iSight fright might blight your night.
Apple (NASDAQ:AAPL) webcams are vulnerable to silent malware attack. It's long been believed that nobody can turn on your iSight webcam without the light illuminating. However, security researchers have shown that to be false. They say the design flaw isn't only limited to the earlier models that they demonstrated it on.
In IT Blogwatch, bloggers reach for the electrical tape.
Your humble blogwatcher curated these bloggy bits for your entertainment.
Ashkan Soltani and Timothy B. Lee tag-team to tell thee this:
The woman was shocked when she received two nude photos of herself by e-mail. ... Most laptops with built-in cameras have...a light that is supposed to turn on [when] the camera is in use. But Wolf says she never saw the light...go on.
...That wasn’t supposed to be possible. ... New evidence indicates otherwise. ... Johns Hopkins University provides the first public confirmation that it’s possible to do just that, and demonstrates how.
...The vulnerability they discovered affects “Apple internal iSight webcams found in earlier-generation Apple products.” ... Researchers like Charlie Miller suggest that the attack could be applicable to newer systems as well. ... Apple did not reply to requests for comment. MORE
Shane Cole burns with anger (or, at least, with worry):
Apple designed the iSight camera system with a "hardware interlock" between the camera sensor and the indicator LED. ... Researchers Matthew Brocker and Stephen Checkoway...were able to bypass the hardware interlock by reprogramming the firmware on the camera's microcontroller.
...The attack is particularly worrisome because it does not require administrator-level privileges or physical access to the laptop. MORE
And Peter Bright calls it "Perv utopia":
This kind of hacking went mainstream when Miss Teen USA Cassidy Wolf was named as a victim of a blackmail attempt. ... Some hardwired LEDs turn out to be, well, software controlled after all. ... When the driver for the webcam is loaded, the host uploads a small program to the USB controller.
...If your hardware interlock is software mediated, it's not a hardware interlock any more. MORE
But icwhatudidthere sees what you did there:
I dunno, I noticed something weird the other day on my 2010 Macbook Pro in Chrome. I was trying to get Hangouts to work with phone calls.
...Lo and behold, there was my face on screen in settings and no green light. MORE
So fuzzyfungus shakes his head:
Umm, Apple, embedded microcontrollers on the USB bus that can be reflashed from userspace?
Meanwhile, Morgan Mayhem mocks not:
Think people who put stickers over their webcams are paranoid?
Think again... MORE
Subscribe now to the Blogs Newsletter for a daily summary of the most recent and relevant blog posts at Computerworld.