1

I've recently became baffled as to how often is there an attempt to use a web-camera on my laptop. And I mean - out of the blue, when I had neither an intent nor a context to use it.

How do I know it's used? Well, I have an AV which has a function "block usages of a device X" (X can be a microphone or a web-camera for instance). And when it does so, the popup shows "oh, look, user, web-camera access is blocked!" Also, to explain what do I mean "I noticed recently": it's that I enabled this feature in the AV recently. I suspect all these things were happening even before, but I just didn't know about them.

Unfortunately, the AV doesn't provide a way to see what was accessing the camera. And here's the main problem - it all happens in seemingly "harmless" situations. Examples?

  • I launch a web-browser after restarting a PC - alert, web-camera access
  • I launch Steam? Alert
  • I open a tab in youtube the first time (!?) Alert.

So far, I use tape.

But clearly there should be better ways to do this which allow legitimate usage.

More context:

  • Windows 10 PC (laptop)
  • Kaspersky AV
  • AV doesn't show any problems (such as viruses)
  • Network monitoring doesn't show any suspicious traffic

My Questions:

  • Should I even concern myself about these usages?
  • What can I do to absolutely ensure it's not used without my consent?
  • What kind of information is it possible to leak through this, is it really possible to remotely enable the camera and shoot the user?
schroeder
  • 123,438
  • 55
  • 284
  • 319
Alma Do
  • 803
  • 1
  • 5
  • 9
  • 1
    1) This sounds more like a question for the AV vendor's support. 2) tape is the only way to ensure blocking 3) of course it is possible to remotely turn on the camera and capture images – schroeder Sep 06 '19 at 15:25
  • I don’t think it’s a problem that AV can’t tell when a camera has been accessed. That’s really out of scope of what an AV is for. There are plenty of exploitable ways to capture camera feeds without involving malware. If you are mega worried stick some electrical tape over it. ;) – ISMSDEV Sep 06 '19 at 15:38

2 Answers2

1

To (nearly) absolutely ensure it's not used unexpectedly, go into Device Manager and disable the device. Re-enable it when you're using it, and only then. This requires admin privileges, so if any malware could do it for you, you're already completely compromised.

A Powershell command can automate this for you. Get-PnpDevice -class Camera | Disable-PnpDevice -AsJob will disable all currently-installed devices with the "Camera" class (including any that were installed but aren't presently connected; add -Present to the first command - before the | - if you only want to affect currently-connected devices). The same command but with Enable-PnpDevice instead will re-enable the devices. The -AsJob parameter prevents the cmdlet from prompting you for confirmation. You can also use -FriendlyName *foo* instead of (or in addition to) to -class Camera to filter devices by their "friendly name" (in this example, the name would have to contain the string "foo", case insensitive); this can be handy if you want to enable or disable only a specific device, or you want to get all "devices" related to a particular piece of hardware (for example, webcams often also have microphones, which are "AudioEndpoint" class devices instead of "Camera" devices, so there will be multiple software "devices" installed for one piece of hardware).

If you want to be (considerably) less careful, just use Win10's built-in Privacy settings to control what apps can access the camera. Settings -> Privacy -> Camera, and turn on or off the apps you care about. It's mostly only for controlling modern "store" apps, though; software that uses the legacy camera interface (which will include most software that is designed to run on pre-Win10 versions of Windows) will not be controlled in that list. An app that is disabled from that list but wants to use the camera will prompt you for permission.

Of course, the main weakness of the first approach (aside from the inconvenience) is that there's no way to control what software can access the webcam while it is enabled. However, there's little you can do about that, beyond restricting Store apps from getting access (as in the second approach). At some point, you need to either trust that your device is not running malicious software, permanently disable the camera, or assume that you might be being monitored (and, of course, if there's untrustworthy software it could do a lot of things beyond access your camera).

It sounds like your AV is alerting every time any program tries to access the camera device at all, regardless of whether it's actually doing anything with it. For example, the YouTube thing is probably just YouTube checking whether, in theory, it would be able to use the "Webcam Capture" feature to record and upload a video. It's not actually requesting access to capture video; if it did, your browser would prompt for whether or not to allow access. However, it might trigger the browser to try opening the webcam device just to see if it's usable, and that may be enough to trigger the alert.

CBHacking
  • 40,303
  • 3
  • 74
  • 98
  • _"use Win10's built-in Privacy settings"_ I actually don't trust the OS I run anymore, that's the issue (and how can I when I see things like Skype running in background after all my efforts to remove it). I think I need to reconsider using it because when the OS is my adversary, no amount of security measures will help the case – Alma Do Sep 09 '19 at 12:01
1

While some laptops allow you to disable the webcam in the BIOS and it's possible to uninstall the operating system's driver in Windows Device Manager it's inconvenient and not 100% guaranteed privacy.

Physical security will allow you to sleep (or anything else) with confidence that your privacy is protected from spying eyes, the microphone is a different question. You can use a hole punch on the sticky part of a PostIt pad for the cheapest solution, or pay under U$10 for any of the 1000's of sliding or clip-on blockers available online.

Webcam Blocker

It is possible for sophisticated software to enable your Webcam. If it's physically blocked (and easily removable) you can be absolutely certain that you aren't being watched.

Rob
  • 530
  • 1
  • 3
  • 11
  • 1
    While this isn't providing many insights into the root of the issue, it's still a nice "upgrade" to my duct tape approach. It's sad to know that nowadays as a user I can't trust my OS anymore – Alma Do Sep 09 '19 at 12:02
  • There is so many reasons/causes *why* it occurs, both legitimate and illegitimate, that it's a new question "how to prove *which* program is doing it" - and that won't help you much if next week you are hacked or attacked and a newer smarter method enables your camera without notifying you. Disabling is inconvenient and deprives you of something you paid for, so you *still* suffer a loss. --- It is only by using a physical block (that looks reasonable and operates easily) that you come out ahead. In future try to buy a laptop with a built-in shutter. EG: Lenovo ThinkShutter, ext.Logitech, etc. – Rob Sep 09 '19 at 12:40