HOME

TheInfoList



Click Here for Items Related To - ISeeYou
OR:
ISeeYou on:   [Wikipedia]   [Google]   [Amazon]

iSeeYou is a
security bug Security is protection from, or resilience against, potential harm (or other unwanted coercive change) caused by others, by restraining the freedom of others to act. Beneficiaries (technically referents) of security may be of persons and social ...
affecting iSight cameras in some Apple laptops.


Discovery

The researchers' decision to study webcam indicator lights resulted from the widely reported WebcamGate case, in which a
remote access tool In computing, the term remote desktop refers to a software- or operating system feature that allows a personal computer's desktop environment to be run remotely off of one system (usually a PC, but the concept applies equally to a server or a ...
installed on school-issued laptops took photographs of unconsenting students. The study demonstrated that the webcam indicator light could be turned off while the camera itself was turned on by bypassing the standby state of the signal. This was performed by changing the RESET register in the device's firmware to a value of 0x00c8.


Impact

The security flaw was reported internationally. This vulnerability was used in the extortion of
Miss Teen USA Miss Teen USA is a beauty pageant formerly run, since 1983, by the Miss Universe Organization for girls aged 14–19. Unlike its sister pageants Miss Universe, which currently broadcasts on Fox and Miss USA, this pageant is webcast on the M ...
,
Cassidy Wolf Cassidy Marie Wolf (born July 5, 1994) is an American TV host, model and beauty queen who was crowned Miss Teen USA 2013. Pageants While attending Great Oak High School in Temecula, she was crowned Miss Greater San Diego Teen USA. Wolf was crow ...
, when she received emails containing nude photos of herself, taken without her knowledge, from an unknown man. Wolf claimed she never knew she was being recorded and that her webcam light never turned on. The FBI arrested Jared Abrahams in relation to this crime as well as the
sextortion Sextortion (a portmanteau of '' sex'' and ''extortion'') employs non-physical forms of coercion to extort sexual favors from the victim. Sextortion refers to the broad category of sexual exploitation in which abuse of power is the means of coercio ...
of other female victims. Abrahams admitted he had infected victims' computers with malware and was able to record victims undress without the webcam light alerting them. Journalists observed that Apple had sold their laptops as having a "hardware interlock" that was supposed to prevent such an attack, and called on Apple to implement hardware switches or other strong privacy protections.


Mitigation

The Apple laptops affected are capable of running a variety of
operating system An operating system (OS) is system software that manages computer hardware, software resources, and provides common services for computer programs. Time-sharing operating systems schedule tasks for efficient use of the system and may also i ...
s, including
macOS macOS (; previously OS X and originally Mac OS X) is a Unix operating system developed and marketed by Apple Inc. since 2001. It is the primary operating system for Apple's Mac computers. Within the market of desktop and lapt ...
, Microsoft Windows, and
Linux Linux ( or ) is a family of open-source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991, by Linus Torvalds. Linux is typically packaged as a Linux distribution, w ...
. Mitigations against iSeeYou may vary by operating system. The researchers released a macOS kernel extension, iSightDefender, to reduce the attack surface under macOS.


References

Software bugs 2013 in computing {{tech-stub