Early iSight Cameras Can be Activated Without the Warning Light, Researchers Find

Imac isight

The built-in iSight cameras of G5 iMacs and early Intel-based iMacs, MacBooks, and MacBook Pros (roughly until 2008) can be activated without the green warning light turning on, researchers from John Hopkins University have found, according to the Washington Post.

The majority of laptops have this important security feature: A light turns on any time the camera is in use. But the researchers point to the dangers of built-in passive sensors like cameras and microphones. “Unlike active input devices like keyboards and mice that require user actions to provide input, a passive sensor requires no actions on the part of the user to capture input,” the researchers say.

So what they did is focus on MacBook and iMac models from before 2008, models that feature the first-generation iSight cameras, and found a vulnerability in the iSight webcam that can be exploited to turn on the camera and capture images and video without the indicator illuminating.

In the study, entitled iSeeYou: Disabling the MacBook Webcam Indicator LED,” they describe the way in which hackers can disable the warning light: The software bypasses the “hardware interlock” between the camera and the LED light and takes images without the user’s consent.

The ubiquitous webcam indicator LED is an important privacy feature which provides a visual cue that the camera is turned on. We describe how to disable the LED on a class of Apple internal iSight webcams used in some versions of MacBook laptops and iMac desktops. This enables video to be captured without any visual indication to the user and can be accomplished entirely in user space by an unprivileged (non- root) application.

The same technique that allows us to disable the LED, namely reprogramming the firmware that runs on the iSight, enables a virtual machine escape whereby malware running inside a virtual machine reprograms the camera to act as a USB Human Interface Device (HID) keyboard which executes code in the host operating system.

The good news is that this vulnerability hasn’t been proven yet for Mac computers with “FaceTime” cameras, but the possibility of the same vulnerability is there.

Anyone using earlier Mac computers? Is this something you worry about?

P.S. - Like our news? Support the site with a coffee/beer. Or shop with our Amazon link. We use affiliate links when possible--thank you for supporting independent media.