Slashdot Mirror

← Back to Stories (view on slashdot.org)

How a MacBook Camera Can Spy Without Lighting Up

Posted by Soulskill on from the they-can-see-you-right-now dept.

New submitter ttyler writes "It turns out a MacBook's built-in camera can be activated without turning on the green LED. An earlier report suggested the FBI could activate a device's camera without having the light turn on, and there was a case in the news where a woman had nude pictures taken of her without her knowledge. The new research out of Johns Hopkins University confirms both situations are possible. All it takes are a few tweaks to the camera's firmware."

27 of 371 comments (clear)

  1. It's pretty simple by bhcompy · · Score: 5, Insightful

    It's pretty simple: if you have a device with a camera, just cover the camera with a little black tape and tada, no more spying

    1. Re:It's pretty simple by rtb61 · · Score: 5, Insightful

      Far simpler for the manufacturer to wake up to what is going on and provide a sliding lens cover and that means you, you big screen smart TV designers.

      --
      Chaos - everything, everywhere, everywhen
    2. Re:It's pretty simple by Anonymous Coward · · Score: 4, Insightful

      You're assuming it's not by design.

    3. Re:It's pretty simple by GameMaster · · Score: 5, Insightful

      If they cared even remotely enough to do that, then they would have already hardwired the indicator light to the same power source as the camera so that one couldn't be run without the other regardless of the firmware.

      --

      Rules of Conduct:
      #1 - The DM is always right.
      #2 - If the DM is wrong, see rule #1
    4. Re:It's pretty simple by wrp103 · · Score: 4, Insightful

      It's pretty simple: if you have a device with a camera, just cover the camera with a little black tape and tada, no more spying

      I use a Post-It, with the non-sticky part over the camera hole.

      That way, when I actually do want to use the camera, I simply bend the paper back and expose the camera. When I am done, I fold it back. Replacements are pretty simple. One pad should last you a long time. ;^)

    5. Re:It's pretty simple by weilawei · · Score: 4, Informative

      Spoke to an Apple tech just now. It used to be, according to them. They say it isn't anymore.

    6. Re:It's pretty simple by weilawei · · Score: 5, Informative

      You're entirely right--you shouldn't trust hearsay. But additionally, if you look back through my post history, you'll find that I'm not in the habit of making unsubstantiated claims. The truth of the matter is that the guy (a repair tech, with long-time electronics experience, whom I trust to work on my own machines) had to go home. It's that time of the evening. But you're right, don't trust hearsay. Unfortunately, you'll have to wait on the schematics/pictures, whereas, you could probably pop open the machine yourself and take a look see if you're competent enough to understand them in the first place. I suggest you do this if you're skeptical. Heck, you might do us a favor and post them.

    7. Re:It's pretty simple by Jherek+Carnelian · · Score: 4, Funny

      Far simpler for the manufacturer to wake up to what is going on and provide a sliding lens cover and that means you, you big screen smart TV designers.

      There are a ton of 3rd party sliding covers out there for under $10 a piece, google will find them for you no problem.

      But what I haven't seen yet is one that doesn't just black out the camera, but instead puts a photo in front of the camera. Imagine a camera slide that forces anyone spying on you to see goatse.cx instead. Just deserts.

    8. Re:It's pretty simple by ChunderDownunder · · Score: 5, Insightful

      On January 24th, Apple Computer will introduce Macintosh. And you'll see why 1984 won't be like "1984".

      30 years on, how times have changed!

    9. Re:It's pretty simple by fuzzyfuzzyfungus · · Score: 4, Insightful

      Cameras with physical lens covers are thicker than cameras without. That's all it took to convince Apple.

      Now, why they have an 8051 hardwired to the USB bus that accepts arbitrary firmware uploads without even having to elevate beyond user permissions, I can only blame stupidity.

    10. Re:It's pretty simple by Solandri · · Score: 4, Insightful

      The real point here that this tangent is missing is KISS. Keep It Simple, Stupid. You shouldn't need to look through schematics or take apart your laptop or decompile firmware to figure out if the light cannot be decoupled from the camera, when a simple non-motorized sliding cover would make it indisputably clear to the user that their image is not being surreptitiously captured. That's what people are saying. There are times when complexity needs to be hidden from the user. This is not one of those times because a simple alternative solution that even a 5 year old can understand exists. KISS.

    11. Re:It's pretty simple by SuperKendall · · Score: 5, Funny

      A sliding cover to a camera does not adhere to KISS from a user's perspective. It's actually an annoying additional step to using the camera

      I was going to say the same thing - that it makes the camera annoying to use and would probably confuse a lot of people if you ship it closed (and if you don't ship it closed, why even bother?)

      There is one way you could make it covered and still not confuse users - have the sliding door activated by the computer when the camera is active. Then you could see when the camera was active, and the door could hard-wire an LED activation...

      It would add cost and complexity though, and it does sound like a system that would be prone to failure rendering the camera useless. So there's still that issue.

      --
      "There is more worth loving than we have strength to love." - Brian Jay Stanley
    12. Re:It's pretty simple by vidarlo · · Score: 4, Informative

      If they cared even remotely enough to do that, then they would have already hardwired the indicator light to the same power source as the camera so that one couldn't be run without the other regardless of the firmware.

      This is essentially what apple did, according to the report. They connected the LED to the standby signal, which normally has to be disabled to read data from the camera chip. So far, so good.

      But the camera chip also has a configuration register - and one of the register options are to disable listening to the standby signal, and go ahead without caring about this signal. So it looks like the designers overlooked that option, or didn't think about it as a serious scenario.

      So my impression is that apple has gone further than I've imagined to make a good design, but sadly not a bugfree design. Remember that all designs, hardware or software, may have bugs.

      --
      Assembling etherkillers for fun an profit
  2. Dont forget about Sound by bobjr94 · · Score: 5, Insightful

    Since built in mics have been around much longer than built in webcams, no doubt they were hacked a long time ago. They have no way of alerting the users if they are active or not. Im sure many laptops, tablets, phones, game systems, cars electronics (like onstar & bluetooth) and even smart tv's have government spyware to record/monitor conversations and looking for keywords. Besides attaching a psychical switch yourself to a mic, not much you can do, a piece of tape wont help much.

    1. Re:Dont forget about Sound by weilawei · · Score: 4, Interesting

      I was curious, after reading your comment, (this is Debian testing) so I rebooted, and went into BIOS. Well, no ACPI option. I did disable the microphone, as well as every power option I could find (along with anything else I could disable). I also booted with "acpi=off". I then fired up Audacity, and... it still records. Just like before. I think my time was not wasted reading your post, despite it still not disabling the microphone.

  3. Re:Firmware by jader3rd · · Score: 5, Insightful

    Surely firmware can not be updated/modified without user knowledge, am I wrong?

    Click here to view videos of cute kittens!!!!!!

  4. Re:Tape it. by Anonymous Coward · · Score: 5, Funny

    I put a backwards mirror over mine so they thought I was spying on them.

  5. This has been known for years by koan · · Score: 5, Informative

    I worked for Apple, their education department had an uproar when one school district was found to spying on the students via the iSight, the light never went on.
    The school admitted they set it up that way.

    They were spying on them at home, I wonder how many little kids got undressed in front of their iSights while someone watched.

    http://en.wikipedia.org/wiki/Robbins_v._Lower_Merion_School_District

    --
    "If any question why we died, Tell them because our fathers lied."
    1. Re:This has been known for years by weilawei · · Score: 4, Informative

      Did you read Slashdot then? Because it sure made Slashdot and was even followed by an update or three.

  6. Not by accident by Anonymous Coward · · Score: 5, Interesting

    The big companies do as they are told. They are either owned by extremely evil sociopaths (like Bill Gates), who believe that they are fundamentally more 'elite' than powerful politicians, bankers, generals, religious leaders, etc, or they are owned by people who know the cost of doing business at such a level means 'playing ball' with those that hold real power and influence.

    In an age when Bill Gates spent TENS OF BILLIONS buying the state-of-the-art depth sensor companies that eventually gave Microsoft the ability to design and build the military grade 'time-of-flight' sensor used in the Kinect 2, all at the behest of NSA full surveillance ambitions, fiddling the software and hardware so the LED that accompanies the CCD camera is controlled in a completely independent way seems like comparing the achievement of an air-craft carrier with a pea-shooter.

    However, it is all a never ending program of attacks against us, the general population. You are a serious sex criminal if you put a 'hidden' camera in the room used by your 'au pair', but when the government itself specifically distributes laptops at a high-school, so spyware can video your children in their own bedrooms, NO CRIME has been committed. They push to see how far they can go, and mainstream media outlets like Slashdot encourage you to offer no resistance, no matter how horrible their abuses become.

    Normally, society works by EQUILIBRIUM. They push. We push. At some point, both forces are equal. Since the time of Tony Blair, all this has changed. Now so-called civilised nations in the West are supposed to INCREASE the amount they push each and every year, and each and every year we are supposed to walk backwards another mile. Notice the Blairite propaganda for the need for ever more laws, and the need for ever greater punishments for existing laws.

    Tony Blair (the 'Putin of the UK, but far more powerful and influential than Putin) travels the world, calling for more state surveillance, more censorship, more laws, more severe punishments, far more organised religion in the lives of ordinary people, and far more military actions. Blair is 'god' for Gates, Obama, and other happy members of the actual far-Right, and the pseudo-liberal far-right.

    To Team Blair, we are literal CATTLE, to be controlled, manipulated and used in whatever ways best suit the needs of those that call themselves the 'elite'. Does a farmer hesitate to practice full surveillance methods over his livestock when useful? Of course not.

    The combined influence of the British and Americans over the rest of the planet is terrifying. If the British and Americans put on a united front, and say to the world "spy on your sheeple as far as your funds and technology allows, and gain and lasting better control over them in this way", not one nation will stand up and say "no, this is fundamentally evil". If, in the 19th century, Britain and the US had stood together in favour of slavery, Human slavery would be more widespread today than at any previous moment in Human History.

    Blair knows how far the legacy of Britain's impact on recent Human events across these last centuries goes. He knows that as I type, all across Asia, Africa, the Middle East and East Europe, despotic regimes are saying "we can get away with this, because they do the same things today in the UK and USA".

    Social engineering is now happening on a scale unthinkable even a decade back. Your children are subject to waves of abusive propaganda that would have made Winston Smith think he lived in a paradise of freedom by comparison. You are now told that it is fundamentally WRONG to allow people with non-state-approved opinions to be heard in public forums. The current front page of Digg is BOASTING how science forums on Reddit only allow Tony Blair approved opinions on matters of scientific 'fact'. And yet science, by definition, is the one area where the truth needs no sociological protection, so long as individual scientific voices are not suppressed. The scientific method requires debat

    1. Re:Not by accident by weilawei · · Score: 4, Insightful

      Donating a lot of money and being a sociopath are by no means mutually exclusive. Nor does donating a lot of money to charity indicate altruism. There are still potential gains to be made. Please, however, do not jump to conclusions and take this comment to mean that I agree with either of you. Frankly, it's not worth my time or effort to go verifying that.

  7. Re:Tape it. by hawguy · · Score: 5, Funny

    I put a backwards mirror over mine so they thought I was spying on them.

    I make sure I'm naked any time I'm within range of the camera -- anyone that makes the mistake of spying on me will not do it again.

  8. Re:Tape it. by Anonymous Coward · · Score: 5, Funny

    I put a backwards mirror over mine so they thought I was spying on them.

    I make sure I'm naked any time I'm within range of the camera -- anyone that makes the mistake of spying on me will not do it again.

    Don't be so hard on yourself. You have a lovely body.

  9. Re:Firmware by Anonymous Coward · · Score: 5, Funny

    Click here to view videos of cute kittens!!!!!!

    OMG, where? You forgot your link!

  10. Goatsx by Registered+Coward+v2 · · Score: 5, Funny

    Why not just modify the code to return goatsx instead of blocking the ability to turn on the camera?

    --
    I'm a consultant - I convert gibberish into cash-flow.
  11. Re:Firmware by AmiMoJo · · Score: 4, Informative

    Apple did actually try to fix this problem by requiring firmware updates to be encrypted. They fucked it up though and leaked the keys via the firmware update apps, so anyone could write their own battery pack malware that literally causes your laptop to catch fire.

    --
    const int one = 65536; (Silvermoon, Texture.cs)
    SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
  12. Cams can see through black plastic by raymorris · · Score: 5, Insightful

    Many IR receivers and transmitters, such as on remote controls, are covered by opaque black plastic. That black plastic is opaque to visible light, but transparent in infrared. CMOS cameras are very good at seeing in infrared. Therefore, a factory installed cover could APPEAR opaque but actually be transparent for spying purposes.

    When I was a licensed private investigator I may have taken advantage of that fact.