Cover your camera: Is your phone watching?

Can your iPhone, Android, or laptop camera spy on your without your knowledge? Seems far-fetched, but is absolutely possible — here’s what you need to know about getting snapped without permission.

Paranoia Problems

Deputy Technology Editor Ben Grubb of the Sydney Morning Herald keeps his smartphone camera covered with electrical tape at all times, fearing the unwelcome attentions of a hacker or corporation looking to grab photo or video of his daily activities. Sure, this seems excessively paranoid — why would anyone care enough to grab random camera snaps or small videos — but is an increasingly popular trend. After all, in a wireless-enabled world where it’s possible to infect smartphones and tablets with a few lines of malware code and then steal everything from device IDs to passwords and bank account information, hacking the camera doesn’t seem like such a mean feat.

And guess what? It’s already happening.

Shutter Speed

According to Naked Security, University student Szymon Sidor says he created an Android app capable of taking photos and recording video even when the device’s screen is turned off. Sidor’s app works by using a tiny, 1×1 pixel preview screen to keep the camera running in the background. This screen is often touted as security feature by Google — the camera won’t operate unless a preview is being displayed — but all Sidor had to do was reduce the size down to nearly invisible and he had no problem taking hidden photos. And in March, Naked Security also found an spyware app for Google Glass that allowed photo taking without having the glass display lit.

Apple products aren’t immune to this problem, either; software has been discovered that allows malicious actors to turn off Apple iSight webcam warning lights — in one extreme case, a woman was blackmailed with pictures taken of her without her consent and without any clothes. The culprit was apprehended, but this kind of personal violation goes a long way to legitimizing users who cover up camera lenses even when their phones are not in use.

It’s also worth mentioning that there are also legitimate apps for iPhones that allow you to make it seem as though your camera isn’t recording. Instead, the screen can be entirely black or it can be made to appear that you’re just browsing a website and not taking a video. And while this might sound like fun and games if you’re the one in control — it’s your phone, after all — think about the implications of these apps as malware. What if you accidentally downloaded one and it was enabled remotely, or if a piece of malicious code took control of your camera app? You could be spying on yourself and not even know it.

Corporate Camera Capture

Of course, one-time malicious actors aren’t alone when it comes to harnessing your camera for their own purposes. Back in August, there was an uproar over the Terms of Service for Facebook’s Messenger App, which included permission to take pictures and videos with your device camera, even without your consent. Understandably, users were less than pleased with the idea that any corporation might be spying on them, no matter how unlikely the scenario.

And this isn’t uncommon. Many applications include permissions which are far broader than they should need — for example the recent criticism around Uber’s app and its permissions, which include obtaining your device ID, accessing your contacts and yes, using your camera.

So what’s the bottom line? Should you be covering up every camera you carry and periodically searching the web to make sure overseas hackers or mega-corporations aren’t using your image without permission? Probably not. Most hackers aren’t interested in your photos and videos unless there’s a personal grudge, while companies make app permissions as broad as possible to give them maximum legal leeway.

There’s always the chance that a free third-party app or email attachment come complete with a photo-taking, video-recording bit of malware hoping to peek into your personal life. Best best? Be smart: surf safely, hide your Internet business from prying eyes and maybe put that smartphone facedown with a book on top of it when you take a shower…just in case.