Researchers find way to activate iSight cameras without alerting users

in Current Mac Hardware edited January 2014
Security researchers at Johns Hopkins University have demonstrated a unique new attack that can force the iSight cameras in legacy MacBook and iMac models to capture images without turning on the camera's accompanying LED.

iSight parts
The individual parts of the iSight camera that was the subject of the attack

Researchers Matthew Brocker and Stephen Checkoway outline the attack, which targets the firmware inside the iSight camera's controller chip, in a paper entitled "iSeeYou: Disabling the MacBook Webcam Indicator LED." The paper was first reported by the Washington Post.

Apple designed the iSight camera system with a "hardware interlock" between the camera sensor and the indicator LED that was intended to make it electrically impossible for one to be activated without the other. According to the paper, the LED is connected directly to the standby pin on the camera sensor --?when the camera comes out of standby mode, the LED automatically turns on.

Brocker and Checkoway were able to bypass the hardware interlock by reprogramming the firmware on the camera's microcontroller to ignore standby signals sent by the USB interface that the camera uses to communicate with the rest of the computer. In this way, the LED remains off --?because it is still obeying the USB standby signal -- even though the camera sensor is active.

The attack is particularly worrisome because?it does not require administrator-level privileges or physical access to the laptop, though at this time it only affects MacBooks and iMacs manufactured prior to 2008 with built-in iSight cameras, and the researchers indicated that there are at least two methods of mitigating the vulnerability that can be rolled out to existing hardware.

Apple's Gatekeeper application sandbox, introduced with OS X Mountain Lion, could be updated to deny untrusted applications access to the camera and its USB controller. Another strategy, which Brocker and Checkoway have developed a proof-of-concept for, would extend OS X's kernel to disallow specific instructions from being sent to the camera in the first place.

The researchers disclosed the hack to Apple's security team earlier this summer, according to the paper. "Apple employees followed up several times but did not inform us of any possible mitigation plans," the duo wrote.


  • Reply 1 of 58
    jungmarkjungmark Posts: 6,926member
    iSight-gate! Doooooomed!
  • Reply 2 of 58
    Where there is firmware there is a way. They should have done it in hardware. The whole point is it being absolute. I'm sure they will adapt and no they are not doomed.
  • Reply 3 of 58
    It's just to soften us up to accept always-on camera. That day is coming.
  • Reply 4 of 58
    dimmokdimmok Posts: 359member

    Brings whole new meaning to reverse peep-hole.

  • Reply 5 of 58

    Two Words: Gorilla Tape

  • Reply 6 of 58
    Can 2008 computers run an OS that has GateKeeper? I can't remember which ones it came in.
  • Reply 7 of 58
    Are those macs still supported? I know my iMac from that era can't run Mountain Lion any more.
  • Reply 8 of 58
    sockrolidsockrolid Posts: 2,789member
    Good luck seeing me through that black electricians' tape.
  • Reply 9 of 58
    sockrolidsockrolid Posts: 2,789member

    Originally Posted by Suddenly Newton View Post

    It's just to soften us up to accept always-on camera. That day is coming.


    Apple might like an always-on camera.  Especially on the future Apple TV.


    Google would kill for always-on cameras everywhere.  That's one reason why they want to build robots.

    So there would be more cameras amongst the population than just those worn by the few, annoying #glassh*les.

  • Reply 10 of 58
  • Reply 11 of 58

    After years of research they've figured out how to break the security on iSight. After two second, I've fixed the problem. A post-it note. Next.

  • Reply 12 of 58
    gtrgtr Posts: 3,231member
    This is great news!

    Now my MBA can keep an eye on my xBox One and PS4 and make sure the bastards aren't reporting everything they see back to the NSA!
  • Reply 13 of 58
    clemynxclemynx Posts: 1,552member
    Can 2008 computers run an OS that has GateKeeper? I can't remember which ones it came in.
    Macs since 2007 can run Mavericks.
  • Reply 14 of 58

    Many ways to block peepers via the built-in camera, among them are post-it notes and chewing gum.  :P

  • Reply 15 of 58
    nagrommenagromme Posts: 2,834member
    Inexcusable bad engineering by Apple: "hardware interlock" should be so simple it's immune from software. Which it could easily be.

    And Apple misled buyers into thinking it WAS that simple. I'm 99% certain that kind of clear statement was made prior to 2008. The misleading statement could be an honest (but VERY serious) mistake. The bad engineering is just unacceptable, and goes beyond a "mistake"--it could only come from conscious decision-making in the design. Happily remedied in the last 5 years' models, apparently? But I still use one pre-2008 Mac. Lots of people do.

    (Aside: I wouldn't mind an on-air light or LCD indicator on all mobile cameras too--fully and simply hard-wired. Google Glass included.)
  • Reply 16 of 58

    I doubt Apple is that concerned with addressing security issues with computers over five years old.  It is probably not worth their time or money to fix given this does not seem to affect products in recent years.

  • Reply 17 of 58
    nagromme wrote: »
    Inexcusable bad engineering by Apple: "hardware interlock" should be so simple it's immune from software. Which it could easily be.

    Name a PC webcam from 2008 with a light that is immune from hacking.
  • Reply 18 of 58
    algralgr Posts: 27member
    Forget the electronics, it's time for hardware lens caps built into the cameras.
  • Reply 19 of 58


  • Reply 20 of 58
    llamallama Posts: 103member

    Originally Posted by ClemyNX View Post

    Macs since 2007 can run Mavericks.

    Well, kinda:


    To install Mavericks, you need one of these Macs:

    • iMac (Mid-2007 or later)

    • MacBook (13-inch Aluminum, Late 2008), (13-inch, Early 2009 or later)

    • MacBook Pro (13-inch, Mid-2009 or later),

    • MacBook Pro (15-inch or 17-inch, Mid/Late 2007 or later)

    • MacBook Air (Late 2008 or later)

    • Mac mini (Early 2009 or later)

    • Mac Pro (Early 2008 or later)

    • Xserve (Early 2009)

Sign In or Register to comment.