MacBook webcams can spy on you without any warning, research shows

By on December 19, 2013, 9:30 AM

A research done at the Johns Hopkins University has revealed that it is possible to remotely activate a built-in laptop webcam without triggering the warning LED next to it, The Washington Post reports. Though researchers used the 2008-era MacBook and iMac models to demonstrate the technique, they said that similar techniques could work on modern day computers from various vendors.

So, what does it mean? It means that if you have a laptop with a built-in camera, it is possible for an individual or a government agency to remotely access it to spy on you, and you'd probably never know about it.

Stephen Checkoway, the co-author of the research and a computer science professor at the university, said that the 2008-era MacBooks they studied had a hardware interlock that made sure the green LED glows whenever the webcam was active and capturing video. But he, along with a university graduate student Matthew Brocker, figured out a hack to bypass this security protection by reprogramming the micro-controller of the internal iSight webcam.

The paper iSeeYou: Disabling the MacBook Webcam Indicator LED details the specifics of how Stephen Checkoway and Matthew Brocker disabled the warning LED and used unprivileged (non-root) software applications to remotely access the MacBook webcam.

The research only proves what's been in the news recently. Marcus Thomas, who used to work at the FBI’s Operational Technology Division, recently admitted that FBI has been using a similar hack for several years. A similar technique was also used in the 'sextortion' hacking case targeting Miss Teen USA.

Charlie Miller, a security expert at Twitter, gives an easy solution to this problem. “The safest thing to do is to put a piece of tape on your camera,”, he says.




User Comments: 11

Got something to say? Post a comment
TD_Baker said:

I've always had this suspicion ever since watching Enemy of the State and the recent media attention of the NSA. I have multiple computers with web cam's and use a piece of card board to tape up. In addition, disabling your built in mic as it is just as easy to record your voice along with video. I only enable it when I need to use it which is rarely.

This also applies to Smart TV's with built in web cams.

cliffordcooley cliffordcooley, TechSpot Paladin, said:

Does the term hack, imply the default configuration is secure and that spying requires some local modification to the machine? If so then this is not so different than any other Mal-ware possibilities.

m4a4 m4a4 said:

Unless the light is activated by the hardware (and not software) then yes, this is possible...

Guest said:

I've never used a webcam in my life, so I Alllwwayyysss place electrical tape over it.

Guest said:

I just leave my cam pointed at a printout of goatse.

Raoul Duke Raoul Duke said:

It's been tape for me, but now I will have to check and turn off the mic if on.

davislane1 davislane1 said:

Whenever I have a conversation near a laptop or webcam, I always make sure to make a reference to the NSA spooks listening in/watching. Call me a softie, but I like to let people know I'm thinking about them. It's a relief to know that they can readily observe the sincerity on my face when I mockingly detail my plans to [redacted] in private face-to-face conversations.

Guest said:

You cannot remotely reprogram a microcontroller. The article wording might be misleading for non-technical people. From this article it seems that, for the hack to work, the following steps must take place:

1. Your notebook's hardware must be reprogrammed. It does not say how exactly it is done in the article, but it would require low level access to the hardware at least. It is not possible to do it remotely, or in an unprivileged software.

2. You must manually install some kind of a program that would afterwards use the hack. No software can install itself into a Mac.

3. You must run the program, unless during installation it got itself running as a process, which you can always track using the Activity Monitor.

In other words, if you only use trusted software and let no spies near your macbook, nobody will be able to spy on you using the "no-green-light-web-cam-hack".

On a side note... It would be really boring to watch me code all day. I suppose it would reach #1 in the "most boring spying video" charts.

2 people like this | Guest said:

Then It will always see me fapping, nothing else ...

drjekel_mrhyde drjekel_mrhyde said:

I wonder how many hours of them watching me eat cookies, drinking beer, while jerking off do they have

1 person liked this | cliffordcooley cliffordcooley, TechSpot Paladin, said:

I wonder how many hours of them watching me eat cookies, drinking beer, while jerking off do they have
They have to learn multitasking somehow.

Load all comments...

Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...
Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.