Who is looking through your webcam?

The woman was shocked when she received two nude photos of herself by email. The photos had been taken over a period of several months – without her knowledge – by the built-in camera on her laptop.

Fortunately, the FBI was able to identify a suspect: her high school classmate, a man named Jared Abrahams. The FBI says it found software on Abrahams’s computer that allowed him to spy remotely on her and numerous other women.

Abrahams pleaded guilty to extortion in October. The woman, identified in court papers only as C.W., later identified herself on Twitter as Miss Teen USA Cassidy Wolf. While her case was instant fodder for celebrity gossip sites, it left a serious issue unresolved:

Most laptops with built-in cameras have an important privacy feature – a light that is supposed to turn on any time the camera is in use. But Wolf said she never saw the light on her laptop. As a result, she had no idea she was under surveillance.

That wasn’t supposed to be possible. While controlling a laptop camera remotely has long been a source of concern to privacy advocates, conventional wisdom said there was no way to deactivate the warning light.

But evidence is mounting that this creepiest of intrusions is real.

There have been warnings. Marcus Thomas, former assistant director of the FBI’s Operational Technology Division in Quantico, Va., said in a recent story in The Washington Post that the FBI has been able to covertly activate a computer’s camera – without triggering the light – for several years.

Now research from Johns Hopkins University provides the first public confirmation that it’s possible to do just that, and demonstrates how. While the research focused on MacBook and iMac models released before 2008, the authors say similar techniques would probably work on more recent computers from a wide variety of vendors.

In other words, if a laptop has a built-in camera, it’s possible someone — whether the federal government or a malicious 19-year-old — could access it to spy on the user at any time, and the user would never know.

The iSight camera was designed to prevent this, said Stephen Checkoway, a computer science professor at Johns Hopkins and a co-author of the study. “Apple went to some amount of effort to make sure that the LED would turn on whenever the camera was taking images,” Checkoway said. The 2008-era Apple products they studied had a “hardware interlock” between the camera and the light to ensure that the camera couldn’t turn on without alerting its owner.

But Checkoway and his co-author, Johns Hopkins University graduate student Matthew Brocker, were able to get around this security feature. That’s because a modern laptop is actually several different computers in one package. “There’s more than one chip on your computer,” said Charlie Miller, a security expert at Twitter. “There’s a chip in the battery, a chip in the keyboard, a chip in the camera.”

MacBooks are designed to prevent software running on the MacBook’s central processing unit (CPU) from activating the iSight camera without turning on the light. But researchers figured out how to reprogram the chip inside the camera, known as a micro-controller, to defeat this feature.

In a paper called “iSeeYou: Disabling the MacBook Webcam Indicator LED,” Brocker and Checkoway describe how to reprogram the iSight camera’s micro-controller to allow the camera to be turned on while the light stays off. Their research is under consideration for an upcoming academic security conference.

Attacks that exploit microcontrollers are becoming more common. “People are starting to think about what happens when you can reprogram each of those,” Miller said. For example, he demonstrated an attack last year on the software that controls Apple batteries, which causes the battery to discharge rapidly, potentially leading to a fire or explosion. Another researcher was able to convert the built-in Apple keyboard into spyware using a similar method.

According to the researchers, the vulnerability they discovered affects “Apple internal iSight webcams found in earlier-generation Apple products, including the iMac G5 and early Intel-based iMacs, MacBooks, and MacBook Pros until roughly 2008.” While the attack outlined in the paper is limited to those devices, researchers like Charlie Miller suggest that the attack could be applicable to newer systems as well.

“There’s no reason you can’t do it – it’s just a lot of work and resources, but it depends on how well ⅛Apple€ secured the hardware,” Miller said.

Apple did not reply to requests for comment for this article. Brocker and Checkoway write in their report that they contacted the company on July 16. “Apple employees followed up several times but did not inform us of any possible mitigation plans,” the researchers wrote.

The software used by Abrahams in the Wolf case is known as a Remote Administration Tool, or RAT. This software, which allows someone to control a computer from across the Internet, has legitimate uses. For example, it can make it easier for a school’s IT staff to administer a classroom full of computers.

Indeed, the devices the researchers studied were similar to MacBooks involved in a notorious case in Pennsylvania in 2008. Administrators at Lower Merion High School outside Philadelphia reportedly captured 56,000 images of students using the RAT installed on school-issued laptops. Students reported seeing a “creepy” green flicker that indicated that the camera was in use. That eventually led to a lawsuit.

But more sophisticated remote monitoring tools may already be able to suppress the warning light, said Morgan Marquis-Boire, a security researcher at the University of Toronto.

He points to commercial surveillance products such as Hacking Team and FinFisher that are marketed for use by governments. FinFisher is a suite of tools sold by a European firm called the Gamma Group. A company marketing document released by Wikileaks indicated that Finfisher could be “covertly deployed on the Target Systems” and enable, among other things, “Live Surveillance through Webcam and Microphone.”

The Chinese government has also been accused of using RATs for surveillance purposes. A 2009 report from the University of Toronto described a surveillance program called Ghostnet that the Chinese government allegedly used to spy on prominent Tibetans, including the Dalai Llama. The authors reported that “web cameras are being silently triggered, and audio inputs surreptitiously activated,” though it’s not clear whether the Ghostnet software is capable of disabling camera warning lights.

But there is an easy way for users to protect themselves. “The safest thing to do is to put a piece of tape on your camera,” Miller said.

Talk to us

> Give us your news tips.

> Send us a letter to the editor.

> More Herald contact information.

More in Local News

Alan Edward Dean, convicted of the 1993 murder of Melissa Lee, professes his innocence in the courtroom during his sentencing Wednesday, April 24, 2024, at Snohomish County Superior Court in Everett, Washington. (Ryan Berry / The Herald)
Bothell man gets 26 years in cold case murder of Melissa Lee, 15

“I’m innocent, not guilty. … They planted that DNA. I’ve been framed,” said Alan Edward Dean, as he was sentenced for the 1993 murder.

Bothell
Man gets 75 years for terrorizing exes in Bothell, Mukilteo

In 2021, Joseph Sims broke into his ex-girlfriend’s home in Bothell and assaulted her. He went on a crime spree from there.

A Tesla electric vehicle is seen at a Tesla electric vehicle charging station at Willow Festival shopping plaza parking lot in Northbrook, Ill., Saturday, Dec. 3, 2022. A Tesla driver who had set his car on Autopilot was “distracted” by his phone before reportedly hitting and killing a motorcyclist Friday on Highway 522, according to a new police report. (AP Photo/Nam Y. Huh)
Tesla driver on Autopilot caused fatal Highway 522 crash, police say

The driver was reportedly on his phone with his Tesla on Autopilot on Friday when he crashed into Jeffrey Nissen, killing him.

The Seattle courthouse of the U.S. 9th Circuit Court of Appeals. (Zachariah Bryan / The Herald) 20190204
Mukilteo bookkeeper sentenced to federal prison for fraud scheme

Jodi Hamrick helped carry out a scheme to steal funds from her employer to pay for vacations, Nordstrom bills and more.

A passenger pays their fare before getting in line for the ferry on Thursday, Sept. 28, 2023 in Mukilteo, Washington. (Olivia Vanni / The Herald)
$55? That’s what a couple will pay on the Edmonds-Kingston ferry

The peak surcharge rates start May 1. Wait times also increase as the busy summer travel season kicks into gear.

In this Jan. 4, 2019 photo, workers and other officials gather outside the Sky Valley Education Center school in Monroe, Wash., before going inside to collect samples for testing. The samples were tested for PCBs, or polychlorinated biphenyls, as well as dioxins and furans. A lawsuit filed on behalf of several families and teachers claims that officials failed to adequately respond to PCBs, or polychlorinated biphenyls, in the school. (AP Photo/Ted S. Warren)
Judge halves $784M for women exposed to Monsanto chemicals at Monroe school

Monsanto lawyers argued “arbitrary and excessive” damages in the Sky Valley Education Center case “cannot withstand constitutional scrutiny.”

Mukilteo Police Chief Andy Illyn and the graphic he created. He is currently attending the 10-week FBI National Academy in Quantico, Virginia. (Photo provided by Andy Illyn)
Help wanted: Unicorns for ‘pure magic’ career with Mukilteo police

“There’s a whole population who would be amazing police officers” but never considered it, the police chief said.

President of Pilchuck Audubon Brian Zinke, left, Interim Executive Director of Audubon Washington Dr.Trina Bayard, center, and Rep. Rick Larsen look up at a bird while walking in the Narcbeck Wetland Sanctuary on Wednesday, April 24, 2024 in Everett, Washington. (Olivia Vanni / The Herald)
Larsen’s new migratory birds law means $6.5M per year in avian aid

North American birds have declined by the billions. This week, local birders saw new funding as a “a turning point for birds.”

FILE - In this May 26, 2020, file photo, a grizzly bear roams an exhibit at the Woodland Park Zoo, closed for nearly three months because of the coronavirus outbreak in Seattle. Grizzly bears once roamed the rugged landscape of the North Cascades in Washington state but few have been sighted in recent decades. The federal government is scrapping plans to reintroduce grizzly bears to the North Cascades ecosystem. (AP Photo/Elaine Thompson, File)
Grizzlies to return to North Cascades, feds confirm in controversial plan

Under a final plan announced Thursday, officials will release three to seven bears per year. They anticipate 200 in a century.s

Everett
Police: 1 injured in south Everett shooting

Police responded to reports of shots fired in the 9800 block of 18th Avenue W. It was unclear if officers booked a suspect into custody.

Patrick Lester Clay (Photo provided by the Department of Corrections)
Police searching for Monroe prison escapee

Officials suspect Patrick Lester Clay, 59, broke into an employee’s office, stole their car keys and drove off.

People hang up hearts with messages about saving the Clark Park gazebo during a “heart bomb” event hosted by Historic Everett on Saturday, Feb. 17, 2024 in Everett, Washington. (Olivia Vanni / The Herald)
Clark Park gazebo removal complicated by Everett historical group

Over a City Hall push, the city’s historical commission wants to find ways to keep the gazebo in place, alongside a proposed dog park.

Support local journalism

If you value local news, make a gift now to support the trusted journalism you get in The Daily Herald. Donations processed in this system are not tax deductible.