Older Mac webcams can spy on you, but don't tape yours over until you read this

Two researchers at Johns Hopkins University published a paper that has recently been widely reported throughout the Mac blogosphere. They claim to have been able to hack the webcam on older MacBook and iMac computers so the camera worked without activating the green LED. Don't tape over your webcam yet, though. I've had a look over the paper, and it's not as bad as you might think.

First some background: Normally the indicator LED and the camera are mated together using a hardware interlock, so whenever the camera is on, the LED is activated. Matthew Brocker and Stephen Checkoway say they figured out a way to circumvent that interlock by reprogramming a microcontroller built into the iSight camera's circuitry. What's more, they've also developed an OS X kernel extension which fixes the exploit.

It's important to understand, first of all, that the exploit as described is specific to the circuitry of older Macs. According to the researchers, it can be found in "previous generation Apple products including the iMac G5 and early Intel-based iMacs, MacBooks, and MacBook Pros until roughly 2008."

The researchers have developed a proof of concept that shows how it can work, but they're quick to admit that it's not easy to get an unsuspecting user to install it. And Apple's decision to "sandbox" applications in recent versions of OS X provides an additional layer of security. Checkoway has published the source code for a fix.

Brocker and Checkoway say they contacted Apple about the exploit in mid-July; they've heard back from Apple employees but haven't been told of any specific plans to fix it.

In reporting on Brocker and Checkoway's exploit, the Washington Post quotes security researcher Charlie Miller who suggests that later Macs may be subject to an exploit as well. But Miller offered no proof whatsoever that any newer Macs have been compromised, just a vague suggestion that it could be done depending on "how well [Apple] secured the hardware."

If you don't know where an app is from or what it does, for goodness' sake, don't install it.

To that end, Apple's Gatekeeper software, built into recent versions of OS X, offers some level of protection for you - ordinarily it'll only allow software that's been downloaded from the Mac App Store or from a developer who's registered a certificate with Apple. You'd have to change your Security & Privacy system preference settings to "Allow apps downloaded from anywhere" to install it. And if you've installed software on your Mac before, you're probably familiar with the dialog box that requires you to enter an administrator password to make changes - another stumbling block against casual installation.

If you're using an older machine and you are worried that someone is spying on you, well, a piece of masking or electrical tape over the iSight camera will work too.

Bottom line: Use common sense when installing software you've downloaded from the Internet and you should be okay.

Peter Cohen
  • The NSA could be watching us right now (Like the Chinese government is suspected to have been spying on the Tibetans). Everybody! Put your clothes back on!
  • Oh noes! The NSA just watched me take a sip of my Dr. Pepper. Joke's on them - it was actually in a Pepsi cup. Oh no, I've said too much! Aaaaahhh!
  • I just took mine off!
  • The camera is also used as a light sensor to control the brightness of your screen so covering it will prevent automatic screen brightness adjustments.
  • The light sensor on newer MacBooks is directly to the left of the camera, so if you use a small piece of tape and only cover the camera then you should be fine. On older MacBooks it appears to be in the speaker grills. http://osxdaily.com/2010/05/22/where-is-the-ambient-light-sensor-on-a-ma...
  • ...and if Charlie Miller were to offer specifics, he'd be justly pilloried here for enabling breaches. Instead, his statement is minimized, if not outright dismissed. The man is no fear mongerer; he has a proven track record of finding and demonstrating vulnerabilities in hardware and software, and not just in OSX. His suggestions deserve better than a scoffing dismissal. Sent from the iMore App
  • His suggestion deserves qualification, which he didn't offer.
  • Except, because Apple purposely obsoletes their computers, none of those older computers can run anything past 10.6. 10.6 doesn't have sandboxing.
  • MacBooks built in '08 can run newer software than Snow Leopard. And Gatekeeper was introduced in Lion.
  • My 2007 17" Macbook Pro run Mavericks
  • My vintage 2008 24" iMac is currently running Mavericks 10.9.1 just fine. It's a bit slow compared to the newer Macs, of course, but it has no problem running it. I don't know about Macs that are older than mine, tho.
  • @toddtmw
    What a load of rubbish! Apple has very high life-expectency products - among the leaders in the computer industry. My MacPro (2008) has Mavericks and still runs more than decently. But even without Mavericks it would by no means be obsolete.
  • I have an original white Intel Core Duo iMac and a 15" Intel Core 2 Duo Macbook Pro that are unable to run the latest OS. The white iMac lost when Apple decided that Core 2 Duo was required for 10.7. The MBP lost when Apple dropped 32-bit processor support in 10.8. Both of these machines are very usable otherwise, but cannot use the latest updates from Apple.
    [Edit: Added "in 10.8" to the MBP Lost sentence]
  • Few..... I can take the tape off now. So glad you guys dig deep and get the real story. Some stories can be so blown out of portion. Thanks for the details! Sent from the iMore App
  • Just want to add something --
    Bottom Line: Use common sense when installing software you've downloaded from the Internet "especially when surfing for !0&#" and you should be okay. =P
  • Aobo Mac keylogger is invisible spy software for Mac. It logs keystrokes, websites, chats and takes screenshots. It offers three day free trial. Just have a try. http://www.macping.com/top-10-keylogger-mac-software-that-deliver-what-t...
  • Hey, how about the IS | CC by Intelligent Security. It is a brand new product. http://igg.me/at/is