ELi5: Why are PC webcams much more susceptible to hacking compared to modern smartphones?

442 viewsOtherTechnology

Is there a difference on the Mac side of things?
Does Android and iPhone deal with this in the same way or differently?

In: Technology

8 Answers

Anonymous 0 Comments

PC, Mac, Android, and iPhone are all computers, but are built in significantly different ways.

On a cell phone, the camera is a built in component of the device, so the operating system has some level of control over it. This means you have security by being able to control what programs do with it. We all have experienced “do you want to allow this app access to your camera?” An added benefit is it is possible that those limiting controls on the camera have a hardware level protection. In principle, This means that you cannot upload software (as hackers commonly do) to get around it.

By contrast, on a PC, a camera is a USB peripheral, which is designed to allow any software to easily access it and use it. There is no consideration of tightly controlling access. Even if your operating system did try to add some control, it doesn’t change the fact that USB format is designed to be easily shared, making it easier to get ahold of.

Your hardware level protection for your USB webcam is to cover the lens with a piece of paper or tape. Software can’t get around that.

In addition, PC’s are generally the easiest computers to hack. Windows is the most common operating system, so the most effort is spent learning to hack it. Moreover, Windows has very little in the way of security protections.

Once you hack into a PC, there is no camera specific security to stop you from using the camera.

Anonymous 0 Comments

Phone manufacturers make an effort to secure their phones. 

Cheap peripheral manufacturers mostly just shovel them out the door for as little cost to themselves as possible. “Secure this $9 webcam against hackers” is simply not a concern. 

Anonymous 0 Comments

This isnt anything realy webcam specific.
On a pc software is mostly allowed to do anything unless specificly restricted (Companies often restrict what users can do on their pc for this reason but most privat people never bother to that).
On phones software have to get permission to do anything that why they apps always ask you for permission after installing them. So if you dont give an app the permission to use your camera it cant use it (unless it somehow overcomes the OS security features which does happen but its kind of rare unless you are someone important).
So the easiest way for someone to get access to your camera on your phone is by having an app and you agreeing to give it access but as soon as its found out that this app does something bad its thrown out of the app store. Here is a little diffrence between iPhone and Android because apple is much more strict in what they allow on the appstore.
On pc you usually get software from a site and there is no single provider that could tell you hey this software is doing bad stuff.

This is to the general diffrences of phone OS vs computer OS but if someone realy wants to hack you specificly and has enough resoruces like state agencies there is practicly no diffrence between a phone or a computer and also no diffrence between apple, android, windows, linux and so on.

Anonymous 0 Comments

It has to do with the history of how PCs worked and how difficult it is to change things.

In the early days of desktop computing, the software that ran on your computer was trusted completely. It could do pretty much anything it wanted. There were early computer viruses that would cause drives in your computer to run until they overheated and caught fire; although not very successfully.

The point is that early computer operating systems put in place very few barriers to what software could do, this includes access to devices. So if you were writing software for older operating systems, you could just connect to camera devices without doing anything special at all. The whole thing was terribly naive.

Fast forward a decade or two and we’re all much wiser now. When the original iOS and Android operating systems were developed both Apple and Google gave a lot of consideration to how much control the operating system would exert over access to devices and data.

When Apple introduced 3rd party apps leading up to the opening of the App Store in 2008, developers were shocked at the level of control that iOS exerted over their apps. An app needed permission to do a lot of things that were taken for granted on desktop operating systems. Developers had to write their software to handle cases where the user simply said, “No, this app cannot access my camera.” Android has similar controls, of course. I’m just using iOS as an example.

This concept is called a “sandbox”. All apps run in their own sandbox. They can play with all the toys inside the sandbox, but the operating system controls access to anything that isn’t explicitly inside the sandbox. The operating system can also control access to things like CPU, memory, and storage resources.

This is a radical departure from what desktop software developers were used to, but it proved to be incredibly effective at preventing the kinds of malware we see on desktop operating systems. So why didn’t companies like Microsoft simply introduce sandboxes in Windows right away? Because of the weight of legacy software.

Remember that desktop developers were *shocked* at the level of control in iOS. Decades worth of software was already running on end-user’s computers, and these changes would disrupt popular software that millions of people use. Simply adopting these constraints and forcing them on end-users would have led to revolt. Microsoft wasn’t about to risk losing any marketshare by making radical changes.

Instead what we’ve seen is a slow shift over time. End-users adjusted to the idea of granting permission to applications as they used their smartphone devices. Desktop software developers also frequently develop for mobile, so they also got used to the mechanisms required to adapt to this new environment.

Instead of simply adopting all the mechanisms at once, Microsoft started slowly and has built on these security controls. You might remember UAC in Windows Vista (2007). Over time, Microsoft has added additional controls. In recent versions of Windows 11, the end-user must grant permission for applications to use the web cam, for example. Apple introduced that on macOS Mojave back in 2018.

The contrast between how quickly Apple and Microsoft introduce these controls has less to do with what the company wants to do and more to do with their user base. Apple can move quickly because their user base is much smaller, and they have come to expect breaking changes. Microsoft has a *much* larger user base, and that user base heavily skews toward commercial customers who are absolutely *not* tolerant of breaking changes. Basically, Microsoft might *want* to introduce more secure versions of their operating system, but these changes are at odds with the financial interests of their large commercial customers.

Anonymous 0 Comments

They aren’t, assuming oyu mean someone getting access to the video. PC webcams re just USB devices normally.

The part that can be hacked is the computer it’s attached to, which is unrelated to there being a webcam connected.

You can also connect a PC webcam to an Android phone and use it, too.

Anonymous 0 Comments

PC webcams are typically cheap, white-labelled embedded devices from China that are all made the same way. They are horribly insecure (especially if they have networking capabilities), and typically try to connect to some cloud servers somewhere. Little effort is put into securing them, which is why I’ll only allow them in a separate VLAN with no access to the Internet, and limited access to other things on my network.

Anonymous 0 Comments

Another thing that I didn’t see really mentionned here is how safe app store and play store are, they are basically the only place where the average user download exectuables from, all apps there are scanned against malwares before being allowed for the public to download. Sure you have APKs for androids, but your regular Joe doesn’t even know how to download a third party app on his phone. Computers tho? Most people download exes from websites to run softwares, which don’t go through any checks except for antiviruses, which aren’t that hard to bypass. Crypters sell for 100$ and they are good enough when they are firstly released.

Anonymous 0 Comments

Phones are based on modern operating systems with lessons learned from the past so security is a priority. Windows has had the baggage of being backwards compatible for decades now, although they need not fully support things from the 2000s, but that sliding window has done a number on its security limitations. Specifically phone OSes quarentine each app and force it to only have access to specific resources (camera, mic, contacts, location…) when the user is actively using the app. With windows most everything is open by default and “using the program” is much less well defined. A program can simply run in the background and not even be in the task tray yet still demand to have full access to whatever it wants as it was full screened. Microsoft tried numerous times to get people to switch to a rewrite, but because they target businesses those businesses demanded their legacy programs be fully functional. With Android they learned what limits to apply and made always running in the background almost non-existent.