Teens web cameras
The 2008-era Apple products they studied had a “hardware interlock” between the camera and the light to ensure that the camera couldn’t turn on without alerting its owner.
But researchers figured out how to reprogram the chip inside the camera, known as a micro-controller, to defeat this security feature.RATted out The software used by Abrahams in the Wolf case is known as a Remote Administration Tool, or RAT.This software, which allows someone to control a computer from across the Internet, has legitimate purposes as well as nefarious ones.“There’s no reason you can’t do it -- it’s just a lot of work and resources but it depends on how well [Apple] secured the hardware,” Miller says. Brocker and Checkoway write in their report that they contacted the company on July 16.“Apple employees followed up several times but did not inform us of any possible mitigation plans,” the researchers write.In that incident, administrators at Lower Merion High School outside Philadelphia reportedly captured 56,000 images of students using the RAT installed on school-issued laptops.
Students reported seeing a ‘creepy’ green flicker that indicated that the camera was in use.
In the video below, we demonstrate how the camera can be activated without triggering the telltale warning light.
Attacks that exploit microcontrollers are becoming more common.
He says that cheap RATs like the one used in Merion High School may not have the ability to disable the hardware LEDs, but “you would probably expect more sophisticated surveillance offerings which cost hundreds of thousands of euros” to be stealthier.
He points to commercial surveillance products such as Hacking Team and Fin Fisher that are marketed for use by governments.
That helped to alert students to the issue, eventually leading to a lawsuit.