A new study done by students at Johns Hopkins University illustrates the way in which a Mac’s iSight camera can be turned, on without the little green LED indication light being on as well, essentially allowing it to spy on you.
The issue of whether the iSight camera could be hacked into and used remotely came about after a case in which high school student Jared Abrahams used malware to spy on and take pictures of classmate Miss Teen USA Cassidy Wolf, using her own webcam. Abrahams had sent two nude photos of Wolf to her email, planning to extort her, but was caught by the FBI.
The research at John Hopkins was performed by Stephen Checkoway, who is a professor of computer science, and graduate student Matthew Brocker. They made an app called iSeeYou to help them show how the iSight camera can be hacked into and controlled. They were able to infiltrate the iSight camera’s micro controller and reprogram it in a way that allows them to turn on the camera without turning on the LED light.
“We describe how to disable the LED on a class of Apple internal iSight webcams used in some versions of MacBook laptops and iMac desktops,” according to the study. “This enables video to be captured without any visual indication to the user and can be accomplished entirely in user space by an unprivileged (non-root) application.” The hack also affects “Apple internal iSight webcams found in earlier-generation Apple products, including the iMac G5 and early Intel-based iMacs, MacBooks, and MacBook Pros until roguhtly 2008.”
The simplest way right now to avoid being potentially spied on by your own iSight cam is to put a piece of tape or a sticker over it.