Researchers show MacBook webcams can be hijacked without turning on indicator light

By End the Lie

(Image credit: tripu/Flickr)

(Image credit: tripu/Flickr)

Researchers have demonstrated the ability to remotely hack into a MacBook webcam without triggering the indicator light, a capability which the FBI has reportedly had for several years.

In August, it was revealed that the National Security Agency (NSA) calls on its employees to physically remove the built-in webcam from Apple laptops for security reasons.

The findings of the researchers, first reported on by The Washington Post, are especially interesting because Apple laptops have the indicator LED hardwired to the camera.

This hardwiring is designed to activate the light whenever the camera is activated, a feature that should prevent the remote activation of the webcam without the user’s knowledge.

The researchers looked at 2008 MacBooks and MacBook Pros, so it is unclear if the results also apply to today’s Apple laptops.

The researchers from Johns Hopkins University told the Post that “similar techniques could work on more recent computers from a wide variety of vendors.”

“In other words, if a laptop has a built-in camera, it’s possible someone — whether the federal government or a malicious 19 year old — could access it to spy on the user at any time,” the Post reports.

Stephen Checkoway, a computer scientist at Johns Hopkins who co-authored the study, found a way to remotely reprogram the iSight camera’s micro-controller chip that is supposed to establish a hardware-level interlock between the camera and the indicator light, according to The Verge.

The researchers provided the Post with a copy of their proof-of-concept software, demonstrating how the camera can be remotely activated without turning on the indicator light.

“People are starting to think about what happens when you can reprogram each of those,” said Charlie Miller, a security expert working for Twitter, referring to micro-controllers like the one attached to the iSight camera.

Miller cited an attack that could rapidly discharge Apple batteries via the micro-controller, which could potentially lead to a fire or even an explosion.

Using a similar method, another researcher demonstrated how the built-in Apple keyboard could be turned into spyware.

While the paper only cites the earlier generation of Apple products, Miller contends that similar attacks could apply to new Apple systems.

“There’s no reason you can’t do it — it’s just a lot of work and resources but it depends on how well [Apple] secured the hardware,” Miller said to the Post.

Apple did not reply to the Post’s requests for comment, but what is more troubling is the response the researchers received from company representatives.

“Apple employees followed up several times but did not inform us of any possible mitigation plans,” the researchers wrote in the study.

While Apple supposedly has the indicator light hardwired to the camera, many others do not offer such a feature.

“Logitech cameras, for example, have a software-controlled LED,” Ars Technica reports. However, this is designed to work with a software feature that allows them to be used as motion-activated security cameras.

“Whether this design makes sense for most users, given the apparent abundance of surreptitious webcam-based spying, is less clear,” notes Peter Bright for Ars Technica.

On a positive note, secure designs for the indicator light are indeed possible but software-mediated hardware interlocks for indicator lights remain vulnerable.

Ars sums it up quite rightly in saying, “When it comes to protecting against webcam spying, you should ignore the technology and simply tape over the camera.”

I’d love to hear your opinion, take a look at your story tips and even your original writing if you would like to get it published. I am also available for interviews on radio, television or any other format. Please email me at [email protected]

Please support alternative news and help us start paying contributors by donating, doing your shopping through our Amazon link or check out some must-have products at our store.

Top Search Terms Used to Find This Page:

One Response to Researchers show MacBook webcams can be hijacked without turning on indicator light

  1. Emma Evans December 21, 2013 at 5:46 AM

    I personally disconnect any web camera I have on the computer if it is not embedded and after reading this article I might decide to cover those in my Mac laptop. I could not believe those systems could be controlled remotely by expert and crackers.

    Thank for this information.

    Reply

Leave a Reply

Your email address will not be published.

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

Advertise on End the Lie


Would you like to have your business or service exposed to thousands of people every day here at End the Lie? We have a wide variety of options available all at unbeatable prices. At the same time you will be supporting a truth-oriented alternative news outlet as well as hardworking independent journalists across the United States and the world.

If you would like to know more please email us and please be sure to include the details of what you are advertising, what your budget is and what type of advertising format you are looking for, including size(s), length of advertising period and any other pertinent details. The more information you give us, the more accurate the quote will be. We might also be able to work out some unique advertising tailored to your needs so feel free to contact us with questions and ideas.

Note: our advertisers have absolutely no input in what we cover or how we cover it. If this is problematic, you might want to seek out another news outlet. Here at End the Lie we put the truth first and thus no sponsor will be able to control our content. We reserve the right to refuse service to anyone and we will not advertise pornography or anything which might otherwise be illegal.