MacBook webcam indicator light can be disabled to aid spying
Posted on 19 December 2013.
Bookmark and Share
Two researchers from Johns Hopkins University have proved, without a doubt, that it is possible to activate internal iSight webcams included in some legacy Apple machines without triggering the LED light that indicates its use.

It is not that that such a modification was considered impossible - in fact, it is widely known that the FBI was capable to do it for years now, and that commercial surveillance products and some malware out there is capable of doing it - but this is the first time that the capability has been publicly documented and demonstrated.

In their paper titled "iıSeeYou: Disabling the MacBook Webcam Indicator LED," the researchers described how they were able to create a piece of software that made the LED ignore the input received when the camera be turned on, and to exchange the regular camera webcam software with it by using a Remote Access Tool / Trojan (RAT). They didn't even have to have administrator-level privileges to do it.

Their attack worked on "previous generation Apple products including the iMac G5 and early Intel-based iMacs, MacBooks, and MacBook Pros until roughly 2008", but other researchers said that it could be modified to work on newer versions as well.

The researchers say Apple has been notified of their research, but has yet to offer a mitigation or solution for the issue.

"To defend against these and related threats, we built an OS X kernel extension, iSightDefender, which prohibits the modification of the iSight’s firmware from user space," the researchers noted.

Of course, there is also an easier option for protecting yourself: tape over your computer camera.









Spotlight

Identifying security innovation strategies

Posted on 14 April 2014.  |  Tom Quillin is the Director of Cyber Security Technology and Initiatives at Intel Corporation. In this interview he talks about security innovation, current and future threats.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Tue, Apr 15th
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //