The interesting part in this resolved case is the hacker was able to activate the classmate’s webcam without even the green warning light.
Though Apple’s FaceTime camera is designed to always illuminate the adjacent green light at the top of the screen, software has been written to separate the camera and light hardware, allowing both illegal — and legal, the FBI has used similar software in criminal investigations — ways.
While controlling a camera remotely has long been a source of concern to privacy advocates, conventional wisdom said there was at least no way to deactivate the warning light. New evidence indicates otherwise.
Marcus Thomas, former assistant director of the FBI’s Operational Technology Division in Quantico, said in a recent story in The Washington Post that the FBI has been able to covertly activate a computer’s camera — without triggering the light that lets users know it is recording — for several years.
According to MacRumors, two students at Johns Hopkins examined Apple’s webcam indicator [PDF] and discovered both how to disable the LED indicator, and a way to modify OS X’s kernel to keep nefarious users from taking control of the LED. The vulnerability they described does not work on Macs built after 2008, but it is likely that similar hacks exist for newer machines.
The easiest way for users to protect themselves — aside from standard security protocols like not downloading strange applications, or allowing untrusted people access to the computer — is to put a small piece of tape across the camera.
