Free Republic
Browse · Search 		General/Chat
Topics · Post Article

To: Swordmaker
Also, Apple has hardwired the camera light on iMacs and MacBooks so that if the camera comes on, the light will light. No software way to avoid that.

That's not correct -- this has been broken in software:

Research shows how MacBook Webcams can spy on their users without warning (The Washington Post)

iSeeYou: Disabling the MacBook Webcam Indicator LED (Johns Hopkins University)

PDF of technical report on the above from Johns Hopkins Univ.

I don't know if Apple has plugged up the specific security hole these people used, but it was thought at the time that there was no way to do this because of the hardware interlock. This shows how clever techniques can do something that seems impossible.

A good rule of thumb is that if somebody thinks that something can't be hacked into, they just haven't thought about it hard enough or they don't know enough about the internals of the system. [And that's even ignoring the possibility of social engineering.]
35 posted on 06/11/2014 9:12:21 AM PDT by Alvin Diogenes
[ Post Reply | Private Reply | To 12 | View Replies ]

To: Alvin Diogenes
That's not correct -- this has been broken in software:

Did you read the part in your links specifying the so-called vulnerability was a PROOF OF CONCEPT?

It is not, as you imply, an out of the box, easy exploit applicable to every Apple Mac out in the wild.

This is déjà vu for me because I have posted this explanation before sometime ago when it first was publicized.

For this "vulnerability" to be exploited requires the person who turns off the LED have remote administrator privileges. This requires, Alvin, that the Mac which is to be exploited has to have been physically in the hands of someone for them to set it up FOR remote administrator privileges to be granted. While this person had possession of the targeted Mac, he would have to have super user access, which is even a higher access than administrator! because the Mac's iSight Camera module EPROM has to be reflashed to by-pass the software lockout so the remote administrator can controllably turn on the camera without the LED. This cannot be accomplished with only an administrator access.

Once all of that has been accomplished, your Peeping Tom, wanting to watch some one in her boudoir, has to log in to her prepared Mac with the administrator's name and password before he can do diddly squat about surreptitiously turning on her camera.

In other words, Alvin, it was NOT "broken in software" without a lot of preparation of the Mac to be "broken."

I posted this on FreeRepublic back when Miss Teen USA came out about the invasion of her privacy. . . and it turns out that although the media used this as a reason to talk about whether Apple Mac cameras could be turned on remotely, Miss Teen USA, it turns out owned an HP computer! It was not even an exploit of a Mac that started all of this hoopla!

37 posted on 06/11/2014 7:52:24 PM PDT by Swordmaker (This tag line is a Microsoft insult free zone... but if the insults to Mac users continue...)
[ Post Reply | Private Reply | To 35 | View Replies ]

Free Republic
Browse · Search 		General/Chat
Topics · Post Article

FreeRepublic, LLC, PO BOX 9771, FRESNO, CA 93794
FreeRepublic.com is powered by software copyright 2000-2008 John Robinson