Researchers find way to activate iSight cameras without alerting users
Security researchers at Johns Hopkins University have demonstrated a unique new attack that can force the iSight cameras in legacy MacBook and iMac models to capture images without turning on the camera's accompanying LED.
The individual parts of the iSight camera that was the subject of the attack
Researchers Matthew Brocker and Stephen Checkoway outline the attack, which targets the firmware inside the iSight camera's controller chip, in a paper entitled "iSeeYou: Disabling the MacBook Webcam Indicator LED." The paper was first reported by the Washington Post.
Apple designed the iSight camera system with a "hardware interlock" between the camera sensor and the indicator LED that was intended to make it electrically impossible for one to be activated without the other. According to the paper, the LED is connected directly to the standby pin on the camera sensor --?when the camera comes out of standby mode, the LED automatically turns on.
Brocker and Checkoway were able to bypass the hardware interlock by reprogramming the firmware on the camera's microcontroller to ignore standby signals sent by the USB interface that the camera uses to communicate with the rest of the computer. In this way, the LED remains off --?because it is still obeying the USB standby signal -- even though the camera sensor is active.
The attack is particularly worrisome because?it does not require administrator-level privileges or physical access to the laptop, though at this time it only affects MacBooks and iMacs manufactured prior to 2008 with built-in iSight cameras, and the researchers indicated that there are at least two methods of mitigating the vulnerability that can be rolled out to existing hardware.
Apple's Gatekeeper application sandbox, introduced with OS X Mountain Lion, could be updated to deny untrusted applications access to the camera and its USB controller. Another strategy, which Brocker and Checkoway have developed a proof-of-concept for, would extend OS X's kernel to disallow specific instructions from being sent to the camera in the first place.
The researchers disclosed the hack to Apple's security team earlier this summer, according to the paper. "Apple employees followed up several times but did not inform us of any possible mitigation plans," the duo wrote.
The individual parts of the iSight camera that was the subject of the attack
Researchers Matthew Brocker and Stephen Checkoway outline the attack, which targets the firmware inside the iSight camera's controller chip, in a paper entitled "iSeeYou: Disabling the MacBook Webcam Indicator LED." The paper was first reported by the Washington Post.
Apple designed the iSight camera system with a "hardware interlock" between the camera sensor and the indicator LED that was intended to make it electrically impossible for one to be activated without the other. According to the paper, the LED is connected directly to the standby pin on the camera sensor --?when the camera comes out of standby mode, the LED automatically turns on.
Brocker and Checkoway were able to bypass the hardware interlock by reprogramming the firmware on the camera's microcontroller to ignore standby signals sent by the USB interface that the camera uses to communicate with the rest of the computer. In this way, the LED remains off --?because it is still obeying the USB standby signal -- even though the camera sensor is active.
The attack is particularly worrisome because?it does not require administrator-level privileges or physical access to the laptop, though at this time it only affects MacBooks and iMacs manufactured prior to 2008 with built-in iSight cameras, and the researchers indicated that there are at least two methods of mitigating the vulnerability that can be rolled out to existing hardware.
Apple's Gatekeeper application sandbox, introduced with OS X Mountain Lion, could be updated to deny untrusted applications access to the camera and its USB controller. Another strategy, which Brocker and Checkoway have developed a proof-of-concept for, would extend OS X's kernel to disallow specific instructions from being sent to the camera in the first place.
The researchers disclosed the hack to Apple's security team earlier this summer, according to the paper. "Apple employees followed up several times but did not inform us of any possible mitigation plans," the duo wrote.
Comments
Brings whole new meaning to reverse peep-hole.
Two Words: Gorilla Tape
It's just to soften us up to accept always-on camera. That day is coming.
Apple might like an always-on camera. Especially on the future Apple TV.
Google would kill for always-on cameras everywhere. That's one reason why they want to build robots.
So there would be more cameras amongst the population than just those worn by the few, annoying #glassh*les.
https://www.macupdate.com/app/mac/23346/isight-disabler
After years of research they've figured out how to break the security on iSight. After two second, I've fixed the problem. A post-it note. Next.
Now my MBA can keep an eye on my xBox One and PS4 and make sure the bastards aren't reporting everything they see back to the NSA!
Many ways to block peepers via the built-in camera, among them are post-it notes and chewing gum. :P
And Apple misled buyers into thinking it WAS that simple. I'm 99% certain that kind of clear statement was made prior to 2008. The misleading statement could be an honest (but VERY serious) mistake. The bad engineering is just unacceptable, and goes beyond a "mistake"--it could only come from conscious decision-making in the design. Happily remedied in the last 5 years' models, apparently? But I still use one pre-2008 Mac. Lots of people do.
(Aside: I wouldn't mind an on-air light or LCD indicator on all mobile cameras too--fully and simply hard-wired. Google Glass included.)
I doubt Apple is that concerned with addressing security issues with computers over five years old. It is probably not worth their time or money to fix given this does not seem to affect products in recent years.
Name a PC webcam from 2008 with a light that is immune from hacking.
CREEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEPEEEEEEEEEEEEEEEEE!
Macs since 2007 can run Mavericks.
Well, kinda:
To install Mavericks, you need one of these Macs:
http://support.apple.com/kb/HT5842