Rockwell’s dystopian vision of the future has arrived for iSight camera owners: somebody really could be watching — even listening — to your private life, using your computer’s webcam surreptitiously, snatching audio or video without tripping safeguard indicators like the little green LED that’s supposed to reveal when a webcam is active and capturing audio-visual information.
That light sits between a microprocessor and a separate image sensor, where it’s supposed to be a failsafe visual cue. Whenever the image sensor transmits images, a “hardware interlock” (like the switch that turns off your microwave if you open the door while it’s running) is supposed to illuminate the LED, letting you know the camera is active. Not only have researchers at Johns Hopkins found ways around that interlock, hackers may have already managed to exploit the vulnerability.
Take 19-year-old Cassidy Wolf, crowned Miss Teen USA this August. Wolf received nude photos of herself in an anonymous email demanding further nude photos (among other things) to not release the pictures — snaps it turns out were secretly gathered using her laptop’s camera over the course of several months. Wolf claims the camera light never turned on, and the FBI says the suspect, a man named Jared Abrahams, was using software to peep Wolf’s as well as somewhere in the vicinity 150 additional computer webcams. (Abrahams has since pleaded guilty to charges of extortion.) Ars has an interesting overview of how Abrahams did what he did from a networking standpoint, though it’s unclear whether he managed to disable Wolf’s webcam indicator (or that Wolf just didn’t notice it was on).
That said, the Washington Post, writing about malware-based surveillance techniques earlier this month, revealed that the FBI has been covertly accessing computer cameras without tripping webcam indicator lights “for several years.” The Wolf piece drove tabloid headlines because of the Miss Teen USA angle, but it’s the unambiguous FBI claim that’s truly chilling.
Highlighting the issue’s severity, earlier this week Johns Hopkins researchers confirmed in detail that, yes, it’s possible to hijack a computer webcam without triggering the indicator LED. Authors Matthew Brocker and Stephen Checkoway, who wrote the paper titled “iSeeYou: Disabling the MacBook Webcam Indicator LED” note they were able to accomplish this “entirely in user space” (meaning, in essence, without administrative privileges).
They did so Captain Kirk Kobayashi Maru-style: by changing the underlying rules and reprogramming the firmware. Firmware is the low level instructional information situated in devices that range from digital watches to TV remotes, and include the multiple processor-related components that comprise a computer, from keyboards to mice to webcams. By attacking the device at this level, the researchers were able to convert the camera into something that looked like a USB keyboard to the operating system, which then allowed them to execute code from within the operating system.
They crafted two applications to demonstrate the process: one, waggishly dubbed “iSeeYou,” that illustrated the ability to capture video with the indicator disabled, and another that showed how to execute commands within the operating system. They also crafted a third application, dubbed “iSightDefender,” designed to lock down firmware modification from “user space.”
According to Brocker and Checkoway, they contacted Apple this summer about these vulnerabilities, passing along the iSightDefender code (now publicly available, though only for 2007-2008 MacBooks), but Apple “did not inform [them] of any possible mitigation plans.”
If webcams can be accessed and these supposedly failsafe hardware interlocks disabled, it should go without saying: we need safeguards, and pronto. Sure, you can slap a piece of black electrical tape over your camera’s lens, but that’s a crude, unsightly, potentially residue-leaving workaround that isn’t really a workaround, since it doesn’t disable your computer’s microphone (and even if your laptop has coverable mic holes, does tape completely block the sound, or merely muffle it?).
I have no idea what the long-term, hack-proof viability of an app like iSightDefender is, but given the gravity of these revelations and the design-based inseparability of embedded webcams from laptops, we deserve some sort of flip-the-circuit-breaker guarantee — that when we want to disable our devices’ embedded lenses and microphones, they’re really off, and that it’d take some violation of space-time law to turn them back on without our blessing.
Maybe it’ll have to be an old-fashioned hardware toggle, crude as that sounds, which physically decouples the camera and microphone and physically firewalls it somehow. If I want to lock down my Xbox One, I can just unplug the Kinect camera. If you’re a desktop owner using an external webcam, you can do the same. Having that option to unplug may be the only surefire defense against a looming “always-on, always-online” zeitgeist. I can appreciate the design elegance of embedded lenses and microphones in smartphones, tablets and laptops, sure, but if the tradeoff involves perpetual paranoia about peepers and ne’er-do-wells, adding an old-school privacy toggle is a compromise I’d be willing to make.
Update: Here’s some additional info I just received. First, while broader industry concerns that any webcam would be hackable remain, it seems Cassidy Wolf wasn’t using a Mac. Second, as noted by the Johns Hopkins’ researchers, the firmware hack they employed is indeed limited to older MacBook computers. That said, per the Washington Post, the researchers noted that “similar techniques could work on more recent computers from a wide variety of vendors,” which raises a third point: According to my source, Apple is taking all of this as seriously as any company can, which I interpret to mean we may get clarification on some or all of this soon.