Smile! If you’re using a MacBook computer, you might inadvertently find yourself on a version of the classic television show Candid Camera.
Computer scientists at the Whiting School have demonstrated how hackers can take over some MacBooks, activating their Web cameras without triggering the built-in green light that warns users that they are in the spotlight.
“Apple went to some trouble to put that security feature in place so that the light would come on when the camera was taking images, but in our paper, we show how it’s not fail-safe,” says Stephen Checkoway, an assistant research professor in the Department of Computer Science and co-author of the paper, “iSeeYou: Disabling the MacBook Webcam,” which was published in December.
The paper details how Checkoway and graduate student Matthew Brocker reprogrammed the microcontroller of an iSight camera to manipulate the LED warning light and the recording function separately, enabling the computer to record someone without that person having any idea the camera was in use.
Checkoway and Brocker notified Apple of the security flaw in July 2013. However, because the defect was found in 2008 models, there is no way to fix it.