Macbook webcams can be remotely activated without any sign

In a paper called iSeeYou: Disabling the MacBook Webcam Indicator LED, security researchers Matthew Brocker and Stephen Checkoway explained a method for remotely operating the Isight webcam in Apple's Macbook laptops. Recent stories indicated that the FBI had this capability, but it's the first indication of how the trick is attained (the researchers reprogrammed the embedded controller in the webcam). They supplied the Washington Post with details and proof-of-concept software. The technique was applied to older model Macbooks, but there's no reason to suspect this wouldn't work against recent machines and machines made by other manufacturers.

MacBooks are designed to prevent software running on the MacBook’s central processing unit (CPU) from activating its iSight camera without turning on the light. But researchers figured out how to reprogram the chip inside the camera, known as a micro-controller, to defeat this security feature. In a paper called “iSeeYou: Disabling the MacBook Webcam Indicator LED,” Brocker and Checkoway describe how to reprogram the iSight camera’s micro-controller to allow the camera and light to be activated independently. That allows the camera to be turned on while the light stays off. Their research is under consideration for an upcoming academic security conference. ,p> The researchers also provided us with a copy of their proof-of-concept software. In the video below, we demonstrate how the camera can be activated without triggering the telltale warning light.

Research shows how MacBook Webcams can spy on their users without warning [Ashkan Soltani and Timothy B. Lee]

Notable Replies

  1. Umm, Apple, embedded microcontrollers on the USB bus that can be reflashed from userspace? Srlsly?

  2. Apply small post-it square to webcam lens, solved smile

    Edit: For those with audio concerns, blasting death metal at maximum volume at all times is the best precaution.

  3. joe_b says:

    Years ago, the OLPC (one laptop per child) people solved this problem, by designing the webcam LED so that activating the camera turns on the light. There's no way to activate the camera without turning on the light, because the two are electrically wired together. Every designer that cares about the user's privacy should do the same. This isn't rocket science.

  4. this was the solution I came up with, too. what I can't figure out is physically blocking/covering the mic. a lot of audio equipment will disable the internal mic when you jack in an external mic, but not my MacBook. I set the level to zero from the system preferences, but seems anyone with the wherewithal to listen in on me could up the level, also.

  5. I think this is what the Apple hardware people thought they were doing. The "Standby" pin of the iSight CCD sensor is hardwired to the LED, so to turn off the Standby signal you must necessarily light the LED. -- reading the article, it turns out that the CCD on the iSight can be programmed to ignore the hardware standby signal from that pin, and instead take it's cue from an internal register. e.g. the CCD sensor is too versatile and can be programmed to ignore what you might expect was a very low-level "on/off" command.

    The problem is that the iSight is on a USB bus that the user can read/write to. It should not be possible to re-flash the iSight firmware using unprivileged user-level commands.

Continue the discussion

25 more replies