Feeds

Macbook webcams CAN spy on you - and you simply CAN'T TELL

iSight blindsided by cunning Johns Hopkins securo-bods

The Power of One eBook: Top reasons to choose HP BladeSystem

Security researchers have confirmed that MacBook webcams can spy on their users without the warning light being activated.

Apple computers have a “hardware interlock” between the camera and the light that is supposed to ensure the camera can't be activated without alerting the user by lighting a tell-tale LED above the screen.

However Stephen Checkoway, a computer science professor at Johns Hopkins University and graduate student Matthew Brocker were able to circumvent this security feature by reprogramming the micro-controller chip inside the camera.

Normally, any program running on a MacBook’s central processing unit that takes images through Apple's iSight camera would turn on the tell-tale light. Brocker and Checkoway's reprogramming tactic allows the camera and it light to be activated independently, so that the camera can be running while the light is switched off.

The researchers have released proof-of-concept software to demonstrate the trick, including a paper , entitled iSeeYou: Disabling the MacBook Webcam Indicator LED. The study provides the first public confirmation that a sophisticated hacker tactic long suspected to be part of the playbook of intelligence agencies, feds and others is not only possible but relatively straightforward.

The same technique that allows us to disable the LED, namely reprogramming the firmware that runs on the iSight, enables a virtual machine escape whereby malware running inside a virtual machine reprograms the camera to act as a USB Human Interface Device (HID) keyboard which executes code in the host operating system. We build two proofs-of-concept: (1) an OS X application, iSeeYou, which demonstrates capturing video with the LED disabled; and (2) a virtual machine escape that launches Terminal.app and runs shell commands. To defend against these and related threats, we build an OS X kernel extension, iSightDefender, which prohibits the modification of the iSight’s firmware from user space.

The research focused on MacBook and iMac computers released before 2008 (iMac G5 and early Intel-based iMacs, MacBooks, and MacBook Pros) but other security researchers reckon the same tactics would work on more recent models from multiple vendors, not just Apple. This means that any laptop with a built-in camera could be used by a skilled hacker to spy on its users without giving the game away. It's unclear whether or not Apple or other manufacturers are developing any mitigation plans.

Attacks on micro-controllers, particularly on Mac machines, are becoming an increasingly fruitful area of security research. For example, security researcher Charlie Miller demonstrated a hack on systems that control Apple batteries, causing the battery to discharge rapidly and potentially leading to explosive consequences. Other attacks target Apple's keyboard controllers.

The spying on people without turning on warning lights issue is far from an academic concern. A tell-tale flickering light was central feature of a notorious case involving school-supplied laptops in Pennsylvania back in 2008.

Administrators at Lower Merion High School near Philadelphia reportedly captured 56,000 images of students by using a trojan installed on school-issued laptops. "Students reported seeing a ‘creepy’ green flicker that indicated that the camera was in use. That helped to alert students to the issue, eventually leading to a lawsuit," the Washington Post reported.

More sophisticated hackers have developed the apparent ability to suppress any warning light. This may be a feature of commercial spyware packages, such as FinSpy from FinFisher, which marketing documents covertly leaked through WikiLeaks claim can be “covertly deployed on target systems” to allow “live surveillance through webcam and microphone.”

A surveillance program called Ghostnet, reckoned to be a Chinese spying operation against prominent Tibetans including the Dalai Lama, involved “web cameras [which are] silently triggered, and audio inputs surreptitiously activated,” according to a 2009 report into the snooping by the University of Toronto.

Marcus Thomas, a former assistant director of the FBI’s Operational Technology Division, recently told the Washington Post that the FBI has long been able to covertly activate a computer’s camera, without triggering any "recording in progress" warning light.

Privacy conscious users have one ready means to protect themselves from spying. “The safest thing to do is to put a piece of tape on your camera,” Miller told the Washington Post. ®

Camnote

A video demonstrating how the iSight camera can be turned on without activating the small-green LED light on older Macs can be found here.

Designing a Defense for Mobile Applications

More from The Register

next story
Mozilla fixes CRITICAL security holes in Firefox, urges v31 upgrade
Misc memory hazards 'could be exploited' - and guess what, one's a Javascript vuln
How long is too long to wait for a security fix?
Synology finally patches OpenSSL bugs in Trevor's NAS
Don't look, Snowden: Security biz chases Tails with zero-day flaws alert
Exodus vows not to sell secrets of whistleblower's favorite OS
Roll out the welcome mat to hackers and crackers
Security chap pens guide to bug bounty programs that won't fail like Yahoo!'s
HIDDEN packet sniffer spy tech in MILLIONS of iPhones, iPads – expert
Don't panic though – Apple's backdoor is not wide open to all, guru tells us
Researcher sat on critical IE bugs for THREE YEARS
VUPEN waited for Pwn2Own cash while IE's sandbox leaked
Four fake Google haxbots hit YOUR WEBSITE every day
Goog the perfect ruse to slip into SEO orfice
prev story

Whitepapers

Designing a Defense for Mobile Applications
Learn about the various considerations for defending mobile applications - from the application architecture itself to the myriad testing technologies.
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Top 8 considerations to enable and simplify mobility
In this whitepaper learn how to successfully add mobile capabilities simply and cost effectively.
Seven Steps to Software Security
Seven practical steps you can begin to take today to secure your applications and prevent the damages a successful cyber-attack can cause.
Boost IT visibility and business value
How building a great service catalog relieves pressure points and demonstrates the value of IT service management.