As you have probably heard, Apple disabled its Group FaceTime feature to fix a security flaw that was discovered. The security flaw allowed someone using Group FaceTime to listen in on the call recipient's microphone even if the call recipient did not pick up. To achieve this, you would call someone using the FaceTime feature. Before the call recipient picked up, you could swipe up on your mobile phone and add your own number as an additional caller. As a result, you could eavesdrop on the call recipient's microphone.
According to The Verge, if the call recipient hits the power button or volume button to ignore the call, it also broadcasts video of the call recipient. This security glitch is a reminder to us that we need to keep our webcam and audio features on devices safe from hacks whether it be intentional or unintentional.
They're Spying on Me
This is not the first time an uninvited guest has gained access to audio or webcams through our computers/smart devices. In January 2018 the US government charged Phillip Durachinsky for 13 years of cybertheft. He was able to hack into webcams and microphones. He stole passwords, tax records, medical documents, photographs, bank statements and private information from many people.
In a study from the University of Amsterdam, research indicated that smart TVs were snooping on the owners. TV users' online and offline behavior as well as personal conversations were being sent back to manufacturers. Since then, the GDPR law has passed adding a layer of protection for consumers.
These stories spark concern over the possibility of microphones and/or webcams in computers/smart devices being hacked personally and within your company. Cybercriminals may target specific groups to spy on for financial gain, to acquire insider information and more.
Phone cameras are a unique risk because many users do not implement the full security that they would on their laptops. In addition, mobile applications are constantly asking permission to access the webcam. Carefully consider which applications you grant permission to access the webcam, microphone, etc. and determine why the application needs access.
Confirm that your employees know the importance of protecting themselves both at work and at home from webcam and audio hackers. Carefully consider the security controls necessary to protect the computers/smart devices used in your office and remotely.
10 Ways to Take Back Control
- Use a webcam cover to protect your devices.
- If you have not yet, confirm that all devices have antivirus software installed.
- Confirm that all devices have firewalls turned on.
- Secure your Wi-Fi connection. Never use public/free Wi-Fi.
- Do not open suspicious links or emails. Be cautious of shortened uniform resource locators (URLs).
- Do not use unexpected tech support offers. They may try to convince you to download remote access software.
- Disable remote access if possible (Windows Remote Assistance and Remote Desktop).
- Change your video feed and settings page from the default password to a specific username and password.
- Investigate if you see your webcam light on and you are not using it.
- As a general rule of thumb, do not chat with strangers online.
The Institute for Critical Infrastructure Technology (ICIT) states, "Virtually every computer, smartphone, and internet-enabled mobile device has a camera and microphone that can be used by malicious threat actors to surveil and spy on the user." FaceTime's security flaw is a reminder to all of us that information can be exposed even without malicious intent. Part of our advanced technologies results in the occasional security bug that needs addressed. Continuous education and communication with your employees strengthens the security of your business.
Written by Michelle Stamps
Michelle has over 10 years of experience in marketing and business development across various industries including government and non-profit. Her background in writing, facilitating presentations and event planning allows her to use her creative skill-set and her relationship building skills strengthens her ability to understand the human element role in cybersecurity and to support positive behavior change. Whether she is out in the community, blogging or developing the next social post for TechGuard, she believes in telling the company’s story and uses relatable, real-life examples to connect with our clients. If you know Michelle outside of work, you would know that she loves sunny days and tropical places.