Last week was unsettling for Mac users worried that someone could hijack the cameras and microphones built into their phones and laptops.
On Thursday, Apple disabled the Walkie Talkie audio chat feature in its smartwatches to fix a vulnerability that would allow someone to listen in on consumers without their consent, according to a report in TechCrunch.
Just a few days earlier, a security researcher revealed a similar flaw in the videoconferencing app Zoom that could be exploited to trick Mac users into opening a video call, even if they had uninstalled Zoom in the past. Both Apple and Zoom have issued updates to address the problem.
There haven’t been any reports of consumers falling victim to either of these vulnerabilities, and security flaws with connected cameras and microphones are nothing new. Still, the news adds fuel to one of consumers’ top fears over digital privacy.
While targeted advertising works so well that it can seem like tech companies must be illicitly recording your conversations, privacy and security experts say that isn’t actually happening—marketers have other, very effective ways to learn what people may be interested in.
On the other hand, there is a real, if remote, risk that hackers could take control of your devices’ cameras and microphones, security experts say.
“These are the risks we accept with these smart devices,” says Patrick Jackson, chief technology officer at Disconnect, a cybersecurity firm that has partnered with CR on investigations. “They have a lot of sensors, and you’re not always aware of whether they’re on or off.” However, Jackson says, there are a few easy steps you can take to protect yourself, no matter which brand of computer or smartphone you use.
Skip Dedicated Video and Audio Chat Apps
“Every time you install a new app on your device, you’re adding another back door into your system, with more potential software vulnerabilities that hackers can try to exploit,” says Cody Feng, project leader for security and privacy testing at Consumer Reports. “In digital security, we call this your ‘attack surface.’ Reducing that surface is always a good idea.”
Most apps like Google Hangout, Skype, and Zoom give you the option to make and receive calls by logging in to their site on your web browser without downloading any special software. Using your browser instead of downloading an app is an easy way to stay a little safer.
A web browser isn’t inherently more secure, but the fewer apps on your machine with access to your camera and microphone, the fewer opportunities hackers will have to break in and spy on you.
“For some people, there will be chat apps you can’t avoid because they have features that aren’t available in the browser version of the service,” Feng says. “And you may not have the option to remove apps that come preinstalled on your device, like the Apple Watch’s Walkie Talkie feature. That’s okay. Just take the steps that make sense for your situation. Any extra effort will leave you better protected.”
Check Your Device Permissions
All sorts of apps can request permission to access the camera, microphone, and other features, such as location information, on your phone or computer. Using the steps below, it’s easy to see which apps have requested permission, and revoke permissions that you’ve granted in the past.
“Make sure you understand all the apps that have permissions for video and microphone access,” Disconnect’s Jackson says.
Jackson recommends turning off any permissions that aren’t important for your day-to-day life. That way, even if an app is compromised, the attacker won’t be able to make a direct connection to your camera or microphone without implementing some additional hack.
On an Android phone: Go to the phone’s Settings > Apps (or Apps & Notifications) > Advanced > App permissions > Camera > Tap the toggle next to an app to revoke permission. Then go back and do the same under the “Microphone” menu. (These instructions may vary slightly depending on which phone you have.)
On an iPhone: Go to the phone’s Settings > Privacy > Camera > Tap the toggle next to an app to revoke permission. Then go back and do the same under the “Microphone” menu.
On a Mac: Go to the computer’s Settings > Security & Privacy > Privacy > Camera > Uncheck the box next to an app to revoke permission. Then go back and do the same under the “Microphone” menu.
On a PC: Go to the computer’s Settings > Privacy > Camera > Turn off Camera access altogether, or use the toggles next to individual apps to adjust permissions. Then go back and do the same under the “Microphone” menu.
Update Your Software and Firmware
Updating software and firmware is critical to staying on top of your digital security. Sometimes, as with the Apple Watch’s Walkie Talkie problem, manufacturers will roll out updates automatically to help keep consumers safe when serious flaws are identified.
In other cases, as with the Zoom app, you may need to take additional steps to ensure you’re protected. According to Zoom, consumers who use the app can head to the site’s Download Center to check for updates. Alternatively, open the app, click “zoom.us” in the top left corner screen, and select “Check for Updates.”
“Don’t wait until you hear about a problem to look for updates, and install security updates immediately,” Feng says. Turn on automatic updates, or check for updates frequently.
The Tape Method
There’s a famous picture of Mark Zuckerberg with a laptop in the background that has a piece of tape covering the camera. Doing the same with your computer is one shortcut to peace of mind. If tape looks too messy for you, you can buy stickers just for this purpose that are designed to be easily moved and replaced.
“That physical barrier is a great solution for video, but it won’t work quite as well for your microphone,” Jackson says. In fact, he says, built-in microphones are often designed to keep working even if they’re obstructed, so you don’t accidentally silence a call with a misplaced finger. “With a phone or laptop mic, you often just have to rely on software to protect you,” Jackson says.
However, you could try what’s called a “microphone blocker,” essentially a dummy plug with nothing on the other side of it that you insert into your device’s headphone or microphone jack. When working as intended, a blocker tricks a device into thinking a microphone is plugged in and switching over from the built-in microphone, so a hacker wouldn’t get a signal if they breached your system.
“That may not work on every device,” Jackson says, but microphone blockers are usually cheap, so if you’re really concerned about hacked mics, it may be worth a shot.