There was a time when hacking involved only stolen data and information. But intruders are always looking for new ways to invade your privacy. The latest trend in the hacking circles involves the enabling of Apple’s MacBook iSight camera while the indicator light is still off, capturing stills without the victim’s knowledge.
It all started when Miss Teen USA Cassidy Wolf turned to the cops after an anonymous hacker mailed her a few nude pictures of herself. The disclosing photos, used by the hacker as extortion bait, were taken on multiple occasions without Wolf’s knowledge.
The investigation led to 19-year old Jared James Abrahams, the victim’s high school classmate, who used sophisticated spyware to stock and blackmail Wolf and other girls. He pleaded guilty to all charges and now faces up to six years of imprisonment.
But this high-profile case is just the tip of the iceberg.
A recent study named “iSeeYou: Disabling the MacBook Webcam Indicator LED“, conducted by Matthew Brocker and Stephen Chockoway, showed that MacBooks manufactured before 2008 are extremely vulnerable. Although still unverified, it’s safe to assume that even latest models are not exactly immune to the aforementioned malware.
The software used for this hack is called Remote Administration Tool (RAT), normally used by IT staff to administer large networks. The alarming fact is that no special administrator privileges are required to execute the intrusion. The hacker simply reprograms the camera’s micro-controller so that the green light stays off at all times, even when active.
Windows laptops can also be “camera hacked”, but in a different way.
This is possible due to the glaring security vulnerabilities in HTML5. Clickjacking, which tricks users into performing unwanted actions, is a huge threat today. The most common technique involves the planting of zero-sized fonts or hidden links in webpages. Unsuspecting users who click on the planted malware immediately compromise their webcams.
As straightforward as it sounds, the best solution is sticking a small piece of duct-tape on the webcam when not in use. There are also many third-party solutions available in the market today, including plastic clasps and colorful stickers. Until Apple releases a proper security fix, all MacBook owners are advised to adopt a pro-active approach.
Source 1 – iSeeYou Study
Source 2 – Cassidy Wolf Case
Sign up today & never miss an update from the Checkmarx blog
Interested in trying CxSAST on your own code? You can now use Checkmarx's solution to scan uncompiled / unbuilt source code in 18 coding and scripting languages and identify the vulnerable lines of code. CxSAST will even find the best-fix locations for you and suggest the best remediation techniques. Sign up for your FREE trial now.
Checkmarx is now offering you the opportunity to see how CxSAST identifies application-layer vulnerabilities in real-time. Our in-house security experts will run the scan and demonstrate how the solution's queries can be tweaked as per your specific needs and requirements. Fill in your details and we'll schedule a FREE live demo with you.