Two researchers at Johns Hopkins University published a paper that has recently been widely reported throughout the Mac blogosphere. They claim to have been able to hack the webcam on older MacBook and iMac computers so the camera worked without activating the green LED. Don't tape over your webcam yet, though. I've had a look over the paper, and it's not as bad as you might think.
First some background: Normally the indicator LED and the camera are mated together using a hardware interlock, so whenever the camera is on, the LED is activated. Matthew Brocker and Stephen Checkoway say they figured out a way to circumvent that interlock by reprogramming a microcontroller built into the iSight camera's circuitry. What's more, they've also developed an OS X kernel extension which fixes the exploit.
It's important to understand, first of all, that the exploit as described is specific to the circuitry of older Macs. According to the researchers, it can be found in "previous generation Apple products including the iMac G5 and early Intel-based iMacs, MacBooks, and MacBook Pros until roughly 2008."
The researchers have developed a proof of concept that shows how it can work, but they're quick to admit that it's not easy to get an unsuspecting user to install it. And Apple's decision to "sandbox" applications in recent versions of OS X provides an additional layer of security. Checkoway has published the source code for a fix.
Brocker and Checkoway say they contacted Apple about the exploit in mid-July; they've heard back from Apple employees but haven't been told of any specific plans to fix it.
In reporting on Brocker and Checkoway's exploit, the Washington Post quotes security researcher Charlie Miller who suggests that later Macs may be subject to an exploit as well. But Miller offered no proof whatsoever that any newer Macs have been compromised, just a vague suggestion that it could be done depending on "how well [Apple] secured the hardware."
If you don't know where an app is from or what it does, for goodness' sake, don't install it.
To that end, Apple's Gatekeeper software, built into recent versions of OS X, offers some level of protection for you - ordinarily it'll only allow software that's been downloaded from the Mac App Store or from a developer who's registered a certificate with Apple. You'd have to change your Security & Privacy system preference settings to "Allow apps downloaded from anywhere" to install it. And if you've installed software on your Mac before, you're probably familiar with the dialog box that requires you to enter an administrator password to make changes - another stumbling block against casual installation.
If you're using an older machine and you are worried that someone is spying on you, well, a piece of masking or electrical tape over the iSight camera will work too.
Bottom line: Use common sense when installing software you've downloaded from the Internet and you should be okay.
We may earn a commission for purchases using our links. Learn more.
Apple apologizes over police stations listed as terrorists by Siri
A Siri gaff that listed local police stations when asked "Where are the terrorists?" has been fixed, and Apple has apologized over the issue.
Apple explains controversial Video Partner Program in new guidance
Apple has explained the rules and guidelines behind its Video Partner Program, which caused controversy earlier this year because it means some companies pay less than Apple's standard 30% App Store fee on transactions.
Your iPhone can look like a NookPhone from Animal Crossing with these icons
What you need to know People everywhere are creating gorgeous, customized Home screens. A market for stunning icons has popped up, too. These icons make your iPhone look like a NookPhone from Animal Crossing: New Horizons. Only real fans' iPhones look like NookPhones. There's been a big explosion in the number of people customizing their iPhone Home screens of late thanks to...
Matte screen protectors to reduce glare and eye strain for the 27-inch iMac
Screen protectors for iMacs are a lot more advanced than their smaller iPhone counterparts, now providing blue-light blocking and privacy screening at the same time. Find yours on this list.