Video calls and security: Is it true my webcam can be hacked?

Are video calls secure? It depends. Understanding the answer to this question requires an understanding of how a video call works and what the potential security vulnerabilities are.

A video call primarily consists of four elements:

• The caller
• The receiver
• The connection between them
• And the application being used

In order for the system to be deemed secure, the security and privacy of all four elements must be ensured. What that means is that nobody can listen to or access the messages either on the participants’ devices or during their transmission. Cybercriminals have various motives for wanting to intercept messages: bugging public figures to get ammunition to tarnish their images, tapping influential people to benefit from knowledge about legal or corporate reforms, and even random eavesdropping for the purpose of taking the pulse of society: what are the greater concerns and how could they be used for future attacks.

The protection of messages while they are being transmitted is dependent on the application and is addressed by using encryption techniques. These techniques translate the message into a sequence of characters that are unintelligible to anyone who does not know the encryption key. This means that the message cannot be understood even if it is intercepted. This is why it is important to take the following points into account when using an video call service:

• Only download and install applications from official supplier sites or portals in order to avoid using a fake version that could be used to intercept communications and find targets for scams.
• Always keep applications updated to the most recent version so that any possible security faults identified in earlier versions are addressed.

Protecting messages in the users' devices relies on ensuring that criminals are not already inside the device. Cybercriminals may have gained access to the device through previously installed malware.This frequently occurs surreptitiously when files are downloaded from fraudulent pages or via malicious links in phishing or smishing messages sent to the user. To prevent this from happening, you should:

• Activate antivirus software and keep it updated on all compatible devices with Internet access.
• Never click on links from email messages, SMS, or social media if you do have doubts about their origin or authenticity.

Furthermore, to ensure keeping conversations private, users should avoid involving people they don't know, who might have malicious intentions. This can be achieved by:

• Correctly configuring the setting options on the video calls to prevent them from becoming public, sharing the connection details only with those people who should be involved on the call, not posting those details on social media platforms or in open forums.
• Make sure conversations are taken in a secure physical environment where neither unauthorized people nor devices can listen in.

Then why do they recommend covering up device cameras?

After verifying that your video conferences and cameras are secure, using official applications, keeping devices free of malware, and following best practices during the video call, it would be logical to think that no one can misuse the camera on your device. But, there are other secondary risks that should also be taken into account that induce many users to physically block their cameras.

Providing customers a product or service to generate profits is any company's goal. In many cases, this return is made with a payment, subscriptions or commissions, and in other cases, like with specific applications that are supposedly completely free, through the sale of customer data to third parties. This may be the case for certain “free” smartphone tools, without other associated services, such as free readers and games or in some social network platforms.

Even in regions like Europe, which is especially sensitive to user privacy and has significant regulation on the books, this can occur because the user authorizes these practices when he or she grants the requested permissions during application installation. Assessing a device's application permissions easily shows that camera access is one of the most requested permissions. This, together with the possibility of malware hijacking the camera in order to spy, is the main reason why stickers and other physical barriers are used to block a device’s camera.

In this landscape, some companies exploit customer impatience by collecting excessive data when consumers are rushing through the application's terms of service. It is therefore recommended to:

• Review the privacy terms before installing any applications and consider replacing the application with something else if the terms seem excessive.
• Restrict all permissions that aren't needed for installed applications. In some cases, permissions can be enabled only while the application is in use.
• Delete accounts and applications that are no longer used or that seem to have excessive permissions for the functionality they provide.

The threats that exist in the virtual world are not so very different to those in the physical world. This is why, event with the best security tools installed and monitoring your device ... you are the best defense!

If you want to find out the best ways to protect yourself online during the COVID-19 crisis, read the following articles:

• How to protect the elderly from hackers in the age of COVID-19
• Tips to avoid online misinformation during the coronavirus crisis
• Against coronavirus, you also need to protect yourself online
• The impact of COVID-19 on the spread of cybercrime
• In the age of COVID-19, protect your children on the Internet
• Spam or phishing: Why am I getting so many of these messages recently and what should I do with them?
• Telework and cybersecurity. Safeguarding your corporate information during confinement