Introducing Checkmarx Software Composition Analysis (CxSCA)

Smile, Your Webcam Has Been Hacked

There was a time when hacking involved only stolen data and information. But intruders are always looking for new ways to invade your privacy. The latest trend in the hacking circles involves the enabling of Apple’s MacBook iSight camera while the indicator light is still off, capturing stills without the victim’s knowledge.

It all started when Miss Teen USA Cassidy Wolf turned to the cops after an anonymous hacker mailed her a few nude pictures of herself. The disclosing photos, used by the hacker as extortion bait, were taken on multiple occasions without Wolf’s knowledge.

The investigation led to 19-year old Jared James Abrahams, the victim’s high school classmate, who used sophisticated spyware to stock and blackmail Wolf and other girls. He pleaded guilty to all charges and now faces up to six years of imprisonment.

But this high-profile case is just the tip of the iceberg.

A recent study named “iSeeYou: Disabling the MacBook Webcam Indicator LED“, conducted by Matthew Brocker and Stephen Chockoway, showed that MacBooks manufactured before 2008 are extremely vulnerable. Although still unverified, it’s safe to assume that even latest models are not exactly immune to the aforementioned malware.

The software used for this hack is called Remote Administration Tool (RAT), normally used by IT staff to administer large networks. The alarming fact is that no special administrator privileges are required to execute the intrusion. The hacker simply reprograms the camera’s micro-controller so that the green light stays off at all times, even when active.

Windows laptops can also be “camera hacked”, but in a different way.

This is possible due to the glaring security vulnerabilities in HTML5. Clickjacking, which tricks users into performing unwanted actions, is a huge threat today. The most common technique involves the planting of zero-sized fonts or hidden links in webpages. Unsuspecting users who click on the planted malware immediately compromise their webcams.

As straightforward as it sounds, the best solution is sticking a small piece of duct-tape on the webcam when not in use. There are also many third-party solutions available in the market today, including plastic clasps and colorful stickers. Until Apple releases a proper security fix, all MacBook owners are advised to adopt a pro-active approach.

Source 1 – iSeeYou Study

Source 2 – Cassidy Wolf Case

Jump to Category