MacBook webcam indicator light can be disabled to aid spying
Posted on 19 December 2013.
Two researchers from Johns Hopkins University have proved, without a doubt, that it is possible to activate internal iSight webcams included in some legacy Apple machines without triggering the LED light that indicates its use.

It is not that that such a modification was considered impossible - in fact, it is widely known that the FBI was capable to do it for years now, and that commercial surveillance products and some malware out there is capable of doing it - but this is the first time that the capability has been publicly documented and demonstrated.

In their paper titled "iıSeeYou: Disabling the MacBook Webcam Indicator LED," the researchers described how they were able to create a piece of software that made the LED ignore the input received when the camera be turned on, and to exchange the regular camera webcam software with it by using a Remote Access Tool / Trojan (RAT). They didn't even have to have administrator-level privileges to do it.

Their attack worked on "previous generation Apple products including the iMac G5 and early Intel-based iMacs, MacBooks, and MacBook Pros until roughly 2008", but other researchers said that it could be modified to work on newer versions as well.

The researchers say Apple has been notified of their research, but has yet to offer a mitigation or solution for the issue.

"To defend against these and related threats, we built an OS X kernel extension, iSightDefender, which prohibits the modification of the iSight’s firmware from user space," the researchers noted.

Of course, there is also an easier option for protecting yourself: tape over your computer camera.









Spotlight

The security threat of unsanctioned file sharing

Posted on 31 October 2014.  |  Organisational leadership is failing to respond to the escalating risk of ungoverned file sharing practices among their employees, and employees routinely breach IT policies.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Fri, Oct 31st
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //