MacBook webcams can be used to spy on you, Johns Hopkins research confirms

Even if green light isn't on, your webcam might still be watching you

Hub staff report / December 23, 2013 9:40:00 am Posted in Science+Technology Tagged computer science, cybersecurity

You know how that little green light next to your webcam comes on when you're being recorded?

Well, here's something to think about: It doesn't always come on when you're being recorded. Which means—that's right—your MacBook can spy on you with or without your permission, according to new research from Johns Hopkins University.

The research was published in a paper called "iSee You: Disabling the MacBook Indicator LED," and was co-authored by computer science Professor Stephen Checkoway and graduate student Matthew Brocker.

As their abstract states, Checkoway and Brocker set out to demonstrate "how to disable the LED on a class of Apple internal iSight webcams used in some versions of MacBook laptops and iMac desktops. This enables video to be captured without any visual indication." They've also provided two proofs-of-concept: "an OS X application, iSeeYou, which demonstrates capturing video with the LED disabled" and "an OS X kernel extension, iSightDefender, which prohibits the modification of the iSight's firmware from user space."

So how did they do it? Here's a brief explanation from Alex Heath writing for Cult of Mac:

To commandeer iSight, the two researchers were able to reprogram the camera's micro-controller, a dedicated chip that basically acts as the hardware's own CPU [central processing unit]. From there, the camera was told to turn on separately from the light.

The software used to remotely control iSight was Remote Administration Tool (RAT), which is used by IT departments and educational institutions to administer large numbers of computers. The Wikipedia page for RAT details all of the ways it can also be used nefariously through malware.

In case you're skeptical, The Washington Post obtained a copy of the proof-of-concept software from the researchers, and then made their own video demonstrating "how the [MacBook] camera can be activated without triggering the telltale warning light."

Immediately upon discovering the MacBook's vulnerability, the Hopkins research team reached out to Apple to inform them of the breach, since, as they state in their report, their goal has always been to enhance cybersecurity. According to Checkoway and Brocker, Apple is well aware of the problem. As the two write in their paper, "Apple employees followed up several times but did not inform us of any possible mitigation plans."

Checkoway and Brocker's research focused on MacBook and iMac models released before 2008, but similar techniques could work on more recent models from a variety of manufacturers, they say. In other words, if a laptop has a built-in camera, it's possible someone—whether it's the federal government or a malicious 19-year-old—could access it to spy on the user at any time.

Not that these spying capabilities are anything new. As Marcus Thomas, assistant director of the FBI's Operational Technology Division, recently confirmed in a different story in the Post, "The FBI has been able to covertly activate a computer's camera … for several years."

China's government, too, has engaged in similar activities:

A 2009 report from the University of Toronto described a surveillance program called Ghostnet that the Chinese government allegedly used to spy on prominent Tibetans, including the Dalai Lama. The authors reported that "web cameras are being silently triggered, and audio inputs surreptitiously activated," though it's not clear whether the Ghostnet software is capable of disabling camera warning lights.

Of course, notes the Post, non-government agencies and individuals have taken over webcams, as well. In October, for example, a 19-year-old man was found guilty of hacking into the webcams of several young women— including Miss Teen USA—to capture nude pictures and use them for extortion.

A quick Google search will confirm that these kinds of webcam breaches are becoming more and more common.

So how can you be sure someone hasn't hacked your webcam and is watching you read these words right now?

Simple, writes the Post: Put a piece of tape over your camera.

Read more from The Washington Post

Editor’s note: We welcome your comments; all we ask is that you keep it civil and on-topic, and don't break any laws. We reserve the right to remove any inappropriate comments.

comments powered by Disqus