Information security, and for that matter personal security, requires a healthy dose of common sense and making sure you are informed.
Most desktop computers, notebooks, tablets and smartphones are equipped with at least one camera, microphone and antenna. While most of us take for granted the utility of these features, and often select the manufacturer and model of the computer and devices we use based upon the quality of the features, all users should be aware of the risks, permissions and unwanted invitations that they are extending to others.
Yes, it is true that a web camera on your computer can be remotely turned on by a hacker without your permission. And yes, though possible, it is also illegal. Likewise, your computer’s microphone can be turned on and your storage can be accessed. If you can imagine someone doing something to your computer without your knowledge, it is likely possible. Granted the likelihood of it happening to individuals is remote, and the chances are typically related to what might motivate a hacker to target an individual.
For corporate users at successful companies, attacks are commonplace. Risks are increased with exaggeration of business networking profiles, unauthorized personal social media use of company technology, and participating in thrill-seeking, dangerous, online activities with a misguided belief that ignorance is bliss.
Four Risk Mitigation Strategies
There are four risk mitigation strategies: mitigate, accept, transfer and ignore. Ignore or accept can be reasonable strategies for online purchases using credit cards at reputable e-commerce sites and submitting personally identifiable information (PII) is safe when encrypted and web services are hardened.
In the case of hardware components, mitigation is your best strategy – and it does not take much technical knowledge. Desktop computers, though declining in popularity, normally do not have a built-in web camera or microphone. External devices, including web cameras and microphones, can be easily disconnected when not in use. While some notebook computers have built-in camera lens covers that disable the microphone when engaged, most portable devices do not. Additionally, internet of things (IoT) voice- and video-activated devices should not be assumed to be secure.
There are some inexpensive, easy safeguards that all users should consider:
- Read the instruction manual and ensure that you know what capability electronic devices have
- Cover the web camera when it is not in use. A simple 3M post-it or a folded business card – the darker color the better – blocks most video
- If you do not expect to use an integrated camera, cover it with dark electrical or duct tape
- Purchase external accessories that include security features
- Do not disable light indicators that illuminate when an accessory is in use.
- Cut the wire and connector from an old set of headphones and plug it into the microphone jack. This will disable most built-in microphones.
Another straightforward strategy is to shut off your computer when you are not using it, or at the very least, disconnect the network cable and/or disable all wireless network connections. This may not be convenient, but it will prevent unwanted use and eavesdropping.
Ownership and use of tablets, cell phones and other connected devices requires a degree of acceptance of risks. There is absolutely no reason, however, not to be knowledgeable and understand exactly what risks you are accepting, especially when you accept “free” software applications. Read the permissions you are agreeing to before you install software, especially on any portable device. And remember, your device has a power-off switch so consider using it.
These are some of the permissions of commonly used smartphone applications.
Take Pictures and Videos
Allows the app to take pictures and videos with the camera. This permission allows the app to use the camera at any time without your confirmation.
Modify or delete the contents of your USB storage. Modify or delete the contents of your SD card or internal memory. (The right to read your memory card is required to modify or delete).
Read Sensitive Log Data
Allows the app to read from the system’s various log files. This allows it to discover general information about what you are doing with the tablet, potentially including personal or private information.
Allows the app to get your approximate location. This location is derived by location services using network location sources such as cell towers and Wi-Fi. These location services must be turned on and available to your device for the app to use them. Apps may use this to determine approximately where you are.