Research shows how Mac webcams can spy on their users without warning light

“The woman was shocked when she received two nude photos of herself by e-mail,” Ashkan Soltani and Timothy B. Lee report for The Washington Post. “The photos had been taken over a period of several months — without her knowledge — by the built-in camera on her laptop.”

“Fortunately, the FBI was able to identify a suspect: her high school classmate, a man named Jared Abrahams. The FBI says it found software on Abrahams’s computer that allowed him to spy remotely on her and numerous other women,” Soltani and Lee report. “Abrahams pleaded guilty to extortion in October. The woman, identified in court papers only as C.W., later identified herself on Twitter as Miss Teen USA Cassidy Wolf. While her case was instant fodder for celebrity gossip sites, it left a serious issue unresolved.”

“Most laptops with built-in cameras have an important privacy feature — a light that is supposed to turn on any time the camera is in use. But Wolf says she never saw the light on her laptop go on. As a result, she had no idea she was under surveillance,” Soltani and Lee report. “Marcus Thomas, former assistant director of the FBI’s Operational Technology Division in Quantico, said in a recent story in The Washington Post that the FBI has been able to covertly activate a computer’s camera — without triggering the light that lets users know it is recording — for several years. Now research from Johns Hopkins University provides the first public confirmation that it’s possible to do just that, and demonstrates how. ”

Read more in the full article here.

MacDailyNews Take: Use a bit of tape or a folded notecard to cover the FaceTime HD cameras when not in use.

[Thanks to MacDailyNews Readers “Carlton Wiens” and “Lynn Weiler” for the heads up.]

Related articles:
Ex-official: FBI can secretly activate an individual’s webcam without indicator light – December 9, 2013
Sextortion warning: It’s masking tape time for webcams – June 28, 2013
Cyber gangs catch Internet porn watchers ‘in their underwear,’ demand ransoms – August 20, 2013
Lower Merion report: MacBook webcams snapped 56,000 clandestine images of high schoolers – April 20, 2010


    1. It is it is impossible to turn the camera on without turning the light on UNLESS…
      Someone has had root and physical access to your mac.

      The article even says so but then leads the reader on be describing how the hackers could reprogram different subsystems on the computer to allow the camera on without the light, but stops short of the truth by not saying that this would take both physical access and the system password. This is just another semi-truth apple hit piece, the exploits they are talking about were done (remotely) on windows PC and while you COULD reprogram a mac (if you had access & the system password) it is pretty unlikely.

      The bottom line, is as it almost always is: Mac’s are pretty safe, PC’s… not so much.

      1. Thank you!
        Your comment is the real information (often burred in a story if in there at all) that I expect in MDN takes. I’m disappointed MDN didn’t bring it up themselves.

      2. As far as I know, Tessellator is correct, but there’s an important thing to remember:
        You can probably take a picture quickly without the user noticing, especially if the computer is pointed out at a room and the user isn’t even sitting at the computer (and might not even be looking in its direction).

        That is a great example of why you might want to cover the camera when not in use. The microphone is a whole different issue.

        1. Hmm. I skimmed through their paper. Basically, it sounds like on pre-2008 MacBooks, the camera LED is not physically wired into the camera’s power, but instead is controlled by the chip that runs the camera. The chip is normally programmed to make sure that the LED is on if the camera is functioning, but it is possible to send new firmware to the camera’s chip that changes that. Sending new firmware can be done by normal software running on the computer, although it sounds like it would also need to use a privilege-escalation attack (not sure if that’s needed). Newer MacBook cameras have better protection, and might not be vulnerable at all to this kind of attack (so maybe impossible to hack without physical access).

          TL;DR: Unless the paper is outright lying, it would be possible to activate the camera on __pre-2008__ MacBooks without the LED lighting simply by getting malware onto a user’s computer.

        1. With command line you can do many things. Mac OS X is largely BSD Unix with a proprietary layer on top.

          Another method is straight out hacking as the camera has it’s own chip that can be manipulated.

            1. No not that… actually it isn’t pure BSD it uses Mach Microkernel where BSD is a monolithic kernel, but I digress…

              No, the bullshit was about the fact that you lied about knowing several ways to disable the camera light.
              That was just bull.

            2. Read up, the FBI has a hack out and uses it to turn your camera on. Third party software uses it for security- sold in the Mac App and iOS app stores.

              The iSight has a chip which can be repurposed. Apple needs to put a physical shutter over the iSight that can not be defeated by software.

            3. Ok kid, one you obviously have no idea what a kernel is or what mach is (no it’s not a kernel it’s a “microkernel” a hardware abstraction layer that isolates the BSD kernel from physical hardware (one of the reasons Apple’s OS is so transportable (i.e. iOS) and also safe (memory address abstraction from the (BSD) kernel.)
              Also, Mach isn’t proprietary Apple’s implementation is based on the work Tevie did at CMU (was taken straight from NeXT) and it was open sourced from the beginning (darwin X86 project)

              And no you can’t use remote access to do these hacks because you can’t update any firmware remotely (and all of the hardware reprogramming hacks require it)

              Also though I am not 100% positive about the “undercover-5” theft tracking software you linked, every piece of theft or spy software I have ever seen flashes the light when taking pictures.

              Lastly while the federal government has lots of backdoors into software, no one knows (outside of those agencies) if they have the ability to disable the light on Macs. (though it is fairly well known that they can on windows PC’s)

          1. Re Mr unregistered BS caller.
            I have been using UNIX & Viariant systems since the early 1980s (Burroughs B20 & 25 Series to start- pre Unisys), through Data Generals, Vax, SGI and such. Back when you had to know CLI just to use the stuff.
            Only made my living doing it. Wrote my first code in college back in 1979- what color tricycle were you riding back then?

        2. I’ve got a reference – the article linked to from this article.
          I skimmed their paper. Unless they are outright lying, the LED can be disabled through a software-only attack without physical access to the machine. BUT, that is only true for pre-2008 MacBook cameras, not anything newer.

          1. The article says that it is unknown regarding newer Macs as they were not tested- not that they could not be tested.

            The article specifically states that the software hack used software running the iSight HW- not the OS. That was my point earlier that was attacked by an unregistered user and immediately starred 5 by the Fanboi crowd.

            The fact is that Keystroke loggers, camera hacks, mousing hacks and other stuff exists for Mac OS X and is used both by NSA and criminals.

  1. They’ve taken a story that occurred on a Windows PC and made it sound like it happened on a Mac.

    Apparently if a hacker can install malware on 2008 and older Macs they can alter the camera firmware, but the story is still totally bogus.

    1. Agreed. There are some key points left out of the summary. This is pre-08 Macs, is still unlikely to occur, and will hopefully be patched. Title is misleading so this is just a FUD hit piece.

      1. Had to be, it’s the only thing you can disable the “on” light remotely.

        These “hacks” they are talking about require physical access (and the system password) Neither were present in the “example” given in the story
        (they just “forgot” to mention that it was a windows PC, Im sure it was an honest mistake, just like forgetting to mention the physical access & system password required to execute their macbook hacks.)

  2. I would like to know if this is possible on iPhones and iPads also. Not that it matters much to me, being a big fat hairy bastard I would welcome it if someone took pictures of me nude but, I would like to know so I could protect my family from this happening to them.

  3. It can’t happen to me on my Macs. Impossible.

    The NSA can root and do whatever they want, but my little piece of paper taped over the lens fixes those bastards.

    But, again, if the NSA has hooks into my Mac, I’ve got bigger problems than a measly little webcam.

  4. “The built-in cameras on Apple computers were designed to prevent this, says Stephen Checkoway, a computer science professor at Johns Hopkins and a co-author of the study. “Apple went to some amount of effort to make sure that the LED would turn on whenever the camera was taking images,” Checkoway says.”

    Compare that to the effort Microsoft makes to prevent (not patch) viruses, or privacy of Google.

  5. It also mentions that it can only be done on 2008 or earlier Macs which lead me to believe that the OS would be something like Tiger 10.4.11 or Leopard 10.5.8. Also not factoring in that first you have to break into someones firewall before you can even access the computer. And the fact that 10.5.8 is pretty ancient operating system so a lot of things have changed already since then. Reprogramming the camera? Doing this kind of thing remotely without root access would take a real unix guru and also just breaking into the network as well. This to me is more of a scare story then reality. There are to many variables that come into play here that would make this a really big threat to anyone except those that have these really old machines and operating systems maybe.

  6. …and in other news, geeks and anti-Apple pundits world-wide are furious that nobody is interested in them and aren’t secretly spying on them through their pre-2008 Apple webcams…

    Whether this is an issue or not, nobody is going to spy on you.

  7. I think the real point of this is that if the NSA/GCHQ have insisted that back doors be provided into machines for their benefit, it’s only a matter of time before these are discovered and exploited by the bad guys.

    Yes I know that assumes that the spooks have our best interests at heart…..

  8. I have wondered why the iSight on iOS devices (or indeed other mobiles devices) doesn’t have a light. Surely the same concerns are there, you have the light supposedly so you can know if it’s being used, why would that not be relevant on a mobile device?

  9. i think they make this more complicated than it it. I subscribe to the family version of orbicular undercover software. it allows you to record key logs and isight photos if someone steals your mac. If i wanted to spy on someone all i would have to do is get my hands on their mac and go to my undercover account , download software and install it. it takes less than 5 minutes to do that. Of course the orbicular undercover family account allows you to only install it on 5 macs, it would be easy to save 2-3 of those spots for people i want to spy on.

      1. it installs on the firmware and you can password lock that. but my point was using the software to spy on someone by installing it on they mac. you just need 5 mins of time with it. Its also good software if you want to keep an eye on what your kids are doing online

        1. I believe that all anti theft software triggers a momentary light on while the image is being snapped. (this was true in the famous case involving a PA school and MacBooks)

          Also you of course need both physical access and the admin password to install.

Reader Feedback

This site uses Akismet to reduce spam. Learn how your comment data is processed.