Webcam Security: Even If the Light Is Off, Someone Could Be Listening

The indicator light on many webcams tells you when the camera is active, but not the mic. That can be a problem.

Illustration of a webcam sitting on top of a computer monitor Illustration: iStock

As Americans have turned to Zoom for videoconferencing in the past year, webcams have surged in popularity, quietly replacing the less flattering cameras installed in many modern laptops. But with that step up in picture quality, consumers may be exposing themselves to a privacy and security issue recently uncovered by Consumer Reports testers.

Those small cameras you attach to the top of your computer have built-in microphones that can potentially allow others to eavesdrop on private conversations in your home without you realizing it.

Many webcam models have a status indicator light that signals when the device is in use. But it often alerts you only when the camera is turned on—not, as you might expect, when just the microphone is active.

More on Digital Security & Privacy

“You can tell when somebody is looking, but you can’t tell when somebody is listening,” says Steve Blair, the senior test project leader who discovered the problem for CR’s Digital Lab. Someone with ill intent might be able to take advantage of the flaw using malware to secretly turn on the webcam’s microphone without the owner knowing, he says.

The only way to fully protect your privacy is to physically unplug the device when you’re not using it. Simply closing out of the videoconferencing app will not safeguard you from malware inadvertently downloaded via, say, an email scam.

What We Learned

Six of the seven models we tested this spring had this indicator light problem, potentially giving consumers the false impression that the webcam was off when the camera was shut down, even if the microphone was still functioning.

The list includes the Aukey 1080p; Lenovo Essential FHD; Logitech C270 HD, Brio, and C920; and Razer Kiyo. Only the Microsoft LifeCam Studio performed as a user might expect, activating the indicator light when either the camera or the microphone was in use. (That webcam didn’t perform well in our test of video image quality.)

The flaw raises concerns that your privacy could be violated by stalkers, online bullies, identity thieves, or corporate spies.

“You may be saying things you don’t want anybody to know about,” says Glen Rockford, who oversees privacy and security product testing for CR. “You may be discussing a health problem with a doctor or proprietary information with a work colleague, and if someone is recording the conversation without you knowing, that’s a security problem.”

Beyond the potential danger from hackers, the problem could lead to embarrassing moments. People often forget to leave a teleconferencing call until they notice the light on their webcam. If you’re just using your webcam for audio and the indicator light is off, you’d never have that signal that the call is still live.

Want to know whether your webcam has this characteristic? It’s not hard to check. Start a video call using Google Meet or Zoom, turn off the camera using the in-app controls, but leave the microphone on, and see if the light on the webcam stays illuminated or shuts off.

When Consumer Reports asked Aukey, Lenovo, Logitech, and Razer to comment on our findings, they all told us that the status indicator light on their models behaves as intended.

“As you noted, the light only goes off when the video is turned off,” a Lenovo spokesperson told us in a statement typical of what we heard from the other manufacturers. “The turning on and off of the microphone function does not affect the LED indicators. This is behaving as designed and in the same manner as many of the webcams that are on the market from other suppliers.”

At the moment, there are no reports of this problem being actively exploited, but the risk could be rising as more people buy external webcams—consumers and businesses spent an estimated $350 million on the devices in 2020, according to the NPD research firm, which is roughly four times more than in any of the previous three years.

“Regardless of the intention of that light, if consumers find it misleading, then that itself is an issue,” says Ryan Pickren, a security researcher who last year found a flaw in Apple’s Safari web browser that allowed him to gain unauthorized access to the built-in cameras on iPhones.

Headshot image of Electronics editor Nicholas Deleon

Nicholas De Leon

I've been covering consumer electronics for more than 10 years for publications like TechCrunch, The Daily (R.I.P.), and Motherboard. When I'm not researching or writing about laptops or headphones I can likely be found obsessively consuming news about FC Barcelona, replaying old Super Nintendo games for the hundredth time, or chasing my pet corgi Winston to put his harness on so we can go for a walk. Follow me on Twitter (@nicholasadeleon).