Replies

That's not correct -- this has been broken in software:

Did you read the part in your links specifying the so-called vulnerability was a PROOF OF CONCEPT?

It is not, as you imply, an out of the box, easy exploit applicable to every Apple Mac out in the wild.

This is déjà vu for me because I have posted this explanation before sometime ago when it first was publicized.

For this "vulnerability" to be exploited requires the person who turns off the LED have remote administrator privileges. This requires, Alvin, that the Mac which is to be exploited has to have been physically in the hands of someone for them to set it up FOR remote administrator privileges to be granted. While this person had possession of the targeted Mac, he would have to have super user access, which is even a higher access than administrator! because the Mac's iSight Camera module EPROM has to be reflashed to by-pass the software lockout so the remote administrator can controllably turn on the camera without the LED. This cannot be accomplished with only an administrator access.

Once all of that has been accomplished, your Peeping Tom, wanting to watch some one in her boudoir, has to log in to her prepared Mac with the administrator's name and password before he can do diddly squat about surreptitiously turning on her camera.

In other words, Alvin, it was NOT "broken in software" without a lot of preparation of the Mac to be "broken."

I posted this on FreeRepublic back when Miss Teen USA came out about the invasion of her privacy. . . and it turns out that although the media used this as a reason to talk about whether Apple Mac cameras could be turned on remotely, Miss Teen USA, it turns out owned an HP computer! It was not even an exploit of a Mac that started all of this hoopla!

As the article says, this was implemented on older generation MacBooks, not current models.

However, on the vulnerable models, it appears that in fact you don't need remote administrator privileges, nor do you need to reflash the EPROM. You just need to run the iSeeYou app. Caveat: I have not tried this on an actual machine myself, as that seems unwise; but this is the claim made in Johns Hopkins article.

The reprogramming of the firmware is said to be done with system calls and USB functionality, and no mention is made of attaching additional hardware to reflash the EPROM, nor is physical access to the machine said to be required.

Here's what the article says:

Threat model. To mount our main attack where we capture video without any external indication to the victim, we assume that an attacker is able to run native code on the victim’s computer as an unprivileged user. Further, we assume the code is unencumbered by defenses such as Apple’s App Sandbox which is used for applications downloaded from the Mac App Store but by little else. This assumption is quite mild...

...

We stress that our main result — disabling the iSight LED — only applies to the first generation internal iSight webcams and we make no claims of security or insecurity of later models...

It's clear that they're saying that this is a security issue with 1st-generation iSight webcams.

You do need to convince someone at the machine to run the app, but that's generally not too hard to achieve (people download things frequently, they open email attachments, etc., etc.).

They do go on to show how you can use this to do more than bypass the webcam LED -- you can actually run arbitrary code (as an unprivileged user). This extra step requires some additional user authorization. (I think a compromised video conferencing program would be sufficient, but I'm not sure.) However, this extra authorization isn't needed for the webcam LED trick.

By the way, my post was not at all anti-Apple or anti-Unix. Experience suggests that Windows machines have many more vulnerabilities. However, this particular hack happens to have been on a Mac.

Anyway, if I'm wrong, please point out where the article says that anything more is required than running an unprivileged program on a target machine of the correct vintage.