It’s the staple of all hacker and government-conspiracy fiction, not to mention quite a number of horror films: You’re being watched through your hacked computer or phone or through a hijacked surveillance camera feed. And, unfortunately, this is well-reasoned paranoia in the real world, because to an operating system, a camera is just another file that can be read and relayed.
Earlier this year, in response to the news and to reader queries, I went into detail with a few ways you could disable microphone input in software and hardware on a Mac. Video is surprisingly (or not so surprisingly) easier to block: You can simply put a piece of tape over a lens.
Security guru Christopher Soghoian, principal technologist at the ACLU, told an interviewer in August, “the best bang-for-buck when it comes to privacy…is putting a sticker or a Band-Aid over your webcam on your laptop.” That’s what Mark Zuckerberg did, and he also covered his mic—which, as I noted in the previous article, doesn’t help nearly as much as audio will still bleed through.
Audio and video tapping don’t lend themselves per se to mass surveillance, despite the NSA reportedly recording enormous amounts of phone calls and video sessions and using software to find words and people of interest. Even its alleged efforts represent a fraction of all conversations, much less when you’re not actively engaged in an online A/V conversation with someone.
Soghoian explained in the above interview the likelihood of you being spied upon individually, which is worth a glance. Most people are unlikely targets, but any activist, any member of a group that finds itself in the minority, and anyone who someone else might feasibly have a grudge against could find themselves in the crosshairs of audio- and video-tapping malware or products.
Students and workers with equipment provided to them could also be monitored without their knowledge. The best-known incident, but absolutely not the only case, is when a school near Philadelphia revealed to a student they were watching him at home on a school-owned computer. The school district later settled for over $600,000.
So what you can do besides tape? Some new and existing software for macOS can help.
Scotch that recording
There’s a bit of chicken-and-egg problem with software tools that monitor, report on, and block access to microphones and cameras: they’re susceptible to malware, too. Software designed to hijack your A/V would likely be savvy enough to check whether kernel extensions or other software is also monitoring devices, and would try to disable or mislead them.
But the more widely spread malware is—that is, the less targeted for a very high-value individual or group—the less sophisticated it is, and the more likely it will give itself away.
I wrote about Micro Snitch ($4) in my column on microphones, and it alerts you when built-in and some third-party video cameras activate as well.
Security researcher Patrick Wardle has a passel of free apps designed to help you protect your privacy and system integrity, and his OverSight will monitor not just for usage, but “piggybacking.” This is a technique seen in malware that can tap into a stream being used for FaceTime, Skype, or local recording, so the camera, mic, or both are already active when the surveillance starts. OverSight will pop up an Allow/Block warning with details about what triggered it.
And a free version CameraGuard alerts you to use of your camera. A paid version ($30) adds microphone blocking, and its maker says it uses heuristics to identify likely unwanted audio and video uses.
It’s hard to recommend one above another, except for cost, because until malware strikes (or you intentionally install a known example to test on an unpatched system), it’s impossible to predict whether one will perform better than another.
But whichever you pick, pairing it with new software like Little Flocker and Wardle’s BlockBlock, which I wrote about recently, could help prevent software from running that tries to disable monitoring software or hijack active streams.
But what about an iPhone or iPad?
It’s much more complicated in iOS, because you don’t have access to the operating system’s innards and iPhones are more fragile. While iOS has a strong security track record in terms of exploits that have made it into the wild, plenty of severe flaws have been found and patched, and may have been used to target individuals. Recently, I wrote about the three-exploit package deployed against a human-rights activist’s iPhone in the United Arab Emirates, which—had it been successful—would have allowed remote audio and video interception on demand by the attackers.
You can simply put a black opaque sticker over the front-facing camera, or get a case that obscures both the front and back cameras.
It’s hard to argue that Apple could do more with iOS, because the locked-down nature of the system prevents the casual installation of third-party software that might commit unwanted acts and more serious attempts to quietly subvert your privacy. Any software that manage to hijack your mic or camera on an iOS device is the kind of thing that won’t go undiscovered in the wild for long, given how many researchers are watching for just this kind of attack.