Notice something odd about the MacBook up above? It’s running an app that’s capturing live video from the iSight camera… but the LED indicator to the right of the camera isn’t lighting up. It’s supposed to, of course, but a pair of Johns Hopkins researchers figured out how to trick the camera’s control circuitry into keeping the LED powered down during use.
Matthew Brocker and Stephen Checkoway built a proof-of-concept application they call iSeeYou and demonstrated it on a 2008 MacBook. Why that particular model? Because it’s the one that was at the center of the Lower Merion School District controversy back in 2011. Lower Merion provided 2008 MacBooks to every student and it was later discovered that they came pre-loaded with a remote administration tool (RAT) that was surreptitiously snapping pics. In 18 months more than 30,000 images were captured. Eventually, users started noticing the webcam LED flicking on when they weren’t using it and the FBI got involved.
In order to go undetected, perverts blackmailers remote administrators need a way to fire up the camera without turning on the light — something that’s been done before on other laptops and USB webcams. The iSight cameras in MacBooks, however, were thought to be safer. Turns out that’s definitely not the case. And although Brocker and Checkoway were successful on a machine that’s five years old, they seem confident that a similar attack would work on newer models.
How do you prevent this sort of thing? A simple piece of tape or a Post-It note shield are good enough for a lot of folks, but more secure webcam designs would be nice. That’s tricky, though, because there’s at least one legitimate use case where you really, really don’t want the webcam light coming on: when you’re trying to figure out who the lowlife is that stole your expensive laptop.
Source : geek.com/apple/macbook-webcam-allows-stealth-remote-creeping-1580192/