ISeeYou

Last updated

iSeeYou is a security bug affecting iSight cameras in some Apple laptops. [1]

Contents

Discovery

The researchers' decision to study webcam indicator lights resulted from the widely reported WebcamGate case, in which a remote access tool installed on school-issued laptops took photographs of unconsenting students. [2] [3] The study demonstrated that the webcam indicator light could be turned off while the camera itself was turned on by bypassing the standby state of the signal. This was performed by changing the RESET register in the device's firmware to a value of 0x00c8. [4]

Impact

The security flaw was reported internationally. [5] [6] [7] [8] [9] [10]

This vulnerability was used in the extortion of Miss Teen USA, Cassidy Wolf, when she received emails containing nude photos of herself, taken without her knowledge, from an unknown man. Wolf claimed she never knew she was being recorded and that her webcam light never turned on. [11] The FBI arrested Jared Abrahams in relation to this crime as well as the sextortion of other female victims. Abrahams admitted he had infected victims' computers with malware and was able to record victims undress without the webcam light alerting them. [12]

Journalists observed that Apple had sold their laptops as having a "hardware interlock" that was supposed to prevent such an attack, [6] [13] [14] and called on Apple to implement hardware switches or other strong privacy protections. [14]

Mitigation

The Apple laptops affected are capable of running a variety of operating systems, including macOS, Microsoft Windows, and Linux. Mitigations against iSeeYou may vary by operating system. The researchers released a macOS kernel extension, iSightDefender, to reduce the attack surface under macOS. [1]

Related Research Articles

<span class="mw-page-title-main">Webcam</span> Video camera connected to a computer or network

A webcam is a video camera which is designed to record or stream to a computer or computer network. They are primarily used in video telephony, live streaming and social media, and security. Webcams can be built-in computer hardware or peripheral devices, and are commonly connected to a device using USB or wireless protocols.

iSight Brand name used for webcams by Apple

iSight is a brand name used by Apple Inc. to refer to cameras on various devices. The name was originally used for the external iSight webcam, which retailed for US$149, connected to a computer via a FireWire cable, and came with a set of mounts to place it atop any then current Apple display, laptop computer, all-in-one desktop computer, or flat surface.

<span class="mw-page-title-main">PowerBook G4</span> Series of notebook computers created by Apple Computer

The PowerBook G4 is a series of notebook computers manufactured, marketed, and sold by Apple Computer between 2001 and 2006 as part of its PowerBook line of notebooks. The PowerBook G4 runs on the RISC-based PowerPC G4 processor, designed by the AIM (Apple/IBM/Motorola) development alliance and initially produced by Motorola. It was built later by Freescale, after Motorola spun off its semiconductor business under that name in 2004. The PowerBook G4 has had two different designs: one with a titanium body with a translucent black keyboard and a 15-inch screen; and another in an aluminum body with an aluminum-colored keyboard, in 12-inch, 15-inch, and 17-inch sizes.

<span class="mw-page-title-main">Photo Booth</span> Apple Inc. software application, with many unique filters. is an iPad only application

Photo Booth is an application developed by Apple Inc. for the macOS and iPadOS operating systems that allows users to take photos and videos using the device's built-in camera.

<span class="mw-page-title-main">MacBook (2006–2012)</span> Line of notebook computers by Apple

The MacBook is a line of Mac laptops sold by Apple Inc. between May 2006 and February 2012. It replaced the iBook series of notebooks as a part of Apple's transition from PowerPC to Intel processors. Positioned as the low end of the MacBook family, below the premium ultra-portable MacBook Air and the performance-oriented MacBook Pro, the MacBook was aimed at the consumer and education markets. It became the best-selling Mac in Apple's history. For five months in 2008, it was the best-selling laptop of any brand in US retail stores.

Internet safety, also known as online safety, cyber safety and electronic safety (e-safety), refers to the policies, practices and processes that reduce the harms to people that are enabled by the (mis)use of information technology.

<span class="mw-page-title-main">MacBook Air</span> Line of ultraportable notebook computers by Apple

The MacBook Air is a line of laptop computers developed and manufactured by Apple since 2008. It features a thin, light structure in a machined aluminum case and currently either a 13-inch or 15-inch screen. The Macbook Air's lower prices relative to the larger, higher performance MacBook Pro have made it Apple's entry-level notebook since the discontinuation of the original MacBook line in 2011.

HEAT LANrev is systems lifecycle management software used by system administrators to automate IT administration tasks. The product includes server and client ("agent") software that runs on Windows and macOS.

Sextortion employs non-physical forms of coercion to extort sexual favors from the victim. Sextortion refers to the broad category of sexual exploitation in which abuse of power is the means of coercion, as well as to the category of sexual exploitation in which threatened release of sexual images or information is the means of coercion.

iPad Line of tablet computers by Apple

The iPad is a brand of iOS and iPadOS-based tablet computers that are developed by Apple Inc., first introduced on January 27, 2010. The iPad range consists of the original iPad lineup and the flagship products iPad Mini, iPad Air, and iPad Pro.

<i>Robbins v. Lower Merion School District</i> Federal class action lawsuit

Robbins v. Lower Merion School District is a federal class action lawsuit, brought in February 2010 on behalf of students of two high schools in Lower Merion Township, a suburb of Philadelphia. In October 2010, the school district agreed to pay $610,000 to settle the Robbins and parallel Hasan lawsuits against it.

Pwn2Own is a computer hacking contest held annually at the CanSecWest security conference. First held in April 2007 in Vancouver, the contest is now held twice a year, most recently in March 2023. Contestants are challenged to exploit widely used software and mobile devices with previously unknown vulnerabilities. Winners of the contest receive the device that they exploited and a cash prize. The Pwn2Own contest serves to demonstrate the vulnerability of devices and software in widespread use while also providing a checkpoint on the progress made in security since the previous year.

<span class="mw-page-title-main">FaceTime</span> Apple videotelephony service

FaceTime is a proprietary videotelephony product developed by Apple Inc. FaceTime is available on supported iOS mobile devices running iOS 4 and later and Mac computers that run Mac OS X 10.6.6 and later. FaceTime supports any iOS device with a forward-facing camera and any Mac computer equipped with a FaceTime Camera. FaceTime Audio, an audio-only version, is available on any iOS device that supports iOS 7 or newer, and any Mac with a forward-facing camera running OS X 10.9.2 and later.

Camfecting, in the field of computer security, is the process of attempting to hack into a person's webcam and activate it without the webcam owner's permission. The remotely activated webcam can be used to watch anything within the webcam's field of vision, sometimes including the webcam owner themselves. Camfecting is most often carried out by infecting the victim's computer with a virus that can provide the hacker access to their webcam. This attack is specifically targeted at the victim's webcam, and hence the name camfecting, a portmanteau of the words camera and infecting.

<span class="mw-page-title-main">Cassidy Wolf</span> American model

Cassidy Marie Wolf is an American TV host, model and beauty queen who was crowned Miss Teen USA 2013.

Blackshades is a malicious trojan horse used by hackers to control infected computers remotely. The malware targets computers using operating systems based on Microsoft Windows. According to US officials, over 500,000 computer systems have been infected worldwide with the software.

A microphone blocker is a phone microphone connector used to trick feature phones that have a physical microphone switch to disconnect the microphone. Microphone blockers won't operate on smartphones or laptops because the microphone is controlled with software rather than a physical switch.

macOS Monterey 18th major version of the macOS operating system

macOS Monterey is the eighteenth major release of macOS, Apple's desktop operating system for Macintosh computers. The successor to macOS Big Sur, it was announced at WWDC 2021 on June 7, 2021, and released on October 25, 2021. macOS Monterey was succeeded by macOS Ventura, which was released on October 24, 2022.

<span class="mw-page-title-main">Bootloader unlocking</span> Process of disabling secure device booting

Bootloader unlocking is the process of disabling the bootloader security that makes secure boot possible. It can make advanced customizations possible, such as installing a custom firmware. On smartphones this can be a custom Android distribution or another mobile operating system. Some bootloaders are not locked at all, others can be unlocked using a standard command, others need assistance from the manufacturer. Some do not include an unlocking method and can only be unlocked through a software exploit.

<span class="mw-page-title-main">MacBook Pro (Intel-based)</span> Line of notebook computers

The Intel-based MacBook Pro is a discontinued line of Macintosh notebook computers sold by Apple Inc. from 2006 to 2021. It was the higher-end model of the MacBook family, sitting above the consumer-focused MacBook Air, and was sold with 13-inch to 17-inch screens.

References

  1. 1 2 Checkoway, Stephen; Brocker, Matthew (2013-12-11). "iSeeYou: Disabling the MacBook Webcam Indicator LED". Jscholarship.library.jhu.edu. Retrieved 2017-05-05.
  2. Mlot, Stephanie (2013-12-20). "Is Your MacBook Webcam Watching You? | News & Opinion". PCMag.com. Retrieved 2017-05-05.
  3. Dickey, Megan Rose (December 18, 2013). "Yes, Someone Can Spy On You Using Your Own MacBook Webcam". Business Insider . Retrieved 2017-05-05.
  4. Brocker, Mattew; Checkoway, Stephen (August 20, 2014). "iıSeeYou: Disabling the MacBook Webcam Indicator LED" (PDF). Usenix: 17.
  5. Soltani, Ashkan (2013-12-18). "Research shows how MacBook Webcams can spy on their users without warning". The Washington Post . Retrieved 2017-05-05.
  6. 1 2 "Macbook webcams CAN spy on you - and you simply CAN'T TELL". Theregister.co.uk. Retrieved 2017-05-05.
  7. "Apple: Sicherheitslücke erlaubt Zugriff auf iSight-Kamera - COMPUTER BILD". Computerbild.de. 2013-12-19. Retrieved 2017-05-05.
  8. Hilton, Nick (2013-12-19). "Researchers Hack Webcam While Disabling Warning Lights". New York Times. Retrieved 2017-05-05.
  9. Schaffhauser, Dian (2014-01-08). "MacBook Webcams Vulnerable to 'Peek' Hacking". The Journal. Retrieved 2017-05-05.
  10. Charles Arthur. "Boot up: mobile scale, Titan's work, webcam spying, Bitcoin woes and more | Technology". The Guardian . Retrieved 2017-05-05.
  11. "Cassidy Wolf, Miss Teen USA, claims she was extorted by an online hacker, report says". www.cbsnews.com. 14 August 2013. Retrieved 2022-08-28.
  12. "Temecula Student Arrested in Sextortion Case Involving Multiple Victims". FBI. Retrieved 2022-08-28.
  13. Cole, Shane (2013-12-18). "Researchers find way to activate iSight cameras without alerting users". AppleInsider. Retrieved 2017-05-05.
  14. 1 2 Peckham, Matt (2013-12-20). "Miss Teen USA's Webcam Hacked | TIME.com". Time. Retrieved 2017-05-05.


This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.