Article Lead Image

Hackers can disable the webcam light on older Macs to spy undetected

Just because the light is off doesn’t mean the camera is.


Aja Romano


The indicator light next to your computer’s webcam is supposed to keep you safe, lighting up to let you know the camera is on and you’re being observed. But the ability to turn the camera on without triggering that reassuring light has been around for years.

And we’ve known for a while that hackers can take over computer controls and gain access to your webcam without your knowledge. Recently, we learned that our post-Snowden fears were true: the FBI can activate webcams remotely, using their access from afar to spy on civilians.

Now, new research has shown that certain kinds of older Apple computers are susceptible to malware that can access a camera while disabling the webcam light. And without preventative measures, the same techniques could apply to many more makes and models of webcam.

There is some good news. Unless you’re running a virtual system, the actual webcam disabling still has to be done by a user logging on to the computer in person. If you are running a virtual system on an older Mac, however, you might want to keep a sharp eye out. 

In new findings published last week, researchers at Johns Hopkins University revealed that iMacs and MacBooks sold prior to 2008 used a version of Apple’s iSight camera that can be completely reprogrammed by any user who’s logged in, even if they’re not an administrator.

The researchers essentially hacked the camera’s firmware using a piece of malware they created called ISeeYou. As long as ISeeYou remains running undetected, a remote user can snoop on the camera.

After building the malware to crack the webcam, the researchers promptly built defenses, most notably a program that would force the webcam to be controlled only from the system’s root area, which is usually only accessible to the administrator. 

Out of all the available potential methods of prevention, the researchers urged that the best way to fix the webcam’s vulnerabilities was to make it impossible to de-activate the light on any webcam. In particular, they mentioned the Logitech webcam, which has a light that can easily be turned on and off. 

“Giving the user the ability to disable a privacy feature is tantamount to giving malware the same capability,” they warned.

They also studied the behaviors of “ratters,” hackers who routinely access webcams remotely and use them to spy on victims, so named for their reliance on Remote Access Technology.

“Disabling LEDs is a capability the ratters really want to have but do not think is possible,” they wrote. 

But the researchers want to keep that from happening. They plan to expand their investigation into newer Apple models and other brands.

In the meantime, it looks like putting masking tape over your webcam lens is still the best way to prevent an attack on your privacy.

Screengrab via JScholarship

Share this article

*First Published:

The Daily Dot