MacBook Webcams Vulnerable to 'Peek' Hacking

• By Dian Schaffhauser
• 01/08/14

The National Security Agency may not be the only ones peeking into our activities. A recent research project at Johns Hopkins University has shown that unauthorized users can hack into internal webcams on certain classes of Apple computers to disable the green light that tells us when the webcam is in use.

In the paper, "iSee You: Disabling the MacBook Webcam Indicator LED," graduate student Matthew Brocker and Computer Science Professor Stephen Checkoway described their efforts to disable the LED on the webcam in a previous generation of Apple products, including the iMac G5 and MacBook laptops. The laptops, in particular, gained a certain level of notoriety when, in 2009, Lower Merion School District in Pennsylvania made headlines for capturing images of its students through the webcams in their school-issued MacBooks without their knowledge or permission.

According to the researchers, the source of the vulnerability lies with the iSight webcam. The indicator LED, which generates the little green light, sits between a microprocessor and an image sensor. When the image sensor is sending images to the microcontroller — when the camera is turned on — a hardware "interlock" turns the LED light on. But the microcontroller can be hacked and reprogrammed to bypass the interlock and disable the LED. To demonstrate the technique, Brocker and Checkoway developed iSeeYou, a simple, native OS X application that checks for the presence of the iSight camera and then initiates the reprogramming process.

"The ability to bypass the interlock raises serious privacy concerns and the technical means by which we accomplish it raises additional security concerns," the researchers wrote. One of those "additional" concerns involves the use of facial recognition by the webcam to grant the right user access to a secure service. Malware could conceivably capture video of a victim then replay that video to get around the authentication measure.

One way to counteract the vulnerability, the report said, would be for the indicator light to "be controlled completely by hardware." Another approach would be to modify the operating system to prevent certain types of device requests from being sent to the camera. To that end, the researchers developed iSightDefender, which blocks reprogramming efforts that don't require access to root privileges. That utility is publicly available.

The two reported that they've shared their source code for iSeeYou and iSightDefender with Apple. And although the company followed up "several times," they were never notified about possible fixes.

Next, Brocker and Checkoway said they hope to expand the scope of their work to examine newer Apple webcams, such as the most recent FaceTime cameras as well the webcams installed in non-Apple devices.

Until the problem is addressed more systematically, the researchers suggested, users can always tape over the webcam or install the iPatch, a $4.99 device intended, as its company Web site declares, "to keep time spent at your computer private."