Feeds

Macbook webcams CAN spy on you - and you simply CAN'T TELL

iSight blindsided by cunning Johns Hopkins securo-bods

The essential guide to IT transformation

Security researchers have confirmed that MacBook webcams can spy on their users without the warning light being activated.

Apple computers have a “hardware interlock” between the camera and the light that is supposed to ensure the camera can't be activated without alerting the user by lighting a tell-tale LED above the screen.

However Stephen Checkoway, a computer science professor at Johns Hopkins University and graduate student Matthew Brocker were able to circumvent this security feature by reprogramming the micro-controller chip inside the camera.

Normally, any program running on a MacBook’s central processing unit that takes images through Apple's iSight camera would turn on the tell-tale light. Brocker and Checkoway's reprogramming tactic allows the camera and it light to be activated independently, so that the camera can be running while the light is switched off.

The researchers have released proof-of-concept software to demonstrate the trick, including a paper , entitled iSeeYou: Disabling the MacBook Webcam Indicator LED. The study provides the first public confirmation that a sophisticated hacker tactic long suspected to be part of the playbook of intelligence agencies, feds and others is not only possible but relatively straightforward.

The same technique that allows us to disable the LED, namely reprogramming the firmware that runs on the iSight, enables a virtual machine escape whereby malware running inside a virtual machine reprograms the camera to act as a USB Human Interface Device (HID) keyboard which executes code in the host operating system. We build two proofs-of-concept: (1) an OS X application, iSeeYou, which demonstrates capturing video with the LED disabled; and (2) a virtual machine escape that launches Terminal.app and runs shell commands. To defend against these and related threats, we build an OS X kernel extension, iSightDefender, which prohibits the modification of the iSight’s firmware from user space.

The research focused on MacBook and iMac computers released before 2008 (iMac G5 and early Intel-based iMacs, MacBooks, and MacBook Pros) but other security researchers reckon the same tactics would work on more recent models from multiple vendors, not just Apple. This means that any laptop with a built-in camera could be used by a skilled hacker to spy on its users without giving the game away. It's unclear whether or not Apple or other manufacturers are developing any mitigation plans.

Attacks on micro-controllers, particularly on Mac machines, are becoming an increasingly fruitful area of security research. For example, security researcher Charlie Miller demonstrated a hack on systems that control Apple batteries, causing the battery to discharge rapidly and potentially leading to explosive consequences. Other attacks target Apple's keyboard controllers.

The spying on people without turning on warning lights issue is far from an academic concern. A tell-tale flickering light was central feature of a notorious case involving school-supplied laptops in Pennsylvania back in 2008.

Administrators at Lower Merion High School near Philadelphia reportedly captured 56,000 images of students by using a trojan installed on school-issued laptops. "Students reported seeing a ‘creepy’ green flicker that indicated that the camera was in use. That helped to alert students to the issue, eventually leading to a lawsuit," the Washington Post reported.

More sophisticated hackers have developed the apparent ability to suppress any warning light. This may be a feature of commercial spyware packages, such as FinSpy from FinFisher, which marketing documents covertly leaked through WikiLeaks claim can be “covertly deployed on target systems” to allow “live surveillance through webcam and microphone.”

A surveillance program called Ghostnet, reckoned to be a Chinese spying operation against prominent Tibetans including the Dalai Lama, involved “web cameras [which are] silently triggered, and audio inputs surreptitiously activated,” according to a 2009 report into the snooping by the University of Toronto.

Marcus Thomas, a former assistant director of the FBI’s Operational Technology Division, recently told the Washington Post that the FBI has long been able to covertly activate a computer’s camera, without triggering any "recording in progress" warning light.

Privacy conscious users have one ready means to protect themselves from spying. “The safest thing to do is to put a piece of tape on your camera,” Miller told the Washington Post. ®

Camnote

A video demonstrating how the iSight camera can be turned on without activating the small-green LED light on older Macs can be found here.

Next gen security for virtualised datacentres

More from The Register

next story
Ice cream headache as black hat hacks sack Dairy Queen
I scream, you scream, we all scream 'DATA BREACH'!
Goog says patch⁵⁰ your Chrome
64-bit browser loads cat vids FIFTEEN PERCENT faster!
NIST to sysadmins: clean up your SSH mess
Too many keys, too badly managed
Scratched PC-dispatch patch patched, hatched in batch rematch
Windows security update fixed after triggering blue screens (and screams) of death
Researchers camouflage haxxor traps with fake application traffic
Honeypots sweetened to resemble actual workloads, complete with 'secure' logins
Attack flogged through shiny-clicky social media buttons
66,000 users popped by malicious Flash fudging add-on
New Snowden leak: How NSA shared 850-billion-plus metadata records
'Federated search' spaffed info all over Five Eyes chums
Three quarters of South Korea popped in online gaming raids
Records used to plunder game items, sold off to low lifes
Oz fed police in PDF redaction SNAFU
Give us your metadata, we'll publish your data
prev story

Whitepapers

5 things you didn’t know about cloud backup
IT departments are embracing cloud backup, but there’s a lot you need to know before choosing a service provider. Learn all the critical things you need to know.
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Backing up Big Data
Solving backup challenges and “protect everything from everywhere,” as we move into the era of big data management and the adoption of BYOD.
Consolidation: The Foundation for IT Business Transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?