One recent victim was Miss Teen USA Cassidy Wolf, who was secretly spied upon in her bedroom by a hacker who took photographs and threatened to release them to the public.
Whether the hackers are doing it for sexual kicks or with the intention of blackmail doesn’t really matter – it’s a gross invasion of privacy, and can leave the victim feeling shaken and abused.
Up until now, most people have believed that the LED indicator which sits next to the webcam of laptop and desktop computers provides some warning that the device has been activated.
Earlier this year, Miss Wolf said that her webcam light had never illuminated – and I must admit I wondered at the time if she had got her facts right, as I was surprised that was possible.
However, researchers have now proven that it’s possible to commandeer a computer’s webcam *without* the LED light coming on, making it much harder to tell if you are being secretly recorded.
Here, for instance, is a photograph of a white MacBook Core 2 Duo.
You can tell from the photograph that the laptop is capturing video via its webcam (known as its intenal iSight in Apple parlance). The webcam is the square at the top of the MacBook’s screen. And the black dot to the right of it is the LED indicator. And, as you can see, it’s unilluminated.
Researchers Matthew Brocker and Stephen Checkoway of Johns Hopkins University discovered it was possible to disable the LED indicator light on some MacBook laptops and iMac desktop computers, alowing video and images to be taken without any warning being given to the computer user.
Furthermore, Brocker and Checkoway’s paper, entitled “ıSeeYou: Disabling the MacBook Webcam Indicator LED”, details how this can be achieved entirely in userspace without requiring user authorisation. In other words, a victim wouldn’t even have to authorise an app to run to allow it to mess with their webcam.
It’s easy to imagine how malicious spyware could use the same process.
“The same technique that allows us to disable the LED, namely reprogramming the firmware that runs on the iSight, enables a virtual machine escape whereby malware running inside a virtual machine reprograms the camera to act as a USB Human Interface Device (HID) keyboard which executes code in the host operating system,” the researchers warn.
The researchers say that the vulnerability they uncovered affects older Apple computers – “including the iMac G5 and early Intel-based iMacs, MacBooks, and MacBook Pros until roughly 2008.”
However, famous security researcher Charlie Miller told the Washington Post that the attack might be applicable to newer devices too:
“There’s no reason you can’t do it — it’s just a lot of work and resources but it depends on how well [Apple] secured the hardware”
Brocker and Checkoway’s paper is a fascinaing read. Once you’ve been through it, you might well decide the best course of action is to keep your anti-virus updated, and cover up your webcam camera with a band-aid when you don’t need it.
Further reading: “ıSeeYou: Disabling the MacBook Webcam Indicator LED”
Update: Readers may also be interested in reading the blog post at Errata Security, where they describes how they were able to subvert the firmware on a Dell computer running Windows to disable the webcam light.
The researchers claim that the technique should work on any modern Windows notebook – the only complexity being that the hacker would need to build different hacked firmware for many different webcam chips.
Found this article interesting? Follow Graham Cluley on Twitter to read more of the exclusive content we post.