Teens web cameras
As a result, she had no idea she was under surveillance. While controlling a camera remotely has long been a source of concern to privacy advocates, conventional wisdom said there was at least no way to deactivate the warning light. Marcus Thomas, former assistant director of the FBI’s Operational Technology Division in Quantico, said in a recent story in The Washington Post that the FBI has been able to covertly activate a computer’s camera — without triggering the light that lets users know it is recording — for several years.Now research from Johns Hopkins University provides the first public confirmation that it’s possible to do just that, and demonstrates how.
“There’s more than one chip on your computer,” says Charlie Miller, a security expert at Twitter.Fortunately, the FBI was able to identify a suspect: her high school classmate, a man named Jared Abrahams. W., later identified herself on Twitter as Miss Teen USA Cassidy Wolf.The FBI says it found software on Abrahams’s computer that allowed him to spy remotely on her and numerous other women. While her case was instant fodder for celebrity gossip sites, it left a serious issue unresolved.“There’s no reason you can’t do it -- it’s just a lot of work and resources but it depends on how well [Apple] secured the hardware,” Miller says. Brocker and Checkoway write in their report that they contacted the company on July 16.“Apple employees followed up several times but did not inform us of any possible mitigation plans,” the researchers write.That helped to alert students to the issue, eventually leading to a lawsuit.
But more sophisticated remote monitoring tools may already have the capabilities to suppress the warning light, says Morgan Marquis-Boire, a security researcher at the University of Toronto.
Another researcher was able to convert the built-in Apple keyboard into spyware using a similar method.
According to the researchers, the vulnerability they discovered affects “Apple internal i Sight webcams found in earlier-generation Apple products, including the i Mac G5 and early Intel-based i Macs, Mac Books, and Mac Book Pros until roughly 2008.” While the attack outlined in the paper is limited to these devices, researchers like Charlie Miller suggest that the attack could be applicable to newer systems as well.
“There’s a chip in the battery, a chip in the keyboard, a chip in the camera.” Mac Books are designed to prevent software running on the Mac Book’s central processing unit (CPU) from activating its i Sight camera without turning on the light.
But researchers figured out how to reprogram the chip inside the camera, known as a micro-controller, to defeat this security feature.
Their research is under consideration for an upcoming academic security conference.