MacBook webcam can be abused to spy on2014-03-21 | Comebuy News
Security researcher of the University have Johns Hopkins a method demonstrated how the power led of a notebook webcam disable can be, so that the user gets none of this with if he is seen with a camera remotely activated. Experts Stephen Checkoway and Matthew Brocker demonstrated the feasibility on older MacBooks and iMac with built-in iSight camera.
With a proof-of-concept software called remote administration tool or short Board were researchers able to reprogram the microcontroller of the iSight camera, the LED light when you turn the camera remained inactive. In this way, it is no longer visible to the user that the camera is active. The OS X application developed by Checkoway and Brocker "iSeeYou" required only user rights without root access.
The researchers also used the same method, to implement an outbreak from a virtual machine. Malware programmed to the camera inside a virtual machine, that it is like a "USB human interface device (HID) keyboard" acts. Then she can start Terminal.app and run shell commands on the host system.
To prevent the modification of them demonstrated the iSight firmware with user rights, Checkoway and Bansal wrote also an OS X kernel extension called iSightDefender. It is available on GitHub for downloading.
The security experts before 2008 published Mac computer used for your research project. Their method could be applied but probably also on newer Apple computers and notebooks of other manufacturers, what so far but not yet been proven.
[with material by Dara Kerr, News.com]
Tip: How safe are you in security? Check your knowledge - with 15 questions on silicon.de