9

In addition to whether a webcam can be turned on without the indicator light, I was wondering if disabling the device in Windows' device manager is a good option.

Of course when your system is compromised already, it's possible (and probably trivial) for an attacker to turn the device on, and back off when he is done. But just about the theory, is there any way to use the cam without having to enable it first?

Additionally, can hardware management be protected, so that an attacker cannot turn a device on without knowing a password? Or if Windows can't, can Linux or OS X?

Most of this question is hypothetical, but I just wonder. Thanks!

Community
  • 1
Luc
  • 32,378
  • 8
  • 75
  • 137
  • I suggest to cover the lens. (Make sure to put a piece of paper directly over the lens to avoid tape-glue sticking to it). – Hendrik Brummermann Sep 29 '12 at 20:12
  • @HendrikBrummermann My laptop has a slide, but every time it's on its side (like in my bag) it slides open... Adding another cover looks kinda silly and paranoid. Good suggestion anyway! – Luc Sep 29 '12 at 20:17

2 Answers2

4

Most malware is likely to just iterate through all webcam devices and attempt to turn them on. Disabling the device in device manager is very likely to protect you against 99% of cases.

On a more anecdotal level, I've come across around maybe ten or so different bits of malware over the years that have various remote webcam capture functionality, but not a single piece of malware that has attempted to enable hardware devices that were previously disabled by the user.

Polynomial
  • 133,763
  • 43
  • 302
  • 380
4

You can completely disable your webcam by deleting the drivers on your computer. This will make the cam unusable by you or a virus.

November
  • 505
  • 1
  • 5
  • 12
  • 1
    Kind of a hassle to uninstall and install all the time, but still a good point. I indeed don't expect malware to go install drivers for webcams! – Luc Sep 29 '12 at 19:49
  • 2
    Assuming it's an external one, at that point it'd be quicker to physically remove the webcam. Obviously with a laptop you don't have that option. – Polynomial Sep 30 '12 at 11:25