Forgot your password?
typodupeerror
Privacy Input Devices Portables (Apple) Security Hardware

How a MacBook Camera Can Spy Without Lighting Up 371

Posted by Soulskill
from the they-can-see-you-right-now dept.
New submitter ttyler writes "It turns out a MacBook's built-in camera can be activated without turning on the green LED. An earlier report suggested the FBI could activate a device's camera without having the light turn on, and there was a case in the news where a woman had nude pictures taken of her without her knowledge. The new research out of Johns Hopkins University confirms both situations are possible. All it takes are a few tweaks to the camera's firmware."
This discussion has been archived. No new comments can be posted.

How a MacBook Camera Can Spy Without Lighting Up

Comments Filter:
  • It's pretty simple (Score:5, Insightful)

    by bhcompy (1877290) on Wednesday December 18, 2013 @07:32PM (#45731533)
    It's pretty simple: if you have a device with a camera, just cover the camera with a little black tape and tada, no more spying
    • by rtb61 (674572) on Wednesday December 18, 2013 @07:36PM (#45731577) Homepage

      Far simpler for the manufacturer to wake up to what is going on and provide a sliding lens cover and that means you, you big screen smart TV designers.

      • by Anonymous Coward on Wednesday December 18, 2013 @07:38PM (#45731599)

        You're assuming it's not by design.

      • by GameMaster (148118) on Wednesday December 18, 2013 @07:41PM (#45731625)

        If they cared even remotely enough to do that, then they would have already hardwired the indicator light to the same power source as the camera so that one couldn't be run without the other regardless of the firmware.

        • by weilawei (897823) on Wednesday December 18, 2013 @07:56PM (#45731737) Homepage
          Spoke to an Apple tech just now. It used to be, according to them. They say it isn't anymore.
          • Re: (Score:2, Interesting)

            by csumpi (2258986)
            One of them geniuses? And he pulled out the schematics, or showed you the traces on the pcb? Care to share the proof?
            • by weilawei (897823) on Wednesday December 18, 2013 @08:38PM (#45732093) Homepage
              You're entirely right--you shouldn't trust hearsay. But additionally, if you look back through my post history, you'll find that I'm not in the habit of making unsubstantiated claims. The truth of the matter is that the guy (a repair tech, with long-time electronics experience, whom I trust to work on my own machines) had to go home. It's that time of the evening. But you're right, don't trust hearsay. Unfortunately, you'll have to wait on the schematics/pictures, whereas, you could probably pop open the machine yourself and take a look see if you're competent enough to understand them in the first place. I suggest you do this if you're skeptical. Heck, you might do us a favor and post them.
              • by Solandri (704621) on Wednesday December 18, 2013 @10:50PM (#45732797)
                The real point here that this tangent is missing is KISS. Keep It Simple, Stupid. You shouldn't need to look through schematics or take apart your laptop or decompile firmware to figure out if the light cannot be decoupled from the camera, when a simple non-motorized sliding cover would make it indisputably clear to the user that their image is not being surreptitiously captured. That's what people are saying. There are times when complexity needs to be hidden from the user. This is not one of those times because a simple alternative solution that even a 5 year old can understand exists. KISS.
                • by raymorris (2726007) on Wednesday December 18, 2013 @11:14PM (#45732909)

                  Many IR receivers and transmitters, such as on remote controls, are covered by opaque black plastic. That black plastic is opaque to visible light, but transparent in infrared. CMOS cameras are very good at seeing in infrared. Therefore, a factory installed cover could APPEAR opaque but actually be transparent for spying purposes.

                  When I was a licensed private investigator I may have taken advantage of that fact.

                • by brantondaveperson (1023687) on Wednesday December 18, 2013 @11:22PM (#45732949) Homepage

                  A sliding cover to a camera does not adhere to KISS from a user's perspective. It's actually an annoying additional step to using the camera - not to mention another moving part on a laptop that may break and/or jam. Plus it's actually less useful - if the sliding cover is open one probably still wants an LED to indicate whether or not the camera is actually active.

                  The idea of tying the LED to the power supply to the camera also won't work, at least for modern macbooks, because that camera sensor is in fact always active. It's also used as the ambient light sensor to automatically dim the display in low-light conditions. Of course, they could have used an additional sensor for that, but that would have increased the cost and complexity of the camera hardware.

                  The real issue here is much more general, which is that it should manifestly not be possible without root privileges to modify the firmware in any of the microcontrollers in a laptop (of which I'm sure there are several).

                  • by SuperKendall (25149) on Thursday December 19, 2013 @12:53AM (#45733299)

                    A sliding cover to a camera does not adhere to KISS from a user's perspective. It's actually an annoying additional step to using the camera

                    I was going to say the same thing - that it makes the camera annoying to use and would probably confuse a lot of people if you ship it closed (and if you don't ship it closed, why even bother?)

                    There is one way you could make it covered and still not confuse users - have the sliding door activated by the computer when the camera is active. Then you could see when the camera was active, and the door could hard-wire an LED activation...

                    It would add cost and complexity though, and it does sound like a system that would be prone to failure rendering the camera useless. So there's still that issue.

                    • by rioki (1328185)

                      Your post makes no sense. (Is it sarcastic?) A sliding cover is exactly the type of implementation that most users would trust. It is the type of intuitive things, like toggle switches for off buttons. Users used to be afraid that hackers could penetrate their systems though the modem. They knew that the system without power is safe. The more novice users did not trust that the ACPI off rally work and may have heard from "wake on lan" features. The simple solution, put the entire PC on a connector strip wit

          • Yep, and they used to call this out. I've even got an iSight with a manual lens cover iris ring. Something[body] convinced Apple to stop protecting its users' privacy. I'd put a buck down on Bull Run and spin the wheel.

        • by AmiMoJo (196126) *

          The problem is that manufacturers want to use the camera all the time for facial recognition, gesture detection, auto-on when someone enters the room, even stuff like auto brightness/contrast control. The LED would be flickering like mad all the time.

          Also, we need LEDs for microphones.

        • by tlhIngan (30335)

          If they cared even remotely enough to do that, then they would have already hardwired the indicator light to the same power source as the camera so that one couldn't be run without the other regardless of the firmware.

          Except it was, sort of. The camera sensor has a line called STANDBY. When it's high, the camera is off and is not sending data to the USB chip. When it's low, the camera is sending image data. The LED is wired so when it goes low, the LED turns on.

          The flaw is that the USB hardware firmware is

        • by vidarlo (134906) <vidarlo@nOSpaM.bitsex.net> on Thursday December 19, 2013 @04:18AM (#45734025) Homepage

          If they cared even remotely enough to do that, then they would have already hardwired the indicator light to the same power source as the camera so that one couldn't be run without the other regardless of the firmware.

          This is essentially what apple did, according to the report. They connected the LED to the standby signal, which normally has to be disabled to read data from the camera chip. So far, so good.

          But the camera chip also has a configuration register - and one of the register options are to disable listening to the standby signal, and go ahead without caring about this signal. So it looks like the designers overlooked that option, or didn't think about it as a serious scenario.

          So my impression is that apple has gone further than I've imagined to make a good design, but sadly not a bugfree design. Remember that all designs, hardware or software, may have bugs.

      • by Jherek Carnelian (831679) on Wednesday December 18, 2013 @08:51PM (#45732169)

        Far simpler for the manufacturer to wake up to what is going on and provide a sliding lens cover and that means you, you big screen smart TV designers.

        There are a ton of 3rd party sliding covers out there for under $10 a piece, google will find them for you no problem.

        But what I haven't seen yet is one that doesn't just black out the camera, but instead puts a photo in front of the camera. Imagine a camera slide that forces anyone spying on you to see goatse.cx instead. Just deserts.

        • by weilawei (897823)
          Get a transparency sheet (to allow light through, but not in any real detail), scale it down, and paste it over. Cheaper than $10 for 10 minutes of your time.
      • Like they had on the original iSight? or on my 13 year old Logitech?

        What's mind boggling though is it would probably *less* expensive to just hardwire the LED with the camera itself. If it's being used, light the LED.

        • I bet it is easier for automated testing. This way they don't need to connect any external equipment to measure if the LED works, just ask the microcontroller in the camera to run an internal diagnostic that checks the the voltage level on the lines to the LED.

    • by wrp103 (583277) <Bill@BillPringle.com> on Wednesday December 18, 2013 @07:52PM (#45731701) Homepage

      It's pretty simple: if you have a device with a camera, just cover the camera with a little black tape and tada, no more spying

      I use a Post-It, with the non-sticky part over the camera hole.

      That way, when I actually do want to use the camera, I simply bend the paper back and expose the camera. When I am done, I fold it back. Replacements are pretty simple. One pad should last you a long time. ;^)

      • by Darinbob (1142669)

        The camera seems the most useless part of a macbook anyway. Just paint over it in black, scuff it with sandpaper, etc. I don't want to see a video of you talking, and you definitely don't want to see a video of me.

      • Re: (Score:2, Funny)

        by Hamsterdan (815291)

        If it doesn't involve Duck tape and tie-wraps, it's not geeky enough (trying to integrate popsicle sticks in it would be really cool :p

    • I made this modification to my macbook pro on the first day. I don't want a camera, and it stands to reason if someone can install keyloggers on my machine, they can compromise any hardware... Unfortunately there's not much to be done for the mic without voiding warranty.

      I don't want either of these features, or at least i'm willing to buy special hardware for it if I need it.

      • by rusty0101 (565565)

        Fix for the mic would be to either short to ground (tip) the mic lead of a headset plug, or if the macbook checks resistance link a 1k ohm reistor between tip and the mic lead, and make sure that the computer switches to using the external mic when you plug something in that provides a suitable resistance.

        This could all be built within a 90 degree 3.5mm plug , or even a 2.5mm plug if necessary. It won't be quite flush with the side of the macbook, and if they use a common plug for speakers and mic, you may

    • by hawguy (1600213)

      It's pretty simple: if you have a device with a camera, just cover the camera with a little black tape and tada, no more spying

      What about the microphone?

    • Agreed.

      That's what one of my colleagues did. I thought he was being maybe just a little *too* much paranoid but admired that he actually did something about it a few months back (instead of just bitching about it.) Looks like he was simply being prudent !

  • by pubwvj (1045960) on Wednesday December 18, 2013 @07:32PM (#45731541)

    Hmm... I stuck a piece of black electrical tape over mine when I got the MacBook.

  • I was pretty convinced that I didn't have to put a post-it over my MacBook camera. Guess I'll go ahead and do it after all.

  • Surely firmware can not be updated/modified without user knowledge, am I wrong?
    • Re:Firmware (Score:5, Insightful)

      by jader3rd (2222716) on Wednesday December 18, 2013 @07:55PM (#45731731)

      Surely firmware can not be updated/modified without user knowledge, am I wrong?

      Click here to view videos of cute kittens!!!!!!

    • by weilawei (897823)
      Suuuuuure. You just keep believing that.
    • by countach (534280)

      You wouldn't think so, but in fairness to Apple, these were pretty old machines, which means they had pretty old versions of OS-X. My guess is Apple closed this bug a long time ago, which is why the researchers had to use old Macs.

      • by neonmonk (467567)

        Haha, Apple closing a security bug before it's been broadcast all over the internet, for months. Good one. You should write for Leno.

    • by tlambert (566799)

      Surely firmware can not be updated/modified without user knowledge, am I wrong?

      The article used a virtual machine which required privilege to install, and then called it "firmware modified from user space", but actually it was "firmware modified from user space by first escalating privilege".

      If you are willing to escalate privilege, you can pretty much do what you want to any USB devices firmware, assuming it's not in ROM and not hardware fused to make it non-updateable.

      • by drinkypoo (153816)

        If you are willing to escalate privilege, you can pretty much do what you want to any USB devices firmware, assuming it's not in ROM and not hardware fused to make it non-updateable.

        I believe the assumption here is that it's not difficult for TPTB to get their firmware onto your computer. In an enterprise it's slightly tricky to do it without risk of being caught. Where individual users are concerned there is little risk in leaning on the OS vendor to deliver to you and you alone an additional payload right in a signed patch package.

      • by tibman (623933)

        Pretty sure that's not how the FBI does it : )

    • ASUSupdate is able to flash the BIOS without giving it admin rights, so It could be used silently I guess (on Windows XP at least last time I did it).

      For other systems (*NIX including Mac OS), just make it part of a system update.

  • by bobjr94 (1120555) on Wednesday December 18, 2013 @07:50PM (#45731681) Homepage
    Since built in mics have been around much longer than built in webcams, no doubt they were hacked a long time ago. They have no way of alerting the users if they are active or not. Im sure many laptops, tablets, phones, game systems, cars electronics (like onstar & bluetooth) and even smart tv's have government spyware to record/monitor conversations and looking for keywords. Besides attaching a psychical switch yourself to a mic, not much you can do, a piece of tape wont help much.
    • by whoever57 (658626)
      Are the mics good enough to allow encryption to be broken by listening to the CPU? [slashdot.org]
    • by weilawei (897823)
      Yep, my T60, even with the mic disabled in BIOS, will still record audio. Was messing with it one day and realized that Audacity would happily record from it anyway when supposedly "disabled", albeit with much lower gain.
      • by hey! (33014)

        If this is in linux, this might have something to do with ACPI [wikipedia.org]. The firmware has a table called the DSDT [01.org] (Differentiated System Description Table) which basically tells the operating system how to turn integrated peripherals like network cards off and on when going to sleep or waking up.

        One peculiarity of the DSDT is that the ACPI specification allows it to include different instructions to different operating systems, and this is a common source of problems in linux installs. Some manufacturers (Toshiba)

        • by weilawei (897823) on Wednesday December 18, 2013 @09:51PM (#45732537) Homepage
          I was curious, after reading your comment, (this is Debian testing) so I rebooted, and went into BIOS. Well, no ACPI option. I did disable the microphone, as well as every power option I could find (along with anything else I could disable). I also booted with "acpi=off". I then fired up Audacity, and... it still records. Just like before. I think my time was not wasted reading your post, despite it still not disabling the microphone.
    • Yeah, but you can't hear boobies. Useless hack.

  • by koan (80826) on Wednesday December 18, 2013 @08:14PM (#45731867)

    I worked for Apple, their education department had an uproar when one school district was found to spying on the students via the iSight, the light never went on.
    The school admitted they set it up that way.

    They were spying on them at home, I wonder how many little kids got undressed in front of their iSights while someone watched.

    http://en.wikipedia.org/wiki/Robbins_v._Lower_Merion_School_District [wikipedia.org]

    • Re: (Score:3, Informative)

      by Anonymous Coward

      "Students were particularly troubled by the momentary flickering of their webcams' green activation lights, which several students reported would periodically turn on when the camera wasn't in use, signaling that the webcam had been turned on.[8][22][24][47] Student Katerina Perech recalled: "It was just really creepy."[24] Some school officials reportedly denied that it was anything other than a technical glitch, and offered to have the laptops examined if students were concerned."

      Sounds like the indicator

    • We need a Godwin equivalent for when people use the "Think of the children" argument in an online discussion.
  • This is news? (Score:3, Insightful)

    by BurfCurse (937117) on Wednesday December 18, 2013 @08:15PM (#45731869)
    There are a lot things you can do with "small tweaks to firmware".
  • Not by accident (Score:5, Interesting)

    by Anonymous Coward on Wednesday December 18, 2013 @08:23PM (#45731941)

    The big companies do as they are told. They are either owned by extremely evil sociopaths (like Bill Gates), who believe that they are fundamentally more 'elite' than powerful politicians, bankers, generals, religious leaders, etc, or they are owned by people who know the cost of doing business at such a level means 'playing ball' with those that hold real power and influence.

    In an age when Bill Gates spent TENS OF BILLIONS buying the state-of-the-art depth sensor companies that eventually gave Microsoft the ability to design and build the military grade 'time-of-flight' sensor used in the Kinect 2, all at the behest of NSA full surveillance ambitions, fiddling the software and hardware so the LED that accompanies the CCD camera is controlled in a completely independent way seems like comparing the achievement of an air-craft carrier with a pea-shooter.

    However, it is all a never ending program of attacks against us, the general population. You are a serious sex criminal if you put a 'hidden' camera in the room used by your 'au pair', but when the government itself specifically distributes laptops at a high-school, so spyware can video your children in their own bedrooms, NO CRIME has been committed. They push to see how far they can go, and mainstream media outlets like Slashdot encourage you to offer no resistance, no matter how horrible their abuses become.

    Normally, society works by EQUILIBRIUM. They push. We push. At some point, both forces are equal. Since the time of Tony Blair, all this has changed. Now so-called civilised nations in the West are supposed to INCREASE the amount they push each and every year, and each and every year we are supposed to walk backwards another mile. Notice the Blairite propaganda for the need for ever more laws, and the need for ever greater punishments for existing laws.

    Tony Blair (the 'Putin of the UK, but far more powerful and influential than Putin) travels the world, calling for more state surveillance, more censorship, more laws, more severe punishments, far more organised religion in the lives of ordinary people, and far more military actions. Blair is 'god' for Gates, Obama, and other happy members of the actual far-Right, and the pseudo-liberal far-right.

    To Team Blair, we are literal CATTLE, to be controlled, manipulated and used in whatever ways best suit the needs of those that call themselves the 'elite'. Does a farmer hesitate to practice full surveillance methods over his livestock when useful? Of course not.

    The combined influence of the British and Americans over the rest of the planet is terrifying. If the British and Americans put on a united front, and say to the world "spy on your sheeple as far as your funds and technology allows, and gain and lasting better control over them in this way", not one nation will stand up and say "no, this is fundamentally evil". If, in the 19th century, Britain and the US had stood together in favour of slavery, Human slavery would be more widespread today than at any previous moment in Human History.

    Blair knows how far the legacy of Britain's impact on recent Human events across these last centuries goes. He knows that as I type, all across Asia, Africa, the Middle East and East Europe, despotic regimes are saying "we can get away with this, because they do the same things today in the UK and USA".

    Social engineering is now happening on a scale unthinkable even a decade back. Your children are subject to waves of abusive propaganda that would have made Winston Smith think he lived in a paradise of freedom by comparison. You are now told that it is fundamentally WRONG to allow people with non-state-approved opinions to be heard in public forums. The current front page of Digg is BOASTING how science forums on Reddit only allow Tony Blair approved opinions on matters of scientific 'fact'. And yet science, by definition, is the one area where the truth needs no sociological protection, so long as individual scientific voices are not suppressed. The scientific method requires debat

    • by weilawei (897823)
      TL;DR: The laws don't apply to people in power/with lots of money. The little guy is screwed and keep getting more screwed every day.
  • I can't really think of a time when I would want to be naked in front of my PC. While that doesn't excuse the invasion of privacy, it does suggest that some people are lacking in common sense. People generally wouldn't walk naked in front of a window with the blinds drawn, why do it in front of a powered-on PC?
  • Duct. Tape.

    And also: "and there was a case in the news where a woman had nude pictures taken of her without her knowledge". Heh heh. Those zany FBI analysts...

  • Goatsx (Score:5, Funny)

    by Registered Coward v2 (447531) on Wednesday December 18, 2013 @09:53PM (#45732549)
    Why not just modify the code to return goatsx instead of blocking the ability to turn on the camera?
  • by CohibaVancouver (864662) on Wednesday December 18, 2013 @10:03PM (#45732585)
    Pics or it didn't happen.
  • $5 solution (Score:3, Insightful)

    by 101percent (589072) on Thursday December 19, 2013 @09:24AM (#45735123)

These screamingly hilarious gogs ensure owners of X Ray Gogs to be the life of any party. -- X-Ray Gogs Instructions

Working...