavior of webcam’s led if there’s one but do not trust 100% on it: maybe a spyware may record from the webcam even when led is turned off.
- If there’s an internal microphone that you can’t unplug, insert in the port a dummy jack or a broken microphone to deactivate the system one. Note that if the spyware is powerful enough, the pirate may choose to reactivate the system microphone. In this case maybe a sticker with some phono-insulating material on the integrated microphone may reduce the impact of an audio recording.
- At least, a strong configured firewall, that notify if an application is going to connect the Internet and if it’s the case to block it, may also help a bunch. It may prevent the sending of screenshots, keyloggings or files from your computer.
It’s not about being paranoid, it’s simply knowledge about threats that may hit you when you decide to connect the Internet or to a private bad configured network.
You have to know that spyware is not fiction, it’s reality!
edit: also an article from CNN regarding the case of Miss Teen USA (LINK)