City Weekend

Essential tips to stop spies from using your webcam to watch you

Cybersecurity experts and privacy advocates recommend taking steps to better protect users from being spied on, including taping up the lens when it’s not in use

PUBLISHED : Saturday, 20 August, 2016, 1:01pm
UPDATED : Saturday, 20 August, 2016, 2:51pm

Revelations that uncensored images from unsecured webcams in Hong Kong were being used in a London art exhibition caused uproar among internet users and privacy advocates this week.

The images which featured in the exhibition were found by bots, which scanned unsecured webcams around the world.

These bots gathered shots of unsuspecting users and placed them on search engines, with a large portion of pictures used in the exhibition from Hong Kong.

While the exhibit was in violation of Hong Kong privacy laws, it did achieve its goal of bringing to the forefront security flaws and loopholes in computer products – in this case webcams – that users expected to be secure.

Internet-connected surveillance cameras are being installed more frequently in Hong Kong households and businesses as occupants and business owners seek to feel their property is more secure and their loved ones are safe.

London artist agrees to cover faces in images captured from unsecured Hong Kong webcams

Users are able to check on their homes and businesses while they are away through apps on their smart devices, usually provided by webcam vendors.

But these technologies are a double-edged sword, according to Glacier Kwong Chung-ching, spokeswoman for internet privacy group Keyboard Frontline.

“Technology can serve the purpose of protecting us, [but] at the same time it hinders our safety and privacy,” she said. “It’s been found that surveillance cameras ... can be a gateway for voyeurs.”

IT and cybersecurity experts warn that most of these products have holes in their software that malicious hackers can exploit.

“Most of the webcams people buy are very insecure,” said Larry Salibra, cybersecurity expert and CEO of testing service at Pay4Bugs.

Webcams built into computers usually have ­secure and tested software in order to secure certification and be compatible with the operating system, such as Mac OS or Windows.

The software for standalone webcams, however, is “very poorly written”, leading to open backdoors or security that is easily bypassed, according to Salibra.

“[The webcam] market is a very competitive ­market. There’s a lot of price competition, so it’s very difficult for vendors to hire well qualified developers and do all the due diligence and testing to make the products at least semi-secure,” he said.

In 2012, American IT company TRENDnet was caught in a security nightmare after cybersecurity specialists caught a security vulnerability in its streaming IP cameras. The security hole allowed voyeurs to spy in real time on homes and offices.

Another potential area for security holes are the servers of webcam vendors. Most webcams connect to the servers and the images are then streamed to apps of users who log in. It is up to the vendor to ­ensure the cybersecurity of their servers.

A spokeswoman for the Privacy Commissioner for Personal Data said webcam manufacturers were also responsible for observing requirements under the Personal Data (Privacy) Ordinance.

Kwong said users should be wary of where images or videos are being stored if they are being recorded. If the data is being saved in a cloud drive, users should set a strong password.

She also advised users to purchase webcams from reliable brands, as it lowers the chance of the software having backdoors.

Salibra recommended putting a piece of tape over the lens of the webcam when it’s not in use. This may have sounded strange several years ago, but is now more common.

In a promotional photo for Instagram in June, Facebook founder Mark Zuckerberg was found to have covered the webcam of his laptop with tape.