Webcam spying without turning on the LED? Researchers prove it’s possible

WebcamThere has been a long and sordid history of internet perverts and peeping Toms hacking into computers, and secretly taking images and videos of their victims via the webcam.

One recent victim was Miss Teen USA Cassidy Wolf, who was secretly spied upon in her bedroom by a hacker who took photographs and threatened to release them to the public.

Whether the hackers are doing it for sexual kicks or with the intention of blackmail doesn’t really matter – it’s a gross invasion of privacy, and can leave the victim feeling shaken and abused.

Up until now, most people have believed that the LED indicator which sits next to the webcam of laptop and desktop computers provides some warning that the device has been activated.

Earlier this year, Miss Wolf said that her webcam light had never illuminated – and I must admit I wondered at the time if she had got her facts right, as I was surprised that was possible.

However, researchers have now proven that it’s possible to commandeer a computer’s webcam *without* the LED light coming on, making it much harder to tell if you are being secretly recorded.

Here, for instance, is a photograph of a white MacBook Core 2 Duo.

Webcam on, LED off

You can tell from the photograph that the laptop is capturing video via its webcam (known as its intenal iSight in Apple parlance). The webcam is the square at the top of the MacBook’s screen. And the black dot to the right of it is the LED indicator. And, as you can see, it’s unilluminated.

LED indicator light is off

Researchers Matthew Brocker and Stephen Checkoway of Johns Hopkins University discovered it was possible to disable the LED indicator light on some MacBook laptops and iMac desktop computers, alowing video and images to be taken without any warning being given to the computer user.

Furthermore, Brocker and Checkoway’s paper, entitled “ıSeeYou: Disabling the MacBook Webcam Indicator LED”, details how this can be achieved entirely in userspace without requiring user authorisation. In other words, a victim wouldn’t even have to authorise an app to run to allow it to mess with their webcam.

It’s easy to imagine how malicious spyware could use the same process.

“The same technique that allows us to disable the LED, namely reprogramming the firmware that runs on the iSight, enables a virtual machine escape whereby malware running inside a virtual machine reprograms the camera to act as a USB Human Interface Device (HID) keyboard which executes code in the host operating system,” the researchers warn.

The researchers say that the vulnerability they uncovered affects older Apple computers – “including the iMac G5 and early Intel-based iMacs, MacBooks, and MacBook Pros until roughly 2008.”

However, famous security researcher Charlie Miller told the Washington Post that the attack might be applicable to newer devices too:

“There’s no reason you can’t do it — it’s just a lot of work and resources but it depends on how well [Apple] secured the hardware”

Brocker and Checkoway’s paper is a fascinaing read. Once you’ve been through it, you might well decide the best course of action is to keep your anti-virus updated, and cover up your webcam camera with a band-aid when you don’t need it.

Further reading: “ıSeeYou: Disabling the MacBook Webcam Indicator LED”

Update: Readers may also be interested in reading the blog post at Errata Security, where they describes how they were able to subvert the firmware on a Dell computer running Windows to disable the webcam light.

The researchers claim that the technique should work on any modern Windows notebook – the only complexity being that the hacker would need to build different hacked firmware for many different webcam chips.

Tags: , , , , , , , , ,


, , , , , , , , ,

2 Responses

  1. jobewan 1 December 19, 2013 at 2:53 pm #

    Regarding the webcam light issue: The question that clings
    to the inner walls of my brain cage like the greasy hamburger stain
    I got on my shirt from eating in the car is: WHY [oh why] is it
    possible to control the webcam light – at all? WHY are all webcam
    lights not hard wired? When power is routed to the webcam, it is
    routed to the light. When power is conserved by turning off the
    webcam, the light is turned off. Simple?

  2. Gavin 5 December 19, 2013 at 6:47 pm #

    Not everybody has a light next to their webcam! I gave in to paranoia and obscured my laptop's camera with a self-adhesive index tab, but now I have to hope that if I lose my laptop, or it gets stolen, this will be peeled off by the finder/thief so that I can get a look at them using Prey.

    Having an LED that infallibly turned on with the webcam would be a bad idea in terms of alerting a thief when you were trying to trace your stolen computer using a program like Prey. I guess it depends whether you feel you're more likely to be spied on by a pervy hacker or lose your laptop… As I do not resemble Miss Teen Anywhere, I think I'm right to regard the latter as a more likely risk. ;-)

Leave a Reply

XSLT by CarLake