(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
 
EMC Avamar Data Store and Avamar Virtual Edition Multiple Security Bypass Vulnerabilities
 
Huawei AR Routers Multiple Information Disclosure Vulnerabilities
 
Google Chrome Prior to 53.0.2785.89 Multiple Security Vulnerabilities
 
ESA-2016-096: EMC Celerra, VNX1, VNX2 and VNXe SMB NTLM Authentication Weak Nonce Vulnerability
 
ESA-2016-065: EMC Avamar Data Store and Avamar Virtual Edition Multiple Vulnerabilities
 

During security conferences, laptops with tape covering the webcam has certainly been a common sight. But recently, covering webcams has become somewhat of a main-stream phenomenon, after Mark Zuckerberg was sighted with a covered webcam [1], and even the FBI director suggests people covering their cameras [2].

Laptops are often used in private spaces, and an attacker, with access to the camera, is expected to be able to spy on the user of the laptop. Attacks like this have happened, and even indicator lights can be disabled in some of these attacks. However, the camera is not the only sensor included in modern laptops and mobile devices that can be used to listen in. Most notably, mobile devices usually have several microphones, that are far more difficult to disable. The article about Mark Zuckerberg above shows how he also uses tape to cover up the microphone of the laptop. First of all, covering the microphone with electrical tape will not reduce the microphones ability to detect sound by much. Secondly, most laptops use multiple microphones. Disabling all microphones is difficult, and will most likely void your warranty if you outright remove them.

The webcam in most laptops is designed for video conferencing. As a result, it points at the users face, not at the keyboard, which would likely be more interesting. I have not seen a built in tilt pan camera yet. The resolution is also somewhat limited (1080p usually) and prevents the camera from seeing notes taped to a wall behind it. Access to the microphone (and of course to the keyboard via a good old fashion keystroke logger) can be a lot more useful.

Many mobile devices do use gyroscopes to detect motion. In some cases, these sensors were found to be sensitive enough to record conversations by detecting the vibration caused by sound. Microphones in close by mobile devices have also been found to be sensitive enough to record keystrokes on close by PC keyboards.

As far as cameras go, cameras in video conferencing systems, which often include pan/tilt and zoom have been used to look in on conference rooms. These cameras are often not covered up.

So what should you do?

- Keep your camera covered. There are some little sliding covers that you can buy, but a piece of electrical tape will work (add some paper to the back of it right over the camera to avoid glue residue in case you use it).
- In particular for sliding covers, make sure the frame doesnt cover the LED indicator. You should be able to see if the camera is on while the cover is open
- For systems like video conferencing cameras, point them in a safe direction (wall) while not in use
- Sadly, I havent seen laptops with physical switches for microphones. If you cover microphones, make sure you test that the cover works (maybe some foam will work) and get the schematic for your laptop to know where all the microphones are located.
- Dont forget your mobile devices!
- and if you want real privacy: Leave the electronics in a different room and power it down.

Any other tips I missed?

[1]http://www.theverge.com/2016/6/21/11995032/mark-zuckerberg-webcam-tape-photo
[2]http://thehill.com/policy/national-security/295933-fbi-director-cover-up-your-webcam

---
Johannes B. Ullrich, Ph.D.
STI|Twitter|LinkedIn

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
 
Huawei AnyOffice Remote Denial of Service Vulnerability
 
Multiple Huawei USG Products Buffer Overflow Vulnerability
 
Call for Papers - WorldCIST'17 - 5th World Conference on Information Systems and Technologies (Published by Springer)
 
[SECURITY] CVE-2016-5017: Buffer overflow vulnerability in ZooKeeper C cli shell
 
Internet Storm Center Infocon Status