Light on old MacBook webcams can be bypassed

A common pastime among the residents of the internet's seedy underbelly is  spying on people through their webcams then using the pictures to harass and blackmail the victims. This kind of hacking went mainstream when Miss Teen USA Cassidy Wolf was named as a victim of a blackmail attempt.

In addition to standard computer security advice given to combat this behavior -- keep your computer patched, don't install malware, and so on -- it's commonly suggested that you only use webcams where the activity LED is hardwired to light up whenever the camera is active. Among others, Apple's line of laptops has been identified as having such hardwired LEDs. However, researchers at Johns Hopkins University have published a  paper, first reported on by the Washington Post, demonstrating that even this isn't good enough. Some hardwired LEDs turn out to be, well, software controlled after all.

As with just about every other piece of modern hardware, the webcams in the computers that the researchers looked at -- an iMac G5 and 2008-vintage MacBooks, MacBook Pros, and Intel iMacs -- are smart devices with their own integrated processors, running their own software. The webcams have three main components: the actual digital imaging sensor, a USB interface chip with both an integrated Intel 8051-compatible microcontroller and some Ram, as well as a little bit of EEPROM memory.
One line joins the USB chip to an input on the imaging sensor called standby. When the line is held high by the interface chip, the sensor is put into standby mode and stops producing data. When it's held low, the sensor is taken out of standby mode and starts producing data. The same line is also wired to the negative side of an LED. Accordingly, when the line is high (and the imaging chip off), the LED is off. When the line is low, the LED is turned on.
In principle, then, this should serve as a hardware interlock. The LED is clearly hardwired, and its state should directly reflect whether the imaging chip is in standby or not. Unfortunately, the whole system is controlled by a layer of software.
When the driver for the webcam is loaded, the host PC uploads a small program to the USB controller (it has no permanent firmware storage of its own, so it has to be uploaded each time the camera driver is loaded). This small program in turn configures the imaging chip. The imaging chip doesn't have too many configurable properties, but one thing that it does have is whether it pays any attention to the standby input.
Apple's own drivers set a configuration where standby is respected. But other configurations are possible -- such as one where the chip ignores standby entirely and always produces image data.
With this knowledge in hand, the researchers wrote a new piece of software to upload to the webcam. This piece of software was much like the normal webcam software but with two differences: first, it told the imaging sensor to ignore the standby input. Second, it ensured that the standby line was always held high to prevent the LED from illuminating.
The result: a webcam with a hardwired indicator LED that nonetheless allowed image capture without lighting the indicator LED.
Not all cameras promise to have hardwired indicator lights in the first place. Many Logitech cameras, for example, have a software-controlled LED. Software is available for these cameras that lets them be used as motion-activated security cameras -- always on, recording anything "interesting" that they see -- and for this niche scenario, being able to disable the indicator makes some sense.
Whether this design makes sense for most users, given the apparent abundance of surreptitious webcam-based spying, is less clear.

The researchers did not test modern Apple computers or other, non-Apple webcams. Secure designs for the indicator LED are possible, and different imaging sensor/USB controller pairings might prove to be more robust. Nonetheless, one thing is clear: if your hardware interlock is software mediated, it's not a hardware interlock any more. When it comes to protecting against webcam spying, you should ignore the technology and simply tape over the camera.