Vendors must start adding physical on/off switches to devices that can spy on us

Update (May 15, 2019): This post was linked and its author quoted as a source in this Fast Company article on the same subject.

Where’s my webcam’s off switch?

Have you ever noticed that your webcam doesn’t have an “off” switch? I looked on Amazon, and I couldn’t find any webcams for sale that had a simple on/off switch. When I thought I found one, it turned out just to have a light that turns on when the camera is in use, and off when not—not a physical switch you can press or slide.

The “clever” solution is supposed to be webcam covers (something Mark Zuckerberg had a hand in popularizing); you can even get a webcam (or a laptop) with such a cover built in. How convenient! I’ve used tape, which works fine.

But a cover doesn’t cover up the microphone, which could be turned on without your knowledge. Oh, you think that’s impossible? Here are some handy instructions. Or maybe you’ll say you’re not paranoid—it’s not a serious problem? Don’t be so naive, said the FBI seven years ago (they’re worried about predators stalking children), and the Atlantic, and USA Today more recently. The issue isn’t going away. With hacking skills growing more common, the problem has surely grown, if anything, more dire.

Another “clever” solution is to use a software off switch, like this (for Windows). But it simply turns your webcam’s driver on and off. Of course, it’s not too hard for a sufficiently skilled hacker to turn your driver back on and start recording you without your knowledge.

For USB devices, you can use a USB off switch like this, which seems like a good idea; but it doesn’t solve the problem for devices with built-in cameras and microphones like laptops and smart phones.

The humble “off” switch is now high technology. It is a significant selling point for the single device that I could find that comes equipped with one.

Do any computer cameras with “off” switches (not just covers) exist? They seem to be very rare at best, but I was able to find one: the company building a Linux phone, Purism, has a whole page devoted to the joys and wonders of its off switch—which is kind of ridiculous, if you think about it. The humble “off” switch is now high technology. It is a significant selling point for the single device that I could find that comes equipped with one.

(By the way, I have absolutely no relationship to Purism. I write about them because their focus is privacy and I’ve been writing a lot about privacy.)

The kill switch on Purism’s Librem laptop (c) Purism 2019

Your phone has the same problem, you know

Tape over the webcam? Covers to disable the functionality we paid for? Why on earth do we go to these lengths when hardware vendors could simply sell their products with off switches? The more I think about it, the more I find it utterly bizarre. Don’t these companies care?

I’ve just been talking about webcams, but let’s talk about the really horrible spy devices: your smart phone. Oh, your Android phone can’t be hacked? Here are some handy video instructions, viewed over 300,000 times and upvoted 1,100 times. Surely not your iPhone? Don’t be so confident; hackers are very creative, as (for example) the Daily Mail has reported, and besides, Apple is proud of its patent allowing remote control of iPhone cameras.

Besides, it’s been known since at least 2014 that the NSA had developed, as early as 2008, software to remotely access anybody’s phone.

And yet there isn’t a hardware off switch for your phone’s camera and microphone, short of turning the device entirely off (but there’s an app to turn the camera off). A device equipped with a hardware “off” switch for the camera and microphone isn’t yet on the market, as far as I know. Purism is making one.

It’s not just your webcam and your phone that you need to worry about, by the way. Do you have a smart speaker? At least you can mute Amazon Echo’s microphone, and it’s apparently a hardware switch, too, so well done, Jeff Bezos. That’s important, if true, because it prevents software exploits. I found no word on whether Google Home’s and Apple HomePod’s mute buttons are hardware switches; maybe not. How about a surveillance or doorbell camera? How about your smart TV? Those can be hacked too, of course, and some of them are always listening. Wouldn’t it be nice to have the peace of mind that they aren’t listening to you when you’re not using the TV?

In short, what if you want to turn these devices’ cameras and microphones off sometimes, for some perfectly legitimate reason? Can you do so in a trustworthy, hardware-based way? In most cases, for most devices, the answer is No.

Let’s demand that hardware vendors build hardware “off” switches

It’s almost as if the vendors of common, must-have devices want to make it possible to spy on us. An enterprising journalist should ask why they don’t make such switches. They certainly have deliberately made it hard for us to stop being spied upon—even though we’re their customers. Think about that. We’re their bread and butter, and we’re increasingly and rightly concerned about our security. Yet they keep selling us these insecure devices. That’s just weird, isn’t it? What the hell is going on?

But this, you might say, is both paranoid and unfair. Surely the vendors don’t intend to spy on you. Why would they add an off switch when nobody will turn your camera and microphone on without your consent?

But, as I already said, it’s a hard, cold fact that hackers and government and corporate spies can and sometimes do turn our cameras and microphones on without our consent. This isn’t controversial and, for anybody who is slightly plugged-in, shouldn’t be surprising. Security experts have known that, for many years, regardless of the intentions of hardware vendors like Logitech and Apple and large software vendors like Skype and Snapchat, the hardware, firmware, and software that run our devices just are susceptible to hacking. It’s just a fact, and we are right to be concerned. So these companies are responsible for building and selling insecure systems. At a minimum, they could be made significantly more secure with a tiny bit of hardware: the humble “off” switch.

If your webcam, or your phone, or any other device with an Internet-connected camera or microphone (think about how many you own) has ever been hacked, these companies are partly to blame if it was always-on by design. They have a duty to worry about how their products make their users less secure. They haven’t been doing this duty.

It starts with us. We the consumers need to care more about our privacy and security. We’re not powerless here. In fact, we could demand that they give us an off switch.

I think we consumers should demand that webcams, smart phones, smart speakers, and laptop cameras and microphones—and any other devices with cameras and microphones that are connected to the Internet—be built with hardware “off” switches that make it impossible for the camera and microphone to be operated.

Do you agree?






Please do dive in (politely). I want your reactions!

48 responses to “Vendors must start adding physical on/off switches to devices that can spy on us”

  1. Anon

    Cameras: You can solve the issue with the covers mentioned in the article.
    Microphones: This is much more complicated. In case of laptops you can remove it and use an external USB mic when you want to. In case of phones in some cases you can’t remove it without the help of the manufacturer. In these cases I just stick bubble gum into the mic holes. I plug in the headset if I want to make a call. Problem solved? Not at all. The speakers can be turned into microphones as well. Just search for SPEAKE(a)R. Speakers must be removed too, or at least make a hardware OFF switch for them. Then how you hear if your phone rings? You just don’t. You can still put your phone into your fridge (good sound insulator), bonus effect that your battery will drain slower.

    HDD: Another attack is when they spy on your conversations using the HDD’s read/write head. It can detect sound waves by their generated force in the air, it is a very sensitive device. But you can fix that by using only SSDs.

  2. Greg Pfister

    Where’s the “Wuh?” emoticon?

    Apparently neither Larry nor anybody commenting has any clue that the “off” switch will undoubtedly be just another input wire to a chip, with its position sensed by software that can then do anything it wants with it.

    The whole discussion seems to presume that this switch is physically switching main power on and off, as if it were controlling a hair dryer. In many cases, such power surges would probably damage the device.

    1. So you’re not impressed by Purism’s HKS, which already exists?

  3. Greg Pfister

    Purism makes a big deal of it, even showing you how it is wired in. That’s good, particularly for those who don’t want to use pieces of black tape; the latter is fine with me.

    But if having an on/off switch is mandated, it will surely end up with an implementation in most cases like the on/off switch of my laptop: There’s a Windows setting pane where you get to choose what it does. The code behind that can, of course, be subverted.

    1. I see you’re changing your criticism, so you must realize that you were wrong with your previous one.

      But what you are talking about is still a software switch. We realize the limitations of a software switch, which is why we propose a hardware switch.

      While at least one of the commenters above proposes a government mandate, I do not.

      Maybe you understand my proposal better now?

  4. Fábio Negrão Balby

    One off switch for the GPS too. Another one for the SIM card, so cell towers cannot be used to triangulate your position and no installed malware can activate any form of Internet packet data ( 2G/3G/4G or whatever ) for location services to use without your consent. Maybe another one for WiFi, installed malware can activate it without your knowledge too. Just mone more for Bluetooth, to be on the safe side.
    And my new cell phone looks kinda retro, like a 50’s mainframe …
    The price of freedom is eternal vigilance…

  5. These methods for spying on people using their webcams and microphones requires the attacker to be able to compromise the victim’s computer in the first place by installing some sort of malicious code. When it comes to closed systems like Windows and MacOS, I assume that they have already been compromised without our knowledge, and so that is another reason for running an open source Linux operating system where such malicious code would be seen by many and brought to light. My phone is another matter, but I believe I can mitigate the risk somewhat by sticking to apps installed by F-Droid, though I would like to migrate to an entirely open source phone as well.

  6. Take the battery out or even yet be like me and don’t carry a cell phone except when you are “forced” to…

  7. Psybin

    These devices don’t have on/off switches likely primarily cuz the manufacturers have been told by the NSA etc. not to have them. Any other reasons/excuses are just a bonus for them.

    1. Would be interesting to have evidence of this. I doubt it, actually.

      1. I believe it has more to do with the ability to “Sell” access and/or data to a 3rd party down the road than any decree from a government agency. The company starts needing some money, the Russians make an offer, and a firmware update is rolled out. It’s not as lucrative to sell such a thing if the end users can simply turn the camera or microphone off.

  8. C M Landstreet Jr

    A hardware switch needs to be available for the GPS as well.

  9. Peter R Fletcher

    Out of interest, why? Normal GPS systems are ‘read-only’ – the client device uses information from the GPS transmission, but it cannot and does not _transmit_ anything back. GPS-derived location information, once downloaded and stored, can (in theory and in practice) be ‘stolen’ and misused in various ways, but that isn’t the GPS device’s fault! If the rest of your security is tight, your GPS can be on 24/7 without in any way compromising it; if the rest of your security isn’t tight, you have bigger problems!

  10. BlindAsABat

    I use tape on my camera and plug in a male to female splitter on my computer, simple and reversible for my own use.

Leave a Reply

Your email address will not be published. Required fields are marked *