MacBook Webcams Vulnerable to 'Peek' Hacking

The National Security Agency may not be the only ones peeking into our activities. A recent research project at Johns Hopkins University has proven that unauthorized users can hack into internal webcams on certain classes of Apple computers to disable the green light that informs us when the webcam is in use.

In the paper, "iSee You: Disabling the MacBook Webcam Indicator LED," graduate student Matthew Brocker and Computer Science Professor Stephen Checkoway described their efforts to disable the LED on the webcam in a previous generation of Apple products, including the iMac G5 and MacBook laptops. The laptops, in particular, gained a certain level of notoriety when, in 2009, Lower Merion School District in Pennsylvania made headlines for capturing images of its students through the webcams in their school-issued MacBooks without their knowledge or permission.

According to the researchers, the source of the vulnerability lies with the iSight webcam. The indicator LED, which generates the little green light, sits between a microprocessor and an image sensor. When the image sensor is sending images to the microcontroller — when the camera is turned on — a hardware "interlock" turns the LED light on. But the microcontroller can be hacked and reprogrammed to bypass the interlock and disable the LED. To demonstrate the technique, Brocker and Checkoway developed iSeeYou, a simple, native OS X application that checks for the presence of the iSight camera and then initiates the reprogramming process.

"The ability to bypass the interlock raises serious privacy concerns and the technical means by which we accomplish it raises additional security concerns," the researchers wrote. One of those "additional" concerns involves the use of facial recognition by the webcam to grant the right user access to a secure service. Malware could conceivably capture video of a victim then replay that video to get around the authentication measure.

One way to counteract the vulnerability, the report said, would be for the indicator light to "be controlled completely by hardware." Another approach would be to modify the operating system to prevent certain types of device requests from being sent to the camera. To that end, the researchers developed iSightDefender, which blocks reprogramming efforts that don't require access to root privileges. That utility is publicly available.

The two reported that they've shared their source code for iSeeYou and iSightDefender with Apple. And although the company followed up "several times," they were never notified about possible fixes.

Next, Brocker and Checkoway said they hope to expand the scope of their work to examine newer Apple webcams, such as the most recent FaceTime cameras as well the webcams installed in non-Apple devices.

Until the problem is addressed more systematically, the researchers suggested, users can always tape over the webcam or install the iPatch, a $4.99 device intended, as its company Web site declares, "to keep time spent at your computer private."

About the Author

Dian Schaffhauser is a former senior contributing editor for 1105 Media's education publications THE Journal, Campus Technology and Spaces4Learning.

Featured

  • Neon blue security locks with a single red highlight

    With AI, Cybersecurity Focus Shifts from Finding Flaws to Fixing Them

    For decades, one of cybersecurity's biggest challenges has been finding vulnerabilities before attackers do. A growing number of security professionals now say artificial intelligence is changing that equation, shifting the focus from discovering flaws to fixing them quickly enough to prevent exploitation.

  • group of smiling teachers

    NAAIC Expands AI Workforce Development Efforts to High Schools

    The National Applied AI Consortium, a National Science Foundation-funded initiative led by Miami Dade College, Houston City College, and Maricopa Community Colleges focused on artificial intelligence education and workforce development, is expanding its mission into high schools.

  • digital lock

    CoSN: Cybersecurity and Data Privacy Remain Top AI Concerns in Education

    A leading concern for education technology leaders across the United States is the potential for AI to enable new forms of cyber attacks, according to the latest State of Ed Tech report from CoSN.

  • artificial intelligence on laptop

    OpenAI Plans to Combine AI Products into Desktop 'Superapp'

    OpenAI is reportedly developing a desktop application that would incorporate several of its emerging AI products into a single platform, according to reports, marking the latest step in the company's effort to transform ChatGPT from a standalone chatbot into a broader productivity and automation environment.