Dev

Dec. 19, 2013 9:01 am

Johns Hopkins researchers show how MacBook webcams can spy on users

Research from computer science professor Stephen Checkoway and graduate student Matthew Brocker shows how the webcam on a MacBook or iMac can be activated even while the warning light remains dark.

Photo from Flickr user goobimama under Creative Commons for Attribution.

Think the built-in webcam on Apple’s MacBook is on only when the light adjacent to the camera is lit? Think again.

Research from computer science professor Stephen Checkoway and graduate student Matthew Brocker, both of the Johns Hopkins University, shows how the camera on a MacBook or iMac can be activated even while the warning LED remains dark.

A new paper co-authored by Checkoway and Brocker — “iSeeYou: Disabling the MacBook Webcam Indicator LED” — explains how the camera can be operational while the light is not. The paper is the “first public confirmation” of how it’s possible to spy on unwary MacBook users, reports the Washington Post.

Apple MacBooks and iMacs released prior to 2008 had what Checkoway and Brocker identified as a “hardware interlock” that connected the camera and the warning light, ensuring that the computer owner would know when the camera was on.

But, as the Post reports, the JHU researchers were able to circumvent the interlock:

MacBooks are designed to prevent software running on the MacBook’s central processing unit (CPU) from activating its iSight camera without turning on the light. But researchers figured out how to reprogram the chip inside the camera, known as a micro-controller, to defeat this security feature. [In the paper], Brocker and Checkoway describe how to reprogram the iSight camera’s micro-controller to allow the camera and light to be activated independently. That allows the camera to be turned on while the light stays off.

Additionally, the Post points out, this technique has already been used by at least one man who took two naked photos of a former high school classmate.

Read the full summary of their paper at the Washington Post.

Watch the camera be activated without the warning light going on:

-30-
Andrew Zaleski

Andrew Zaleski is a freelance journalist in Philadelphia and the former lead reporter for Technical.ly Baltimore. Before moving to Philadelphia in June 2014, he was a contributing writer to Baltimore City Paper and a Tech Check commentator for WYPR 88.1 FM, Baltimore city’s National Public Radio affiliate. He has written for The Atlantic, Outside, Richmond magazine, Washington City Paper, Baltimore magazine, Baltimore Style magazine, Next City, Grist.org, The Atlantic Cities, and elsewhere.

Profile   /   @ajzaleski   /   Send an email
Advertisement