Researchers Hacked into MacBook Camera, but that Doesn’t Mean They’re Spying on You

| Analysis

Hackers may be able to disable your iSight camera's activity lightTwo researchers have found a way to disable the green light on your Mac laptop that lets you know when the built-in camera is active, giving hackers a potential way to spy on you remotely. Just because it's possible, however, doesn't mean it's practical. In other words, there isn't much chance of your Mac being used to watch what you're doing without your knowledge.

Matthew Brocker and Stephen Checkoway found a way to change the firmware for the Mac's built-in camera so that the activity light stays disabled. As a result, the camera can be activated without anyone that's actually at the computer knowing.

Apple designed the activity light to work as an integral part of the camera so that there shouldn't be a way to have one active without the other. The idea behind the design was that no one could eavesdrop on your activities without your knowledge.

The system the two men developed requires a firmware update on the victim's Mac, and that means it can't easily be done without their knowledge. Firmware updates need administrator passwords to install, making it more difficult to get onto someone's computer. The easiest way to get the new firmware on to susceptible Macs is to gain physical access -- meaning to sit down at the computer's keyboard -- and install the update from there.

Alternately, a Mac that's part of a remote management system, like many businesses and schools use to install software and updates on user's computers over a network, can be used to install firmware hack. That's how Mr. Brocker and Mr. Checkoway delivered the hack to their test system.

Once the firmware update and special apps for remotely controlling the built-in camera were installed, the men were able to activate the Mac's camera and record video without the green activity light turning on.

The conditions necessary to install the hack are fairly limited, and they get even narrower thanks to the list of Macs that appear to be susceptible to the firmware hack. So far, it looks like only pre-2008 iMac, MacBook, and MacBook Pro models fit the requirements. Newer model Macs don't seem to be compatible to the firmware change.

That makes the likelihood of someone secretly installing the firmware on your Mac very slim, although it does drive home some important points about computer security. Giving anyone unsupervised access to your Mac, for example, is a good way to end up with apps you don't want and settings changes that reduce your overall security. Setting your Mac to auto-login at startup instead of requiring a password makes it easy to for anyone that gets their hands on your computer to see and do whatever they want, too.

What Mr. Brocker and Mr. Checkoway's reserach showed is that even though our Macs may seem secure, there are ways clever coders can get at our personal information. It may not be likely, but as we do more to protect our computers and our data, the harder it is for hackers to get at the information we'd rather keep private.

Comments

gnasher729

I’m sorry, but you are making a wrong assumption. It is not a firmware update of the Mac firmware, which would be quite difficult to achieve, but a firmware update of the camera firmware. Unfortunately, that can be done from software without root access. The two possibilities are: Software that you downloaded outside the App Store, and software that you downloaded from the App Store, where the developer told Apple that the app needs access to the camera (and Apple wouldn’t allow such an app unless there is a good reason for this access), _and_ the developer sneaked that code past Apple’s review.

On the other hand, there have been people panicking and thinking they can’t use the camera anymore. Of course they can. Using the camera is as safe as it always was. The problem is not willingly using the camera, the problem is that the camera could be turned on without you knowing. Nobody can hack into your FaceTime conversation.

And on the positive side, this hack is permanent, so if you use FaceTime, and the green light is on, then the hack isn’t there. If the green light is off, then either this hack is on or the green LED is broken. Broken LED is probably more likely.

geoduck

People keep saying I’m paranoid for keeping a piece of electrical tape over the camera on my MacBook. Not so much now
I’ll add that first it wasn’t possible, then it was only old models so you’re ok, next it’ll be too hard so don’t worry, then we’ll find out that the FBI and NSA have been doing it for years and Apple will isse a patch.

I’ll trust my electrical tape thank you..

Log-in to comment