New research demonstrates the ways your computer's built-in
camera can record you ... without any indication.
Duct tape: You can use it to make wallets. You can use it to remove warts(!). You can use it to hem your pants, to catch pesky flies, to create a makeshift bandage, or, should it come to that, to save your life during an aborted space mission.
And add one more use to the list: Duct tape can also help
you to protect your privacy as you use your computer. Maybe even the
computer you are using to read these very words right now.
Because you know how the camera that's built into many machines is
supposed to indicate its on-ness or off-ness with a light? And how you
are taught to assume, quite logically, that an off light means an off
camera?
Not always, apparently.
A story published earlier this month in The Washington Post featured Marcus
Thomas, former assistant director of the FBI’s Operational Technology
Division, telling the paper that the agency has long had the ability to
activate a computer’s camera—unbeknownst to the computer's user. As the Post summed it up:
The FBI has been able to covertly activate a computer’s camera—without triggering the light that lets users know it is recording—for several years, and has used that technique mainly in terrorism cases or the most serious criminal investigations.
And new research from Johns Hopkins, reported yesterday by the Post's Ashkan Soltani and Timothy B. Lee,
offers an external confirmation of that claim. Stephen Checkoway, a
computer science professor, along with his grad student and co-author,
Matthew Brocker, found a way to bypass the security features of the
Apple machines. They focused on 2008-era devices, which feature a
"hardware interlock" between the camera and the indicator light meant to
ensure that the camera can't turn on without alerting its owner to the
activation.
In other words: They'd found a way to bypass the green light, in every sense.
In their paper (title: "iSeeYou:
Disabling the MacBook Webcam Indicator LED"), the pair describe how
they, essentially, hacked into the Apple computers' iSight devices, reprogramming
the cameras' micro-controllers in a way that would allow for
independent activation. And in a way that would allow the activator to
bypass the indicator light. Their research, it's worth noting, has not
yet been published—but it is, the Post puts it, "under consideration for an upcoming academic security conference."
And it's not simply 2008 Mac products that are vulnerable, Soltani and Lee write.
While the research focused on MacBook and iMac models released before 2008, the authors say similar techniques could work on more recent computers from a wide variety of vendors. In other words, if a laptop has a built-in camera, it’s possible someone—whether the federal government or a malicious 19 year old—could access it to spy on the user at any time.
Checkoway and Brocker contacted Apple about their findings, they note in the paper,
in July. And while "Apple employees followed up several times," they
write, "they did not inform us of any possible mitigation plans."
Think
about that for a second. Think about the relationship you share with
your computer. You likely spend more of your daily hours in its presence
than you do in the presence of your spouse. Or your children. Or your
best friend. Your personal computer, often, sees you when you're sleeping. It knows when you're awake. It is Santa Claus,
basically, is what I'm saying, which makes it fairly frightening that
its automated list of your daily doings can be hijacked by people who
are considerably less jolly than St. Nick.
No comments:
Post a Comment