Thursday, December 26, 2013

Research Shows How MacBook Webcams Can Spy on Their Users without Warning

Washington Post (12/18/13) Ashkan Soltani; Timothy B. Lee

Johns Hopkins University researchers have provided the first public confirmation that it is possible to activate a laptop's camera without triggering the light indicating that the camera is turned on. The research proves that if a laptop has a built-in camera, it is possible that someone could access it to spy on the user at any time. The researchers studied computers that had a hardware interlock between the camera and the light to ensure that the camera could not turn on without alerting its owner. However, the researchers were able to bypass this security feature because modern laptops are actually several different computers in one package. The computers are designed to prevent software from activating the camera without turning on the light, but the researchers were able to reprogram the chip inside the camera, called a microcontroller, to defeat this feature. Attacks that exploit microcontrollers are becoming more common. "People are starting to think about what happens when you can reprogram each of those," says Twitter security expert Charlie Miller. He also says there is an easy way to thwart this surveillance, noting "the safest thing to do is to put a piece of tape on your camera."
http://www.washingtonpost.com/blogs/the-switch/wp/2013/12/18/research-shows-how-macbook-webcams-can-spy-on-their-users-without-warning/