Is the HP Webcam Kill Switch truly secure?

[Euchre]

I recently saw an ad from HP touting their 'Webcam Kill Switch' on their newer systems. They proclaim it a hardware solution, and 'unhackable'. I can't find a good teardown for the Spectre X360, which Linus reviewed, that shows how the switch is really integrated into the system. I wonder if it is actually a pure hardware power circuit interrupt to the webcam, or is really a hardware switch that is really just supplying a signal to software switching the webcam off. If the latter is true, it ends up being like a lot of previous 'physical switch' solutions in systems that supposedly offer a higher level of security than pure software switching. I found this especially interesting as HP's own all-in-one systems have been showing up with a simple, physical obscurement of the webcam, either in the form of a moving module or a simple plastic shutter. Other makers have also been doing this more lately, and you can buy little stick on shutters that are very effective and quite cheap (I recently added them to my 2 HP laptops that lacked such obscuring hardware). Maybe someone here has delved into this more, or Linus could even poke his nose into the situation.

 

Here are a couple of the HP ads:

 

 

 

The 'airplane mode' key on my keyboard is certainly one of those 'soft solutions', and the only hardware solution I've ever seen to disabling a system device like it is on my old Lenovo ThinkPad, with the Wifi/Bluetooth switch, which kills power to said module physically. As we all likely know, anything software will, sooner or later, end up being hackable remotely, which is the greatest concern with a webcam. After all, if someone has physical access to your machine to overcome a hardware solution to webcam security, they can probably just install a camera of their own you'd be completely unaware of, as opposed to the webcam you know is built into your computer.

[GoodBytes]

All I can say is:

1. Your microphone will hurt you more than your webcam.
2. Windows 10 inform you via a system tray icon, when your microphone or webcam is being used by anything. You'll see a microphone icon there.
3. However, if you want to disable your webcam and/or microphone, the best way which applies everywhere, is to simply disable the device in Device Manager. A program needs to do extensive amount of work code wise to enable the device behind your back, and needs administrator privileges. I have yet to hear about a malware that does this.

 

[Euchre]

12 hours ago, GoodBytes said:

All I can say is:

1. Your microphone will hurt you more than your webcam.
2. Windows 10 inform you via a system tray icon, when your microphone or webcam is being used by anything. You'll see a microphone icon there.
3. However, if you want to disable your webcam and/or microphone, the best way which applies everywhere, is to simply disable the device in Device Manager. A program needs to do extensive amount of work code wise to enable the device behind your back, and needs administrator privileges. I have yet to hear about a malware that does this.

 

Your first point is pretty observant and valid, if someone is targeting you specifically for surveillance, as they'll know how to use information you speak around your computer. However, for the random opportunist voyeur, being watched doesn't really require a specific target. Also, it is much easier to prove what is seen on a camera as being you, for the sake of abuse, like explicit images or video, or anything compromising. Proving that an audio recording is your voice is much harder, and the quality of the audio on most of these devices is fairly low, often not on par with the current HD cameras in just about everything.

 

That second point - I just fired up my camera app (to a dead black image, because I use said physical shutter), and nothing shows up in my system tray. I even checked the expanded tray icon popup, and nothing. I wonder if this isn't really a default, or is only for known 3rd party apps using the camera or its API? I really don't use the camera on this laptop for anything, so I don't have anything other than the included app to go by.

 

As for your last point, this may seem true, but a valid point that HP offers is that the switch is to help prevent an unintentional exhibition via your webcam, which you otherwise do intend to use. In that scenario, though, using a hack to defeat a software based 'kill switch' so that the webcam is always on despite what the switch (and perhaps even the current app used) shows, would make the switch a complete placebo and useless. As for administrator privileges, that's usually the first step in any major hack of software. To overcome things like the notification LED coming on, admin access is probably needed anyway. Apparently, escalation of privileges exploitation has happened to Windows 10 at least once in the past. OK, make that twice. Point is, it can happen, and probably will again. The only way an OS will ever become permanently immune to exploitation would be if it also never was developed beyond just resolving security flaws.

 

My question remains, though - is the 'kill switch' really a hardware interrupt to power, as in a circuit breaking switch. That would be a truly 'unhackable' solution. Meanwhile, I'm sure a plastic shutter that comes to $1.62 each is an unhackable, universally applicable, and trivial solution.

[GoodBytes]

6 hours ago, Euchre said:

Your first point is pretty observant and valid, if someone is targeting you specifically for surveillance, as they'll know how to use information you speak around your computer. However, for the random opportunist voyeur, being watched doesn't really require a specific target. Also, it is much easier to prove what is seen on a camera as being you, for the sake of abuse, like explicit images or video, or anything compromising. Proving that an audio recording is your voice is much harder, and the quality of the audio on most of these devices is fairly low, often not on par with the current HD cameras in just about everything.

Incorrect. Beside small claim court, judges don't care about footages not recoded by police, as in society, police is considered a trusted source. Footage can be altered.

Nothing says that the person going after you, dressed like you, and make it look like you, did something. And in most countries, recording without consent or warrant (again police doing it) is not considered invalid as well in court. However, steeling your evil plan of doom from your e-mail conversation, is considered valid evidence.

 

So far, no one got into court from a webcam recording. The worst that it occur is you do things that can be viewed as porn, and put onto a porn site.

 

6 hours ago, Euchre said:

That second point - I just fired up my camera app (to a dead black image, because I use said physical shutter), and nothing shows up in my system tray. I even checked the expanded tray icon popup, and nothing. I wonder if this isn't really a default, or is only for known 3rd party apps using the camera or its API? I really don't use the camera on this laptop for anything, so I don't have anything other than the included app to go by.

I stand corrected. The Microphone of the webcam can be used.

So here is the fix:

Start > Settings > Privacy > Camera.

 

Scroll down and turn this option off:

 

 Now it will only work with UWP apps which you can enable or disable per app basis.

Apps even with admin rights, can't switch for you on any settings.

 

 

6 hours ago, Euchre said:

As for your last point, this may seem true, but a valid point that HP offers is that the switch is to help prevent an unintentional exhibition via your webcam, which you otherwise do intend to use. In that scenario, though, using a hack to defeat a software based 'kill switch' so that the webcam is always on despite what the switch (and perhaps even the current app used) shows, would make the switch a complete placebo and useless. As for administrator privileges, that's usually the first step in any major hack of software.

I have yet to see UAC be by-passed successfully under Windows 10 by a malware/virus.

 

6 hours ago, Euchre said:

To overcome things like the notification LED coming on, admin access is probably needed anyway. Apparently, escalation of privileges exploitation has happened to Windows 10 at least once in the past.

Nope. Finding a security flaw by a security firm, does not mean that it has been exploited. 

 

6 hours ago, Euchre said:

My question remains, though - is the 'kill switch' really a hardware interrupt to power, as in a circuit breaking switch. That would be a truly 'unhackable' solution. Meanwhile, I'm sure a plastic shutter that comes to $1.62 each is an unhackable, universally applicable, and trivial solution.

Ask HP or a security firm.

No one has the know how on this forum is even close in knowledge to start hacking the thing and discover a security vulnerability.

 

If it bugs you that much, then just physically disconnect the webcam ribbon cable, and connect a USB webcam when needed (which the person you are doing a recording with without you knowing, and can stab you on the back by recording you and spread you evil plans for world dominations). 

 

[RejZoR]

I just disable the webcam driver. And microphone in the audio control panel.

[GoodBytes]

For that HP switch, perhaps an easy way to test the reliability (mind you I am no security expert), is install Linux based OS, and see if the webcam works with some generic webcam driver while having the switch enabled, and then flip the switch and see if the feed is cut. 

 

A simple implementation of a "kill" switch of the webcam is simply cutting the 5V lane of USB that leads to the webcam.

 

If under Linux, you need special HP driver to get the switch working, then you'll know that the switch is just a software thing and can be by-passed.

 

Now why Linux? Because I doubt that HP would have published Linux drivers for this, and are built-in into most distros or distros update system. That is the logic I am going with. Maybe you can try with Windows 7 (in trial mode is all you need) without connecting on the web (fresh install from disk, not updated) if you can find generic webcam drivers that works with the HP webcam as another option.

[Euchre]

1 hour ago, GoodBytes said:

Incorrect. Beside small claim court, judges don't care about footages not recoded by police, as in society, police is considered a trusted source. Footage can be altered.

Nothing says that the person going after you, dressed like you, and make it look like you, did something. And in most countries, recording without consent or warrant (again police doing it) is not considered invalid as well in court. However, steeling your evil plan of doom from your e-mail conversation, is considered valid evidence.

 

So far, no one got into court from a webcam recording. The worst that it occur is you do things that can be viewed as porn, and put onto a porn site.

I'm not talking about using a webcam for law enforcement or 'the government' to 'get me'. I'm talking about individuals who are looking for material for perverse pleasure, blackmail, or general harassment or embarrassment. I'm no conspiracy theorist, not paranoid about 'government tracking'. I'm just thinking in terms of people wanting their privacy preserved from general leakage.

1 hour ago, GoodBytes said:

I stand corrected. The Microphone of the webcam can be used.

So here is the fix:

Start > Settings > Privacy > Camera.

 

Scroll down and turn this option off:

 

 Now it will only work with UWP apps which you can enable or disable per app basis.

Apps even with admin rights, can't switch for you on any settings.

 

 

I have yet to see UAC be by-passed successfully under Windows 10 by a malware/virus.

 

Nope. Finding a security flaw by a security firm, does not mean that it has been exploited. 

That's some serious head-in-the-sand thinking when it comes to what could be done. Time and again, things that are 'impervious' to exploit are proven not to be. Just because an exploit was found (officially, that we know of) by a security firm first doesn't mean it couldn't be found by a less responsible party.

1 hour ago, GoodBytes said:

Ask HP or a security firm.

No one has the know how on this forum is even close in knowledge to start hacking the thing and discover a security vulnerability.

I'm not asking anyone to hack the feature to see if it is exploitable, I'm trying to see if anyone knows from a simple hardware perspective how the kill switch functions. This can be determined pretty non-destructively by anyone who might have access to the hardware and is willing to delve into it a little bit. If it is a true hardware solution, it is robust enough to largely support HP's claim of 'unhackable' status.

[Neiblie]

I just received an email trying to blackmail me   Said they have video using my webcam minutes after I logged out of Jodi. I have an hp envy with webcam switch that was off. The gentleman who started this thread asked if this switch is hardwired or if it is a software based switch. It seems pretty legit or maybe they are just using other info on my computer. Can someone who knows help

[Middcore]

1 hour ago, Neiblie said:

I just received an email trying to blackmail me   Said they have video using my webcam minutes after I logged out of Jodi. I have an hp envy with webcam switch that was off. The gentleman who started this thread asked if this switch is hardwired or if it is a software based switch. It seems pretty legit or maybe they are just using other info on my computer. Can someone who knows help

The "we hacked your webcam to record you jacking off" or whatever thing is one of the most common scams. They don't have squat, they're just playing the odds that there are enough gullible people who watch porn on their PC's that will be scared into forking over some cash. If they send these messages to 1000 people and 5 of them fall for it then they're coming out well ahead.

 

As for a webcam "Killswitch"... Both the webcam my main setup and the webcam on my laptop (ThinkPad X280) have a physical shutter that I can use to cover the lens when they're not in use. That's the best kind of "Killswitch" and the only one I'd trust was anything more than marketing BS.

 

[LogicalDrm]

*** Thread locked ***

 

There was no point of reviving this.