Slashdot Mirror

← Back to Stories (view on slashdot.org)

How a MacBook Camera Can Spy Without Lighting Up

Posted by Soulskill on from the they-can-see-you-right-now dept.

New submitter ttyler writes "It turns out a MacBook's built-in camera can be activated without turning on the green LED. An earlier report suggested the FBI could activate a device's camera without having the light turn on, and there was a case in the news where a woman had nude pictures taken of her without her knowledge. The new research out of Johns Hopkins University confirms both situations are possible. All it takes are a few tweaks to the camera's firmware."

57 of 371 comments (clear)

  1. It's pretty simple by bhcompy · · Score: 5, Insightful

    It's pretty simple: if you have a device with a camera, just cover the camera with a little black tape and tada, no more spying

    1. Re:It's pretty simple by rtb61 · · Score: 5, Insightful

      Far simpler for the manufacturer to wake up to what is going on and provide a sliding lens cover and that means you, you big screen smart TV designers.

      --
      Chaos - everything, everywhere, everywhen
    2. Re:It's pretty simple by Anonymous Coward · · Score: 4, Insightful

      You're assuming it's not by design.

    3. Re:It's pretty simple by GameMaster · · Score: 5, Insightful

      If they cared even remotely enough to do that, then they would have already hardwired the indicator light to the same power source as the camera so that one couldn't be run without the other regardless of the firmware.

      --

      Rules of Conduct:
      #1 - The DM is always right.
      #2 - If the DM is wrong, see rule #1
    4. Re:It's pretty simple by wrp103 · · Score: 4, Insightful

      It's pretty simple: if you have a device with a camera, just cover the camera with a little black tape and tada, no more spying

      I use a Post-It, with the non-sticky part over the camera hole.

      That way, when I actually do want to use the camera, I simply bend the paper back and expose the camera. When I am done, I fold it back. Replacements are pretty simple. One pad should last you a long time. ;^)

    5. Re:It's pretty simple by weilawei · · Score: 4, Informative

      Spoke to an Apple tech just now. It used to be, according to them. They say it isn't anymore.

    6. Re:It's pretty simple by Anonymous Coward · · Score: 2, Funny

      Apple shills, ASSEMBLE! Quick, a story about Apple's hardware spying, divert attention to Microsoft!

    7. Re:It's pretty simple by weilawei · · Score: 5, Informative

      You're entirely right--you shouldn't trust hearsay. But additionally, if you look back through my post history, you'll find that I'm not in the habit of making unsubstantiated claims. The truth of the matter is that the guy (a repair tech, with long-time electronics experience, whom I trust to work on my own machines) had to go home. It's that time of the evening. But you're right, don't trust hearsay. Unfortunately, you'll have to wait on the schematics/pictures, whereas, you could probably pop open the machine yourself and take a look see if you're competent enough to understand them in the first place. I suggest you do this if you're skeptical. Heck, you might do us a favor and post them.

    8. Re:It's pretty simple by Jherek+Carnelian · · Score: 4, Funny

      Far simpler for the manufacturer to wake up to what is going on and provide a sliding lens cover and that means you, you big screen smart TV designers.

      There are a ton of 3rd party sliding covers out there for under $10 a piece, google will find them for you no problem.

      But what I haven't seen yet is one that doesn't just black out the camera, but instead puts a photo in front of the camera. Imagine a camera slide that forces anyone spying on you to see goatse.cx instead. Just deserts.

    9. Re:It's pretty simple by Jherek+Carnelian · · Score: 2

      I bet it is easier for automated testing. This way they don't need to connect any external equipment to measure if the LED works, just ask the microcontroller in the camera to run an internal diagnostic that checks the the voltage level on the lines to the LED.

    10. Re:It's pretty simple by ChunderDownunder · · Score: 5, Insightful

      On January 24th, Apple Computer will introduce Macintosh. And you'll see why 1984 won't be like "1984".

      30 years on, how times have changed!

    11. Re:It's pretty simple by fuzzyfuzzyfungus · · Score: 4, Insightful

      Cameras with physical lens covers are thicker than cameras without. That's all it took to convince Apple.

      Now, why they have an 8051 hardwired to the USB bus that accepts arbitrary firmware uploads without even having to elevate beyond user permissions, I can only blame stupidity.

    12. Re:It's pretty simple by Solandri · · Score: 4, Insightful

      The real point here that this tangent is missing is KISS. Keep It Simple, Stupid. You shouldn't need to look through schematics or take apart your laptop or decompile firmware to figure out if the light cannot be decoupled from the camera, when a simple non-motorized sliding cover would make it indisputably clear to the user that their image is not being surreptitiously captured. That's what people are saying. There are times when complexity needs to be hidden from the user. This is not one of those times because a simple alternative solution that even a 5 year old can understand exists. KISS.

    13. Re:It's pretty simple by AmiMoJo · · Score: 2

      The problem is that manufacturers want to use the camera all the time for facial recognition, gesture detection, auto-on when someone enters the room, even stuff like auto brightness/contrast control. The LED would be flickering like mad all the time.

      Also, we need LEDs for microphones.

      --
      const int one = 65536; (Silvermoon, Texture.cs)
      SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
    14. Re:It's pretty simple by weilawei · · Score: 2

      Definitely. I would LOVE if my microphone had an LED for it being on. Even more so, I'd love it if my microphone actually turned off.

    15. Re:It's pretty simple by brantondaveperson · · Score: 3, Informative

      A sliding cover to a camera does not adhere to KISS from a user's perspective. It's actually an annoying additional step to using the camera - not to mention another moving part on a laptop that may break and/or jam. Plus it's actually less useful - if the sliding cover is open one probably still wants an LED to indicate whether or not the camera is actually active.

      The idea of tying the LED to the power supply to the camera also won't work, at least for modern macbooks, because that camera sensor is in fact always active. It's also used as the ambient light sensor to automatically dim the display in low-light conditions. Of course, they could have used an additional sensor for that, but that would have increased the cost and complexity of the camera hardware.

      The real issue here is much more general, which is that it should manifestly not be possible without root privileges to modify the firmware in any of the microcontrollers in a laptop (of which I'm sure there are several).

    16. Re:It's pretty simple by penguinstorm · · Score: 2

      Well, it's pretty clear that your use case is the only one for the entire world so let's go to town!

      --
      Skot Nelson music is my saviour / i was maimed by rock and roll
    17. Re:It's pretty simple by SuperKendall · · Score: 5, Funny

      A sliding cover to a camera does not adhere to KISS from a user's perspective. It's actually an annoying additional step to using the camera

      I was going to say the same thing - that it makes the camera annoying to use and would probably confuse a lot of people if you ship it closed (and if you don't ship it closed, why even bother?)

      There is one way you could make it covered and still not confuse users - have the sliding door activated by the computer when the camera is active. Then you could see when the camera was active, and the door could hard-wire an LED activation...

      It would add cost and complexity though, and it does sound like a system that would be prone to failure rendering the camera useless. So there's still that issue.

      --
      "There is more worth loving than we have strength to love." - Brian Jay Stanley
    18. Re:It's pretty simple by Anonymous Coward · · Score: 2, Insightful

      Of course it is by design, Apple will drop any feature if it allows them to shrink the case another mm. That's how they make their margins.

      Not to mention there's a single piece of glass covering both the screen and the camera, like Apple would ever ugly that up with some shitty slider.

    19. Re:It's pretty simple by tlhIngan · · Score: 2

      If they cared even remotely enough to do that, then they would have already hardwired the indicator light to the same power source as the camera so that one couldn't be run without the other regardless of the firmware.

      Except it was, sort of. The camera sensor has a line called STANDBY. When it's high, the camera is off and is not sending data to the USB chip. When it's low, the camera is sending image data. The LED is wired so when it goes low, the LED turns on.

      The flaw is that the USB hardware firmware is on disk, so on boot, it's loaded into the controller's RAM. That firmware then configures the sensor. It turns out that there's a register setting that tells the sensor to ignore the STANDBY line. (Could be a debug bit - these camera sensors have tons of registers that are NOT documented - you're already looking at a good 500+ registers, and probably another 500 that aren't documented or whose presence isn't even known).

      Ars Technica has a nice technical writeup - http://arstechnica.com/security/2013/12/perv-utopia-light-on-macbook-webcams-can-be-bypassed/

    20. Re:It's pretty simple by rusty0101 · · Score: 2

      Fix for the mic would be to either short to ground (tip) the mic lead of a headset plug, or if the macbook checks resistance link a 1k ohm reistor between tip and the mic lead, and make sure that the computer switches to using the external mic when you plug something in that provides a suitable resistance.

      This could all be built within a 90 degree 3.5mm plug , or even a 2.5mm plug if necessary. It won't be quite flush with the side of the macbook, and if they use a common plug for speakers and mic, you may need to add a socket for headphones, or build this into a replacement plug for the headphones you prefer. You would likely need a 4 conductor plug for the mic ring.

      Optionally pick up a usb sound adapter from a manufacturer in china, and make sure that the computer switches to that as the default audio i/o device, and never plug a mic into the adapter, or plug in a mic that's turned off.

      If you want to be annoying to the people trying to listen, find a recording of someone reciting the constitution, and feed that into the mic in jack from an mp3 player on a continuous loop.

      --
      You never know...
    21. Re:It's pretty simple by viperidaenz · · Score: 2

      2. LED's operate at nano to micro second speeds, typically up to the tens of MHz. Persistence of vision helps in making a short burst seem much longer.

    22. Re:It's pretty simple by vidarlo · · Score: 4, Informative

      If they cared even remotely enough to do that, then they would have already hardwired the indicator light to the same power source as the camera so that one couldn't be run without the other regardless of the firmware.

      This is essentially what apple did, according to the report. They connected the LED to the standby signal, which normally has to be disabled to read data from the camera chip. So far, so good.

      But the camera chip also has a configuration register - and one of the register options are to disable listening to the standby signal, and go ahead without caring about this signal. So it looks like the designers overlooked that option, or didn't think about it as a serious scenario.

      So my impression is that apple has gone further than I've imagined to make a good design, but sadly not a bugfree design. Remember that all designs, hardware or software, may have bugs.

      --
      Assembling etherkillers for fun an profit
    23. Re:It's pretty simple by rioki · · Score: 2

      Your post makes no sense. (Is it sarcastic?) A sliding cover is exactly the type of implementation that most users would trust. It is the type of intuitive things, like toggle switches for off buttons. Users used to be afraid that hackers could penetrate their systems though the modem. They knew that the system without power is safe. The more novice users did not trust that the ACPI off rally work and may have heard from "wake on lan" features. The simple solution, put the entire PC on a connector strip with a simple toggle power switch. That switch definitely OFF.

      A physical and manual sliding door is exactly this, closed door means camera "off". Since even if the camera is on, all it will see is black. This type of safeguard the users understands intuitively. It is even stupidly simple. It may ruin the cool apple aesthetic though.

    24. Re:It's pretty simple by Chelloveck · · Score: 3, Funny

      And any 2nd year engineering student could figure out that by putting a slot in the glass and a void behind it you're reducing the structural integrity of an already thin, brittle material. But before that happened a 3rd year industrial design student would slap it down because the little rubber nub would destroy the sleek minimalist look that Apple prizes so much.

      --
      Chelloveck
      I give up on debugging. From now on, SIGSEGV is a feature.
  2. Tape it. by pubwvj · · Score: 2

    Hmm... I stuck a piece of black electrical tape over mine when I got the MacBook.

    1. Re:Tape it. by Anonymous Coward · · Score: 5, Funny

      I put a backwards mirror over mine so they thought I was spying on them.

    2. Re:Tape it. by hawguy · · Score: 5, Funny

      I put a backwards mirror over mine so they thought I was spying on them.

      I make sure I'm naked any time I'm within range of the camera -- anyone that makes the mistake of spying on me will not do it again.

    3. Re:Tape it. by Anonymous Coward · · Score: 5, Funny

      I put a backwards mirror over mine so they thought I was spying on them.

      I make sure I'm naked any time I'm within range of the camera -- anyone that makes the mistake of spying on me will not do it again.

      Don't be so hard on yourself. You have a lovely body.

  3. Re:Lens covers were standard in 1990's by Iniamyen · · Score: 2

    A lens cover would not be compatible with the Apple Aesthetic (TM)

  4. Dont forget about Sound by bobjr94 · · Score: 5, Insightful

    Since built in mics have been around much longer than built in webcams, no doubt they were hacked a long time ago. They have no way of alerting the users if they are active or not. Im sure many laptops, tablets, phones, game systems, cars electronics (like onstar & bluetooth) and even smart tv's have government spyware to record/monitor conversations and looking for keywords. Besides attaching a psychical switch yourself to a mic, not much you can do, a piece of tape wont help much.

    1. Re:Dont forget about Sound by weilawei · · Score: 2

      Yep, my T60, even with the mic disabled in BIOS, will still record audio. Was messing with it one day and realized that Audacity would happily record from it anyway when supposedly "disabled", albeit with much lower gain.

    2. Re:Dont forget about Sound by hey! · · Score: 2

      If this is in linux, this might have something to do with ACPI. The firmware has a table called the DSDT (Differentiated System Description Table) which basically tells the operating system how to turn integrated peripherals like network cards off and on when going to sleep or waking up.

      One peculiarity of the DSDT is that the ACPI specification allows it to include different instructions to different operating systems, and this is a common source of problems in linux installs. Some manufacturers (Toshiba) deliberately sabotage non-Windows operating systems in their DSDTs. Others simply deliver DSDTs that are untested and potentially buggy in non-windows operating systems.

      Anyhow, an OS can switch devices off an on itself using ACPI, so I think ACPI may trump BIOS settings. One way to test this is to boot with ACPI turned off. If this fixes the problem of the mic being available even when disabled in BIOS, then you have and ACPI/DSDT problem. If not, then it is a design flaw in the machine's design (e.g. turning the mic off in BIOS simply turns the gain to 0) and you wasted your time reading this post.

      --
      Post may contain irony: discontinue use if experiencing mood swings, nausea or elevated blood pressure.
    3. Re:Dont forget about Sound by weilawei · · Score: 4, Interesting

      I was curious, after reading your comment, (this is Debian testing) so I rebooted, and went into BIOS. Well, no ACPI option. I did disable the microphone, as well as every power option I could find (along with anything else I could disable). I also booted with "acpi=off". I then fired up Audacity, and... it still records. Just like before. I think my time was not wasted reading your post, despite it still not disabling the microphone.

  5. Re:Firmware by jader3rd · · Score: 5, Insightful

    Surely firmware can not be updated/modified without user knowledge, am I wrong?

    Click here to view videos of cute kittens!!!!!!

  6. It was at one time by Anubis350 · · Score: 3, Informative

    A lens cover would not be compatible with the Apple Aesthetic (TM)

    I have an external iSight from way back, it actually does have a close-able lens

    --
    "goodbye and hello, as always" ~Prince Corwin, from Zelazny's Amber series
  7. This has been known for years by koan · · Score: 5, Informative

    I worked for Apple, their education department had an uproar when one school district was found to spying on the students via the iSight, the light never went on.
    The school admitted they set it up that way.

    They were spying on them at home, I wonder how many little kids got undressed in front of their iSights while someone watched.

    http://en.wikipedia.org/wiki/Robbins_v._Lower_Merion_School_District

    --
    "If any question why we died, Tell them because our fathers lied."
    1. Re:This has been known for years by Anonymous Coward · · Score: 3, Informative

      "Students were particularly troubled by the momentary flickering of their webcams' green activation lights, which several students reported would periodically turn on when the camera wasn't in use, signaling that the webcam had been turned on.[8][22][24][47] Student Katerina Perech recalled: "It was just really creepy."[24] Some school officials reportedly denied that it was anything other than a technical glitch, and offered to have the laptops examined if students were concerned."

      Sounds like the indicator light came on as it was supposed to, which is how they were caught spying on the kids.

    2. Re:This has been known for years by weilawei · · Score: 4, Informative

      Did you read Slashdot then? Because it sure made Slashdot and was even followed by an update or three.

  8. This is news? by BurfCurse · · Score: 3, Insightful

    There are a lot things you can do with "small tweaks to firmware".

  9. Not by accident by Anonymous Coward · · Score: 5, Interesting

    The big companies do as they are told. They are either owned by extremely evil sociopaths (like Bill Gates), who believe that they are fundamentally more 'elite' than powerful politicians, bankers, generals, religious leaders, etc, or they are owned by people who know the cost of doing business at such a level means 'playing ball' with those that hold real power and influence.

    In an age when Bill Gates spent TENS OF BILLIONS buying the state-of-the-art depth sensor companies that eventually gave Microsoft the ability to design and build the military grade 'time-of-flight' sensor used in the Kinect 2, all at the behest of NSA full surveillance ambitions, fiddling the software and hardware so the LED that accompanies the CCD camera is controlled in a completely independent way seems like comparing the achievement of an air-craft carrier with a pea-shooter.

    However, it is all a never ending program of attacks against us, the general population. You are a serious sex criminal if you put a 'hidden' camera in the room used by your 'au pair', but when the government itself specifically distributes laptops at a high-school, so spyware can video your children in their own bedrooms, NO CRIME has been committed. They push to see how far they can go, and mainstream media outlets like Slashdot encourage you to offer no resistance, no matter how horrible their abuses become.

    Normally, society works by EQUILIBRIUM. They push. We push. At some point, both forces are equal. Since the time of Tony Blair, all this has changed. Now so-called civilised nations in the West are supposed to INCREASE the amount they push each and every year, and each and every year we are supposed to walk backwards another mile. Notice the Blairite propaganda for the need for ever more laws, and the need for ever greater punishments for existing laws.

    Tony Blair (the 'Putin of the UK, but far more powerful and influential than Putin) travels the world, calling for more state surveillance, more censorship, more laws, more severe punishments, far more organised religion in the lives of ordinary people, and far more military actions. Blair is 'god' for Gates, Obama, and other happy members of the actual far-Right, and the pseudo-liberal far-right.

    To Team Blair, we are literal CATTLE, to be controlled, manipulated and used in whatever ways best suit the needs of those that call themselves the 'elite'. Does a farmer hesitate to practice full surveillance methods over his livestock when useful? Of course not.

    The combined influence of the British and Americans over the rest of the planet is terrifying. If the British and Americans put on a united front, and say to the world "spy on your sheeple as far as your funds and technology allows, and gain and lasting better control over them in this way", not one nation will stand up and say "no, this is fundamentally evil". If, in the 19th century, Britain and the US had stood together in favour of slavery, Human slavery would be more widespread today than at any previous moment in Human History.

    Blair knows how far the legacy of Britain's impact on recent Human events across these last centuries goes. He knows that as I type, all across Asia, Africa, the Middle East and East Europe, despotic regimes are saying "we can get away with this, because they do the same things today in the UK and USA".

    Social engineering is now happening on a scale unthinkable even a decade back. Your children are subject to waves of abusive propaganda that would have made Winston Smith think he lived in a paradise of freedom by comparison. You are now told that it is fundamentally WRONG to allow people with non-state-approved opinions to be heard in public forums. The current front page of Digg is BOASTING how science forums on Reddit only allow Tony Blair approved opinions on matters of scientific 'fact'. And yet science, by definition, is the one area where the truth needs no sociological protection, so long as individual scientific voices are not suppressed. The scientific method requires debat

    1. Re:Not by accident by weilawei · · Score: 4, Insightful

      Donating a lot of money and being a sociopath are by no means mutually exclusive. Nor does donating a lot of money to charity indicate altruism. There are still potential gains to be made. Please, however, do not jump to conclusions and take this comment to mean that I agree with either of you. Frankly, it's not worth my time or effort to go verifying that.

  10. Re:No no by hawguy · · Score: 2

    My HP doesn't have a built in camera. My mics are filled with caulking. When I need either, I plug in external.

    But that's only the mics you know about. One of those things that looks like a capacitor on your motherboard is actually a secret NSA microphone. It's wired in with one of the inside-layer traces on the motherboard so no one has detected it yet.

  11. Re:Firmware by Anonymous Coward · · Score: 5, Funny

    Click here to view videos of cute kittens!!!!!!

    OMG, where? You forgot your link!

  12. Re:No no by ColdWetDog · · Score: 3, Funny

    That's OK. You know that filling you had replaced last year?

    --
    Faster! Faster! Faster would be better!
  13. Re:Firmware by Hamsterdan · · Score: 2

    ASUSupdate is able to flash the BIOS without giving it admin rights, so It could be used silently I guess (on Windows XP at least last time I did it).

    For other systems (*NIX including Mac OS), just make it part of a system update.

    --
    I've got better things to do tonight than die.
  14. Goatsx by Registered+Coward+v2 · · Score: 5, Funny

    Why not just modify the code to return goatsx instead of blocking the ability to turn on the camera?

    --
    I'm a consultant - I convert gibberish into cash-flow.
  15. Obligatory by CohibaVancouver · · Score: 2

    Pics or it didn't happen.

  16. Re:Why are people naked in front of their PC? by eWarz · · Score: 2

    Pffft...I'm naked right now! j/k...or am i? ;)

  17. Re:Why are people naked in front of their PC? by Mix+Master+Nixon · · Score: 2

    That's where the porn lives.

    --
    Oppressing an entire population is never cheap.
    --Jeckler (/. Beta IS GARBAGE!)
  18. Re:Firmware by AmiMoJo · · Score: 4, Informative

    Apple did actually try to fix this problem by requiring firmware updates to be encrypted. They fucked it up though and leaked the keys via the firmware update apps, so anyone could write their own battery pack malware that literally causes your laptop to catch fire.

    --
    const int one = 65536; (Silvermoon, Texture.cs)
    SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
  19. Cams can see through black plastic by raymorris · · Score: 5, Insightful

    Many IR receivers and transmitters, such as on remote controls, are covered by opaque black plastic. That black plastic is opaque to visible light, but transparent in infrared. CMOS cameras are very good at seeing in infrared. Therefore, a factory installed cover could APPEAR opaque but actually be transparent for spying purposes.

    When I was a licensed private investigator I may have taken advantage of that fact.

    1. Re:Cams can see through black plastic by bickerdyke · · Score: 3, Informative

      Light from common lightsources is unpolarized, but that does NOT mean that it is not polarized, That means, it containes a mix of light polarized in every possible direction. So even if your cover lets through some specific polarization, this wil be visible and the cover would not appear opaque.

      Stick with the IR wavelengths...

      --
      bickerdyke
  20. Black Tape? by Jack+Griffin · · Score: 2

    Does it have to be black tape? I have a roll of grey tape, and some blue tape too, will these suffice?

  21. It has ALWAYS been firmware. by Khyber · · Score: 2

    Let me demonstrate why you don't run an LED in-line with a sensor.

    Now that *WAS* a pure clean audio signal before the LED was introduced. Notice the distortion? You're about to get something like that for your sensor. I've got rectification on the other side before it hits the speaker.

    Anyone saying it would probably be more cost-effective and easier to do by hardwiring led and sensor to work at the same time (implying running in series) should go right ahead and try it. I hope you didn't pay much for your sensor.

    I've got several different laptop webcams right here. Every LED has its own dedicated circuitry. Two from Macbooks, two from HPs, and a Toshiba.

    Bet you 10:1 this has already been tried. If it worked, it would be the norm by now just for the extra bottom line.

    --
    Still waiting on Serviscope_minor to wake up to fucking reality and realize that Jessica Price isn't going to fuck him.
  22. And they thought I was paranoid... by FuegoFuerte · · Score: 2

    ...when I put a piece of black electrical tape over the webcam on my laptop and tablet. Ok, maybe I was being paranoid, but as we've all seen now: "Just because we're paranoid doesn't mean they're not out to get us." Sometimes I hate being right.

  23. $5 solution by 101percent · · Score: 3, Insightful

    https://supporters.eff.org/shop/laptop-camera-cover-set