Webcam spying without turning on the LED? Researchers prove it’s possible

Graham Cluley
Graham Cluley
@[email protected]

WebcamThere has been a long and sordid history of internet perverts and peeping Toms hacking into computers, and secretly taking images and videos of their victims via the webcam.

One recent victim was Miss Teen USA Cassidy Wolf, who was secretly spied upon in her bedroom by a hacker who took photographs and threatened to release them to the public.

Whether the hackers are doing it for sexual kicks or with the intention of blackmail doesn’t really matter – it’s a gross invasion of privacy, and can leave the victim feeling shaken and abused.

Up until now, most people have believed that the LED indicator which sits next to the webcam of laptop and desktop computers provides some warning that the device has been activated.

Sign up to our free newsletter.
Security news, advice, and tips.

Earlier this year, Miss Wolf said that her webcam light had never illuminated – and I must admit I wondered at the time if she had got her facts right, as I was surprised that was possible.

However, researchers have now proven that it’s possible to commandeer a computer’s webcam *without* the LED light coming on, making it much harder to tell if you are being secretly recorded.

Here, for instance, is a photograph of a white MacBook Core 2 Duo.

Webcam on, LED off

You can tell from the photograph that the laptop is capturing video via its webcam (known as its intenal iSight in Apple parlance). The webcam is the square at the top of the MacBook’s screen. And the black dot to the right of it is the LED indicator. And, as you can see, it’s unilluminated.

LED indicator light is off

Researchers Matthew Brocker and Stephen Checkoway of Johns Hopkins University discovered it was possible to disable the LED indicator light on some MacBook laptops and iMac desktop computers, alowing video and images to be taken without any warning being given to the computer user.

Furthermore, Brocker and Checkoway’s paper, entitled “ıSeeYou: Disabling the MacBook Webcam Indicator LED”, details how this can be achieved entirely in userspace without requiring user authorisation. In other words, a victim wouldn’t even have to authorise an app to run to allow it to mess with their webcam.

It’s easy to imagine how malicious spyware could use the same process.

“The same technique that allows us to disable the LED, namely reprogramming the firmware that runs on the iSight, enables a virtual machine escape whereby malware running inside a virtual machine reprograms the camera to act as a USB Human Interface Device (HID) keyboard which executes code in the host operating system,” the researchers warn.

The researchers say that the vulnerability they uncovered affects older Apple computers – “including the iMac G5 and early Intel-based iMacs, MacBooks, and MacBook Pros until roughly 2008.”

However, famous security researcher Charlie Miller told the Washington Post that the attack might be applicable to newer devices too:

“There’s no reason you can’t do it — it’s just a lot of work and resources but it depends on how well [Apple] secured the hardware”

Brocker and Checkoway’s paper is a fascinaing read. Once you’ve been through it, you might well decide the best course of action is to keep your anti-virus updated, and cover up your webcam camera with a band-aid when you don’t need it.

Further reading: “ıSeeYou: Disabling the MacBook Webcam Indicator LED”

Update: Readers may also be interested in reading the blog post at Errata Security, where they describes how they were able to subvert the firmware on a Dell computer running Windows to disable the webcam light.

The researchers claim that the technique should work on any modern Windows notebook – the only complexity being that the hacker would need to build different hacked firmware for many different webcam chips.

Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "Smashing Security" podcast. Follow him on Twitter, Mastodon, Threads, Bluesky, or drop him an email.

8 comments on “Webcam spying without turning on the LED? Researchers prove it’s possible”

  1. jobewan

    Regarding the webcam light issue: The question that clings
    to the inner walls of my brain cage like the greasy hamburger stain
    I got on my shirt from eating in the car is: WHY [oh why] is it
    possible to control the webcam light – at all? WHY are all webcam
    lights not hard wired? When power is routed to the webcam, it is
    routed to the light. When power is conserved by turning off the
    webcam, the light is turned off. Simple?

    1. Jay · in reply to jobewan

      This here… This is exactly what I was thinking too… The whole idea that its not hard wired just sounds moronic to me, it would solve all these stupid issues

  2. Gavin

    Not everybody has a light next to their webcam! I gave in to paranoia and obscured my laptop's camera with a self-adhesive index tab, but now I have to hope that if I lose my laptop, or it gets stolen, this will be peeled off by the finder/thief so that I can get a look at them using Prey.

    Having an LED that infallibly turned on with the webcam would be a bad idea in terms of alerting a thief when you were trying to trace your stolen computer using a program like Prey. I guess it depends whether you feel you're more likely to be spied on by a pervy hacker or lose your laptop… As I do not resemble Miss Teen Anywhere, I think I'm right to regard the latter as a more likely risk. ;-)

  3. Phred

    The process is simple. Here is the simplified explaination. The LED cathode is connected to the camera enable. The enable goes low to turn on the camera. The LED anode is connected to 3.3v. The camera firmware is stored in EEPROM, and is not secured. The iSeeYou app simply writes a rouge firmware to the camera EEPROM. The rouge firmware keeps the camrea on all the time (ignoring the enable signal). The iSeeYou app accesses the camera without driving the enable low. The light is effectively bypassed.

  4. A person

    I've forcefully removes the Apple iSight drivers. My computer has no way of even using it's camera anymore, and I'm okay with that.

  5. Thomas

    I've completely unplugged the camera from the mainboard of my 2013 MBP…since I never really use it anyway.

  6. Martronic

    you could also have an led attached to a data lead to ensure when it is turned on and data (on any lead if you use an or gate) and use a very small capacity capacitor to even out the signal to the led then you could make it so if any data is being sent then led is on… and depending of where you want to implement it you could have it be between the cmos (light sensor) and the control circuits or just between the usb controller and the control circuits…

  7. Edup

    Is there any way to see the recent activities on your laptop webcam even when the camera was not on…need some help as it is regarding a theft issue

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.