Does your Mac have a built-in iSight camera? Could it be turned on without you knowing so someone could be watching you?
Apple has included iSight cameras in Macs since the last G5 iMacs in Late 2005, and all Intel iMacs and Intel laptops have them too. It is accompanied by a little green LED that is supposed to light up when the camera is in use.
The Web is buzzing with news of researchers at John Hopkins University who have managed to deactivate the green LED and access the built-in camera, activating the camera and therefore theoretically watching the owner without their knowledge.
This is not your Mac becoming “self aware” or the beginning of a cybernetic revolt. It is the clever work of some talented humans.
The iSight camera has a hardware interlock between the camera sensor and the indicator LED to prevent the camera viewing you without notification. However, this interlock was bypassed by altering the firmware on the camera’s microcontroller. It was set to ignore standby signals, meaning the LED remains off, because the machine believes the camera is off when it isn’t.
More worrying is that it doesn’t require admin privileges to do this.
Detailed information on this was written in a paper called iSeeYou: Disabling the MacBook Webcam Indicator LED and written by Johns Hopkins University graduate student Matthew Brocker and computer science professor Stephen Checkoway.
However, before you all go out and start putting tape over your nice shiny Mac’s webcam, it would appear that this only affects Macs introduced before 2008 – and obviously this altered firmware needs to be implemented too. It also appears this hack could be stopped or fixed with a software patch.
Affected Macs are:
- iMacs: Late 2005 G5 iSight, Early 2006, Mid 2006, Late 2006 17″ Core Duo, Late 2006 Core 2 Duo, 24″ Late 2006, and Mid 2007.
- MacBook: Mid 2006, Late 2006, Mid 2007, and Late 2007.
- MacBook Pro: 15″ Early 2006, 17″ Early 2006, 15″ Late 2006, 17″ Late 2006, and Mid 2007.
After 2008, Apple changed the schematics of the camera and LED, and this current hack doesn’t work with Macs from 2008 onwards. The big question is whether newer Macs will be able to have their LED disabled someday, and will the process become simpler and easier to implement.
There have been several cases in the media of people having their computers hacked and pictures taken with the built-in cameras. Also, with growing fears of government spying, could this be the next invasion of our privacy?
As hackers get smarter, should we all be worried about what our computers are doing without our knowledge. I, for one, will be careful not to leave my Mac watching me in future.
Update: The authors of the paper have produced iSightDefender to prevent this kind of hack from working, but you’ll have to compile the program yourself. Let’s hope someone takes the time to release an app that doesn’t need to be compiled by the end user!
Follow Simon Royal on Twitter or send him an Email.
Like what you have read? Send Simon a donation via Tip Jar.
keywords: #isight #isightdefender #techspectrum #simonroyal
short link: http://goo.gl/6Y4btn