Friday, December 20, 2013

Apple webcam bug allows spying on you


apple-webcam-sensor
http://www.hyphenet.com/blog/2013/12/20/apple-webcam-bug-allows-spying-on-you/


Apple (NASDAQ:AAPL) webcams are known to be vulnerable to a malware attack.
It was believed that no one could turn your iSignt webcam on without you knowing, thus illuminating the LED light on the webcam.

Security researchers at Johns Hopkins University have debunked that theory, the flaw is not only limited to older MacBooks and iMacs, but newer computers may be hacked as well.

The target attacks the firmware inside the iSight camera’s controller chip. Apple designed the iSight camera with a “hardware interlock” between the camera sensor and the indicator LED.  When the camera is activated the sensor is triggered and the light turns on.

The LED is connected straight into the standby pin on the camera sensor, which sparks the light.  When the camera comes out of standby mode, the LED immediately turns on.

The system is able to be bypassed by interlocking and reprogramming the firmware on the camera’s micro-controller.  The camera ignores standby signals sent by the USB interface that the camera uses to connect with the rest of the computer.

Ashkan Soltani and Timothy B. Lee tag-team to tell thee this: The woman was shocked when she received two nude photos of herself by e-mail. … Most laptops with built-in cameras have…a light that is supposed to turn on [when] the camera is in use. But Wolf says she never saw the light…go on.

That wasn’t supposed to be possible. … New evidence indicates otherwise. … Johns Hopkins University provides the first public confirmation that it’s possible to do just that, and demonstrates how.

The vulnerability they discovered affects “Apple internal iSight webcams found in earlier-generation Apple products.” … Researchers like Charlie Miller suggest that the attack could be applicable to newer systems as well. … Apple did not reply to requests for comment.


These attacks are alarming because it does not require administrator-level privileges or access to laptops.  At this time, Macbooks and iMacs manufactured prior to 2008 with built-in iSight cameras are being effected.

Researchers disclosed the vulnerability to Apple’s security team already.

According to the paper this was stated, “Apple employees followed up several times but did not inform us of any possible mitigation plans.”

So double tap your webcam, close your laptop when it’s not in use, do what would you can to take preventative measures not to be spied on from cybercriminals.

 
Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet,  “Like” us on Facebook or add us to your circle on Google+

References:
iSeeYou: Apple webcam bug allows creepy peeps to peep in on you – ComputerWorld
http://blogs.computerworld.com/malware-and-vulnerabilities/23300/iseeyou-apple-webcam-bug-itbwcw
Researchers find way to activate iSight cameras without alerting users – Apple Insider
http://appleinsider.com/articles/13/12/18/researchers-find-way-to-activate-isight-cameras-without-alerting-users
Research shows how MacBook Webcams can spy on their users without warning – Washington Post
http://www.washingtonpost.com/blogs/the-switch/wp/2013/12/18/research-shows-how-macbook-webcams…

No comments:

Post a Comment