Two researchers from Johns Hopkins University have proved, without a doubt, that it is possible to activate internal iSight webcams included in some legacy Apple machines without triggering the LED light that indicates its use.
It is not that that such a modification was considered impossible – in fact, it is widely known that the FBI was capable to do it for years now, and that commercial surveillance products and some malware out there is capable of doing it – but this is the first time that the capability has been publicly documented and demonstrated.
In their paper titled “iıSeeYou: Disabling the MacBook Webcam Indicator LED,” the researchers described how they were able to create a piece of software that made the LED ignore the input received when the camera be turned on, and to exchange the regular camera webcam software with it by using a Remote Access Tool / Trojan (RAT). They didn’t even have to have administrator-level privileges to do it.
Their attack worked on “previous generation Apple products including the iMac G5 and early Intel-based iMacs, MacBooks, and MacBook Pros until roughly 2008”, but other researchers said that it could be modified to work on newer versions as well.
The researchers say Apple has been notified of their research, but has yet to offer a mitigation or solution for the issue.
“To defend against these and related threats, we built an OS X kernel extension, iSightDefender, which prohibits the modification of the iSight’s firmware from user space,” the researchers noted.
Of course, there is also an easier option for protecting yourself: tape over your computer camera.