The surveillance age has inspired users to cover up the front-facing cameras on laptops and other electronic devices. PC makers have adapted to the change and many devices including the mid-range hardware are shipped with webcam shutters to increase privacy.
The new Surface products including Surface Go 2 and Surface Laptop 3 don’t have a webcam shutter. According to Microsoft’s Stevie Bathiche, it’s because Surface products are equipped with dedicated light and it is activated whenever the camera is being used, so it allows you to find out the camera status.
Microsoft says that the LED light is not software-controlled, which means it cannot be hacked. The camera itself controls the light and both are physically disconnected from the system. In other words, when the light is on, the camera is sending data to the apps.
If a hacker gets access to the webcam, they are blocked from disabling light, which will still automatically turn on when the camera module is sending data.
As the software (Windows 10) does not control the LED light, it’s impossible for bad actors to hack the system and disable camera LED.
In other words, don’t expect Microsoft to add a camera cover to Surface devices anytime soon because it’s not required, at least for now.
In addition to webcam shutter, Intel’s Thunderbolt ultra-high-speed I/O – a powerful standard that enables advanced accessories – is also not available on Surface Book 3, Surface Laptop 3 or any other Surface product.
A Microsoft employee said that Surface products don’t come with Thunderbolt because of security concerns. According to the company, the Thunderbolt port could allow bad actors to gain direct memory access.
New research has revealed that any PC with Thunderbolt made before 2019 is vulnerable to the “Thunderspy” security problem, which can be exploited to bypass the login screen of the system only when the device is in sleep mode.
However, Intel says physical access is required to exploit the vulnerability and this can be avoided if consumers use trusted peripherals.
In a statement, Intel confirmed new potential physical attack vectors, which can be exploited only with physical access to computers. Intel recommends consumers and businesses to use trusted peripherals and prevent unauthorized physical access.