Who is looking through your webcam?

The woman was shocked when she received two nude photos of herself by email. The photos had been taken over a period of several months – without her knowledge – by the built-in camera on her laptop.

Fortunately, the FBI was able to identify a suspect: her high school classmate, a man named Jared Abrahams. The FBI says it found software on Abrahams’s computer that allowed him to spy remotely on her and numerous other women.

Abrahams pleaded guilty to extortion in October. The woman, identified in court papers only as C.W., later identified herself on Twitter as Miss Teen USA Cassidy Wolf. While her case was instant fodder for celebrity gossip sites, it left a serious issue unresolved:

Most laptops with built-in cameras have an important privacy feature – a light that is supposed to turn on any time the camera is in use. But Wolf said she never saw the light on her laptop. As a result, she had no idea she was under surveillance.

That wasn’t supposed to be possible. While controlling a laptop camera remotely has long been a source of concern to privacy advocates, conventional wisdom said there was no way to deactivate the warning light.

But evidence is mounting that this creepiest of intrusions is real.

There have been warnings. Marcus Thomas, former assistant director of the FBI’s Operational Technology Division in Quantico, Va., said in a recent story in The Washington Post that the FBI has been able to covertly activate a computer’s camera – without triggering the light – for several years.

Now research from Johns Hopkins University provides the first public confirmation that it’s possible to do just that, and demonstrates how. While the research focused on MacBook and iMac models released before 2008, the authors say similar techniques would probably work on more recent computers from a wide variety of vendors.

In other words, if a laptop has a built-in camera, it’s possible someone — whether the federal government or a malicious 19-year-old — could access it to spy on the user at any time, and the user would never know.

The iSight camera was designed to prevent this, said Stephen Checkoway, a computer science professor at Johns Hopkins and a co-author of the study. “Apple went to some amount of effort to make sure that the LED would turn on whenever the camera was taking images,” Checkoway said. The 2008-era Apple products they studied had a “hardware interlock” between the camera and the light to ensure that the camera couldn’t turn on without alerting its owner.

But Checkoway and his co-author, Johns Hopkins University graduate student Matthew Brocker, were able to get around this security feature. That’s because a modern laptop is actually several different computers in one package. “There’s more than one chip on your computer,” said Charlie Miller, a security expert at Twitter. “There’s a chip in the battery, a chip in the keyboard, a chip in the camera.”

MacBooks are designed to prevent software running on the MacBook’s central processing unit (CPU) from activating the iSight camera without turning on the light. But researchers figured out how to reprogram the chip inside the camera, known as a micro-controller, to defeat this feature.

In a paper called “iSeeYou: Disabling the MacBook Webcam Indicator LED,” Brocker and Checkoway describe how to reprogram the iSight camera’s micro-controller to allow the camera to be turned on while the light stays off. Their research is under consideration for an upcoming academic security conference.

Attacks that exploit microcontrollers are becoming more common. “People are starting to think about what happens when you can reprogram each of those,” Miller said. For example, he demonstrated an attack last year on the software that controls Apple batteries, which causes the battery to discharge rapidly, potentially leading to a fire or explosion. Another researcher was able to convert the built-in Apple keyboard into spyware using a similar method.

According to the researchers, the vulnerability they discovered affects “Apple internal iSight webcams found in earlier-generation Apple products, including the iMac G5 and early Intel-based iMacs, MacBooks, and MacBook Pros until roughly 2008.” While the attack outlined in the paper is limited to those devices, researchers like Charlie Miller suggest that the attack could be applicable to newer systems as well.

“There’s no reason you can’t do it – it’s just a lot of work and resources, but it depends on how well ⅛Apple€ secured the hardware,” Miller said.

Apple did not reply to requests for comment for this article. Brocker and Checkoway write in their report that they contacted the company on July 16. “Apple employees followed up several times but did not inform us of any possible mitigation plans,” the researchers wrote.

The software used by Abrahams in the Wolf case is known as a Remote Administration Tool, or RAT. This software, which allows someone to control a computer from across the Internet, has legitimate uses. For example, it can make it easier for a school’s IT staff to administer a classroom full of computers.

Indeed, the devices the researchers studied were similar to MacBooks involved in a notorious case in Pennsylvania in 2008. Administrators at Lower Merion High School outside Philadelphia reportedly captured 56,000 images of students using the RAT installed on school-issued laptops. Students reported seeing a “creepy” green flicker that indicated that the camera was in use. That eventually led to a lawsuit.

But more sophisticated remote monitoring tools may already be able to suppress the warning light, said Morgan Marquis-Boire, a security researcher at the University of Toronto.

He points to commercial surveillance products such as Hacking Team and FinFisher that are marketed for use by governments. FinFisher is a suite of tools sold by a European firm called the Gamma Group. A company marketing document released by Wikileaks indicated that Finfisher could be “covertly deployed on the Target Systems” and enable, among other things, “Live Surveillance through Webcam and Microphone.”

The Chinese government has also been accused of using RATs for surveillance purposes. A 2009 report from the University of Toronto described a surveillance program called Ghostnet that the Chinese government allegedly used to spy on prominent Tibetans, including the Dalai Llama. The authors reported that “web cameras are being silently triggered, and audio inputs surreptitiously activated,” though it’s not clear whether the Ghostnet software is capable of disabling camera warning lights.

But there is an easy way for users to protect themselves. “The safest thing to do is to put a piece of tape on your camera,” Miller said.

Talk to us

> Give us your news tips.

> Send us a letter to the editor.

> More Herald contact information.

More in Local News

Traffic idles while waiting for the lights to change along 33rd Avenue West on Tuesday, April 2, 2024 in Lynnwood, Washington. (Olivia Vanni / The Herald)
Lynnwood seeks solutions to Costco traffic boondoggle

Let’s take a look at the troublesome intersection of 33rd Avenue W and 30th Place W, as Lynnwood weighs options for better traffic flow.

A memorial with small gifts surrounded a utility pole with a photograph of Ariel Garcia at the corner of Alpine Drive and Vesper Drive ion Wednesday, April 10, 2024 in Everett, Washington. (Olivia Vanni / The Herald)
Death of Everett boy, 4, spurs questions over lack of Amber Alert

Local police and court authorities were reluctant to address some key questions, when asked by a Daily Herald reporter this week.

The new Amazon fulfillment center under construction along 172nd Street NE in Arlington, just south of Arlington Municipal Airport. (Chuck Taylor / The Herald) 20210708
Frito-Lay leases massive building at Marysville business park

The company will move next door to Tesla and occupy a 300,0000-square-foot building at the Marysville business park.

Everett police officers on the scene of a single-vehicle collision on Evergreen Way and Olivia Park Road Wednesday, July 5, 2023 in Everett, Washington. (Photo provided by Everett Police Department)
Everett man gets 3 years for driving high on fentanyl, killing passenger

In July, Hunter Gidney crashed into a traffic pole on Evergreen Way. A passenger, Drew Hallam, died at the scene.

FILE - Then-Rep. Dave Reichert, R-Wash., speaks on Nov. 6, 2018, at a Republican party election night gathering in Issaquah, Wash. Reichert filed campaign paperwork with the state Public Disclosure Commission on Friday, June 30, 2023, to run as a Republican candidate. (AP Photo/Ted S. Warren, File)
6 storylines to watch with Washington GOP convention this weekend

Purist or pragmatist? That may be the biggest question as Republicans decide who to endorse in the upcoming elections.

Keyshawn Whitehorse moves with the bull Tijuana Two-Step to stay on during PBR Everett at Angel of the Winds Arena on Wednesday, April 17, 2024 in Everett, Washington. (Olivia Vanni / The Herald)
PBR bull riders kick up dirt in Everett Stampede headliner

Angel of the Winds Arena played host to the first night of the PBR’s two-day competition in Everett, part of a new weeklong event.

Simreet Dhaliwal speaks after winning during the 2024 Snohomish County Emerging Leaders Awards Presentation on Wednesday, April 17, 2024, in Everett, Washington. (Ryan Berry / The Herald)
Simreet Dhaliwal wins The Herald’s 2024 Emerging Leaders Award

Dhaliwal, an economic development and tourism specialist, was one of 12 finalists for the award celebrating young leaders in Snohomish County.

In this Jan. 12, 2018 photo, Ben Garrison, of Puyallup, Wash., wears his Kel-Tec RDB gun, and several magazines of ammunition, during a gun rights rally at the Capitol in Olympia, Wash. (AP Photo/Ted S. Warren)
With gun reform law in limbo, Edmonds rep is ‘confident’ it will prevail

Despite a two-hour legal period last week, the high-capacity ammunition magazine ban remains in place.

Everett Fire Department and Everett Police on scene of a multiple vehicle collision with injuries in the 1400 block of 41st Street. (Photo provided by Everett Fire Department)
1 in critical condition after crash with box truck, semi in Everett

Police closed 41st Street between Rucker and Colby avenues on Wednesday afternoon, right before rush hour.

The Arlington Public Schools Administration Building is pictured on Tuesday, April 16, 2024, in Arlington, Washington. (Ryan Berry / The Herald)
$2.5M deficit in Arlington schools could mean dozens of cut positions

The state funding model and inflation have led to Arlington’s money problems, school finance director Gina Zeutenhorst said Tuesday.

Lily Gladstone poses at the premiere of the Hulu miniseries "Under the Bridge" at the DGA Theatre, Monday, April 15, 2024, in Los Angeles. (AP Photo/Chris Pizzello)
Mountlake Terrace’s Lily Gladstone plays cop in Hulu’s ‘Under the Bridge’

The true-crime drama started streaming Wednesday. It’s Gladstone’s first part since her star turn in “Killers of the Flower Moon.”

Jesse L. Hartman (Photo provided by Everett Police Department)
Everett man who fled to Mexico given 22 years for fatal shooting

Jesse Hartman crashed into Wyatt Powell’s car and shot him to death. He fled but was arrested on the Mexican border.

Support local journalism

If you value local news, make a gift now to support the trusted journalism you get in The Daily Herald. Donations processed in this system are not tax deductible.