sb-as logo
Story image

Afraid someone is misusing your webcam? Here's some tips for protection

08 Aug 2016

Article by Ondrej Kubovič, welivesecurity analyst

Imagine a situation where you are working on your laptop and all of the sudden the green light next to your built-in webcam blinks for a second and immediately goes dark again. Would you just ignore it? Or would you start digging around to find out if it was something more serious?

If you want to know which programs are actively using your webcam, or if you believe it is running despite the indicator light being off, here is a short guide to help you out.

First of all, you will need a tool that can show you this type of information. And thanks to Windows Sysinternals, there is a handy software for that – Process Explorer.

As soon as you run the tool, you will need to know the object name of your webcam to identify processes connected to it. This may be a little tricky for less experienced users who don’t know where to look.

This information can be found in the “Device manager”. The easiest way to get there is to use the search bar (available in all the most frequently used versions of Windows). The other option is to go via Control Panel/Hardware and Sound/Device manager.

If you have an integrated webcam, it will appear in the menu under “Imaging devices”, where you need to click on the Details bar, open the drop-down menu and select Physical Device Object name (such as “\Device\0000009c”). Copy the value displayed and move back to the Process Explorer.

Click the binoculars icon or press Ctrl+F and insert the Physical Device Object name to find active processes using your webcam. If this search shows any suspicious activity, you can let your antivirus check if the program using it is malicious.

It is important to note that even though Process Explorer will let you kill the selected process, it will not clean your machine from infiltrations, should there be any. Therefore we recommend running a scan using a reliable and multilayered security solution to locate the malicious activity.

This approach can also be applied to microphones, which might also be targeted by spyware.

Article by Ondrej Kubovič, welivesecurity analyst

Story image
Advanced threat actors engaged in cyberespionage up their game
"This recent activity signals a major leap in their abilities."More
Story image
Almost a third of malware threats previously unknown - HP report
A new report has found 29% of malware captured was previously unknown due to the widespread use of packers and obfuscation techniques by attackers seeking to evade detection. More
Story image
Need for greater understanding of data security responsibility as cloud adoption grows - report
Despite the accelerated adoption of cloud services, there was a lack of clarity and confidence regarding the protection and recovery of data stored in public clouds.More
Story image
Attivo Networks expands Active Directory suite for greater protection
"We see Active Directory exploitation used in the majority of ransomware, insider and advanced attacks. We are pleased to now offer our customers early and efficient solutions for preventing the misuse of Active Directory.”More
Story image
Video: 10 Minute IT Jams - Radware VP on the challenges of cloud security
In this interview, Techday speaks to Radware vice president of technologies Yaniv Hoffman, who discusses the primary challenges facing IT organisations in terms of their cloud security apparatus.More
Story image
Infrastructure-as-code, and how it can secure the cloud
Bridgecrew recognised IaC early on as one of the best ways for modern teams to delegate security ownership to individual contributors while distributing it across existing frameworks within CI/CD pipelines. This attribute meant that IaC was invaluable in securing cloud-native environments.More