ISeeYou explained
iSeeYou is a security bug affecting iSight cameras in some Apple laptops.[1]
Discovery
The researchers' decision to study webcam indicator lights resulted from the widely reported WebcamGate case, in which a remote access tool installed on school-issued laptops took photographs of unconsenting students.[2] [3] The study demonstrated that the webcam indicator light could be turned off while the camera itself was turned on by bypassing the standby state of the signal. This was performed by changing the RESET register in the device's firmware to a value of 0x00c8.[4]
Impact
The security flaw was reported internationally.[5] [6] [7] [8] [9] [10]
This vulnerability was used in the extortion of Miss Teen USA, Cassidy Wolf, when she received emails containing nude photos of herself, taken without her knowledge, from an unknown man. Wolf claimed she never knew she was being recorded and that her webcam light never turned on.[11] The FBI arrested Jared Abrahams in relation to this crime as well as the sextortion of other female victims. Abrahams admitted he had infected victims' computers with malware and was able to record victims undress without the webcam light alerting them.[12]
Journalists observed that Apple had sold their laptops as having a "hardware interlock" that was supposed to prevent such an attack,[13] [14] and called on Apple to implement hardware switches or other strong privacy protections.
Mitigation
The Apple laptops affected are capable of running a variety of operating systems, including macOS, Microsoft Windows, and Linux. Mitigations against iSeeYou may vary by operating system. The researchers released a macOS kernel extension, iSightDefender, to reduce the attack surface under macOS.
Notes and References
- iSeeYou: Disabling the MacBook Webcam Indicator LED . Jscholarship.library.jhu.edu . 2013-12-11 . 2017-05-05. Checkoway . Stephen . Brocker . Matthew .
- Web site: Mlot . Stephanie . Is Your MacBook Webcam Watching You? | News & Opinion . PCMag.com . 2013-12-20 . 2017-05-05.
- Web site: Yes, Someone Can Spy On You Using Your Own MacBook Webcam . . December 18, 2013 . Megan Rose . Dickey . 2017-05-05.
- Brocker . Mattew . Checkoway . Stephen . August 20, 2014 . iıSeeYou: Disabling the MacBook Webcam Indicator LED . Usenix . 17.
- News: Soltani . Ashkan . Research shows how MacBook Webcams can spy on their users without warning . . 2013-12-18 . 2017-05-05.
- Web site: Macbook webcams CAN spy on you - and you simply CAN'T TELL. Theregister.co.uk. 2017-05-05.
- Web site: Apple: Sicherheitslücke erlaubt Zugriff auf iSight-Kamera - COMPUTER BILD . Computerbild.de . 2013-12-19 . 2017-05-05.
- Web site: Researchers Hack Webcam While Disabling Warning Lights . New York Times . Nick . Hilton . 2013-12-19 . 2017-05-05.
- Web site: Schaffhauser . Dian . MacBook Webcams Vulnerable to 'Peek' Hacking . The Journal . 2014-01-08 . 2017-05-05.
- News: Charles Arthur . Boot up: mobile scale, Titan's work, webcam spying, Bitcoin woes and more | Technology . . 2017-05-05.
- Web site: Cassidy Wolf, Miss Teen USA, claims she was extorted by an online hacker, report says . 2022-08-28 . www.cbsnews.com . 14 August 2013 . en-US.
- Web site: Temecula Student Arrested in Sextortion Case Involving Multiple Victims . 2022-08-28 . FBI . en-us.
- Web site: Cole . Shane . Researchers find way to activate iSight cameras without alerting users . AppleInsider . 2013-12-18 . 2017-05-05.
- Peckham . Matt . Miss Teen USA's Webcam Hacked | TIME.com . Time . 2013-12-20 . 2017-05-05.