Anyone peeking in on his life would be really bored, he said. Why should he care if someone far away watches him do homework or send emails? But when he needs to change his outfit or have a private conversation, he flips the screen closed — just in case.
Goncalves has a point, according to security experts. It’s unlikely that cybercriminals are sitting on the other end of a compromised webcam, eating popcorn and watching you fold towels. But that doesn’t mean the camera on your device isn’t a potential vector for spying. Hackers can worm their way into outdated operating systems or compromise the apps you’ve granted camera access. In that sense, a physical camera cover is an easy and inexpensive way to take control of your privacy and get some peace of mind.
“If you’re still worried, the best thing is a physical device, like a Post-it, to make you feel better that you’re making it impossible,” said Asaf Ashkenazi, chief operating officer of the security company Verimatrix.
But there’s a bigger question at play here, said Kavya Pearlman, CEO and co-founder of XR Safety Initiative, a not-for-profit that focuses on privacy and security in virtual reality, augmented reality and mixed reality settings. The cameras on our laptops, phones and tablets are now just a few of the many cameras capable of recording our activities. Soon, cameras on wearable devices like glasses could capture every moment of our days, Pearlman said. How will we guard our privacy when we’re surrounded by more cameras than our Post-it notes can cover?
How bad actors access webcams and other cameras
Outdated operating systems — software you haven’t updated in a while — are one way hackers could get access to cameras. Software updates usually include fixes for security vulnerabilities, so the longer you go without updating, the more likely your system contains bugs that hackers could use to pry their way in. Turning on automatic updates helps avoid a host of security concerns.
Most of the time, if hackers find a back way into popular operating systems from big companies like Apple or Microsoft, they’ll sell that information to governments rather than use it to spy on low-profile individuals, Ashkenazi said. An investigation by The Washington Post and 16 other news organizations detailed how the Israel-based company NSO Group sold spyware that could compromise iPhones and other Apple devices to foreign governments, which used it to surveil journalists, government officials and activists.
Apps are another way bad actors grab webcam access. Each time you give an app permission to use your camera, you put your privacy in the hands of whatever company manages that app, Ashkenazi said. That company may have excellent security protecting its data from outside hackers — or not. You may trust the company to use its camera permission wisely — or not. The app itself could be dressed-up malware designed to spy on its users, Ashkenazi notes.
Check your permissions regularly to make sure you’re not granting sketchy apps access to your camera, he advised. On an iPhone, go to Settings -> Privacy -> Camera and toggle off any apps you don’t need the camera for. On an Android device, check Settings -> Biometrics and security -> App permissions -> Camera.
Keep in mind that some webcam snoops walk in through the metaphorical front door. If you use a work-issued computer, your company may use software that lets it access your webcam. Companies generally aren’t using that capability to watch you at home, Ashkenazi said, but that doesn’t mean a one-off creep in the IT department can’t do it.
And last, your webcam spy may not even be human. Hackers can use automation to vacuum up data from compromised computers — including data from the camera, XR Safety Initiative’s Pearlman said. That data may never have an audience, but best to slap on a camera cover anyway.
Why your webcam sticker isn’t enough
Camera covers shut down snooping before it can happen. But they’re not a permanent fix — especially as it becomes harder to know when we’re on camera.
For instance, Facebook unveiled a $300 pair of “smart glasses” in September that can capture photos and videos as the wearer moves through the world. The specs are more subtle and stylish than predecessors from companies such as Google, and despite a lukewarm reception, it’s only a matter of time before smart glasses are part of our everyday lives, according to Pearlman. And that’s not to mention the camera-enabled connected devices springing up in our homes, cities and workplaces.
We’re heading toward an era of “constant reality capture,” she said, in which people and companies will be recording wherever we go. It raises privacy questions we haven’t yet tackled.
“What happens to our privacy when these [webcam] covers are just completely a historical phenomenon, and nobody cares anymore because everything is recorded anyway?” she said. “We’re moving into this culture where the question of ‘Should I have a mechanical cover to shut off any camera that could be spying on me?’ is moot.”
For Pearlman, real privacy is a matter of context, control and choice: In what context am I willing to be recorded? What control do I get over the data that’s captured? And was I given a choice to opt out?
Right now, companies make those types of privacy decisions, not consumers. In the future, that needs to change, Pearlman said.
“I think we need to open, decentralize and make these decisions collectively so that billions of people don’t feel powerless when these choices are taken away,” she said.