Last week, Joanna Stern of WSJ posted an article in the Personal Tech column that has reflected on an interesting question related to cameras that are now integrated with modern laptops – "How secure are these little eyes in our privacy?"
Interesting question. Well tell me Personal Tech column, what is the safety of these things?
The bad news is that it was possible for Mr. Heid [a certified ethical hacker ethical hacker and chief research and development officer at Security Scorecard] access the webcam of my Windows 10 laptop and, from there, to my entire home network. He also cracked my MacBook Air.
This sounds pretty bad and many might use some insulation tape to cover their cameras. However, the following sentence deflates much of the drama of his predecessor.
The good news is that both operating systems could initially thwart the hacker. I had to do things intentionally careless for him to "succeed".
Hmm … "things intentionally careless."
Must read: Apple products not to buy (February 2019 edition)
It is there that the narrative begins to collapse. In fact, the steps that Stern had to go through to allow the "hacker" to access a Windows 10 machine were pretty detailed. Stern even goes so far as to admit to having "played the game" with Heid's demands.
When I opened the attached Word document, Microsoft's free and integrated antivirus software, Windows Defender, immediately reported it. When I clicked on the link to the "reel", the file that the download started was identified as a virus and deleted. The system was working well, but I wanted to see what would happen if I was someone who had not activated the antivirus or had disabled it because it was getting annoying .
I entered Windows settings and disabled real-time antivirus protection. I was able to download the & # 39; real & # 39; no problem. But when I double-clicked on the document, Microsoft Word opened it in a protected view. I have voluntarily dismissed the warning sign and activated the document edition.
That's a lot of playing along. In fact, a hacker asks the victim to send his laptop by e-mail, making sure to write the login password on a post-it.
Entering a macOS system was even more complicated.
The hacking of a MacBook Air 2015 running the latest version of MacOS, Mojave, also required a multi-step process (and some "victim" errors). This time, the malware was embedded in a .odt document, an open source file format.
To open it, I downloaded LibreOffice. The free version of the popular open source office suite is not however in the Mac App Store. So I had to disable the Mac security setting which prevents the installation of an unverified developer software. This is something that comes up frequently when downloading the many popular apps that are not listed on the App Store. (However, I could have paid $ 14 for a version in the App Store.)
Once I installed LibreOffice, I disabled its macro security setting, according to the instructions of the hacker. You can do this in some cases, for example because your company has used an inventory spreadsheet or a sales form specifically designed for this purpose, but for most people, it's a bad one idea.
Note: According to the article, Heid managed to pull it all out by "using standard hacking tools", no matter what they are.
I'm sorry, but apart from taking a screwdriver and snatching the camera from the laptop 's cache, I see no way to prevent a hacker from accessing the laptop. camera system when someone as consistent is driving. If someone agrees to download this, install it and disable the other, it's as if the hacker was sitting at the keyboard and he was practically in control of the system.
I'm also convinced that a person paranoid enough to record a tape on his webcam will probably not be as obedient, and if she manages to find a perfect balance between suspicious and compelling, nothing will prevent the hacker from coming up with a fictional story to get them to remove the obstruction ("oh, take on the screen covers the flux capacitor needed to power the decoder circuits.").
Rather than be wary of the security of the webcam, the Stern article reinforces the potential of modern operating systems in protecting users from hackers, even issuing warnings to try to protect them their unconscious incompetence.
For companies that distribute laptops to everyone, this is where users' awareness of the risks, the need to not ignore warnings and perhaps not to be as consistent with people at random asking them to disable systems pay dividends.
Perhaps there is also an interest in having laptops on which the cameras are not installed and using removable USB cameras if necessary. But this only removes an attack surface. Nothing prevents the hacker from simply asking the user, if thoughtful, to email him the information he wants.
I also find it interesting that the room worries about webcams and suggests sticking on it, while saying nothing about the built-in microphones that are also present in modern laptops.
The piece contains some sensible recommendations on the use of passwords – which can be summarized as follows: "do not reuse passwords and do not modify those that have been compromised" – which, in my opinion, contributes to the use of passwords. do a lot more than cover a webcam camera does.
That said, if you are using an old crisp laptop running an old operating system that has not seen updates in a while, covering the webcam may not make sense, but the truth is that it will only be the tip of the security headache you are facing.
That said, if you cover your webcam camera so that you feel better, go for it. It's your laptop, and those eyes are looking into your workspace and your life. You can use something as simple as insulating tape or a sticky note. You do not need to invest in a special sticker to do the job. But I would also recommend that you think about why you do it.
Do you cover the webcam of your laptop? If yes, why? If not why not let me know!