iSeeYou is a
security bug
Security is protection from, or resilience against, potential harm (or other unwanted coercive change) caused by others, by restraining the freedom of others to act. Beneficiaries (technically referents) of security may be of persons and social ...
affecting
iSight cameras in some Apple laptops.
Discovery
The researchers' decision to study webcam indicator lights resulted from the widely reported
WebcamGate case, in which a
remote access tool
In computing, the term remote desktop refers to a software- or operating system feature that allows a personal computer's desktop environment to be run remotely off of one system (usually a PC, but the concept applies equally to a server or a ...
installed on school-issued laptops took photographs of unconsenting students. The study demonstrated that the webcam indicator light could be turned off while the camera itself was turned on by bypassing the standby state of the signal. This was performed by changing the RESET register in the device's firmware to a value of 0x00c8.
Impact
The security flaw was reported internationally.
This vulnerability was used in the extortion of
Miss Teen USA
Miss Teen USA is a beauty pageant formerly run, since 1983, by the Miss Universe Organization for girls aged 14–19. Unlike its sister pageants Miss Universe, which currently broadcasts on Fox and Miss USA, this pageant is webcast on the M ...
,
Cassidy Wolf
Cassidy Marie Wolf (born July 5, 1994) is an American TV host, model and beauty queen who was crowned Miss Teen USA 2013.
Pageants
While attending Great Oak High School in Temecula, she was crowned Miss Greater San Diego Teen USA. Wolf was crow ...
, when she received emails containing nude photos of herself, taken without her knowledge, from an unknown man. Wolf claimed she never knew she was being recorded and that her webcam light never turned on. The FBI arrested Jared Abrahams in relation to this crime as well as the
sextortion
Sextortion (a portmanteau of '' sex'' and ''extortion'') employs non-physical forms of coercion to extort sexual favors from the victim. Sextortion refers to the broad category of sexual exploitation in which abuse of power is the means of coercio ...
of other female victims. Abrahams admitted he had infected victims' computers with malware and was able to record victims undress without the webcam light alerting them.
Journalists observed that Apple had sold their laptops as having a "hardware interlock" that was supposed to prevent such an attack,
and called on Apple to implement hardware switches or other strong privacy protections.
Mitigation
The Apple laptops affected are capable of running a variety of
operating system
An operating system (OS) is system software that manages computer hardware, software resources, and provides common services for computer programs.
Time-sharing operating systems schedule tasks for efficient use of the system and may also i ...
s, including
macOS
macOS (; previously OS X and originally Mac OS X) is a Unix operating system developed and marketed by Apple Inc. since 2001. It is the primary operating system for Apple's Mac computers. Within the market of desktop and lapt ...
,
Microsoft Windows, and
Linux
Linux ( or ) is a family of open-source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991, by Linus Torvalds. Linux is typically packaged as a Linux distribution, w ...
. Mitigations against iSeeYou may vary by operating system. The researchers released a macOS kernel extension, iSightDefender, to reduce the attack surface under macOS.
References
Software bugs
2013 in computing
{{tech-stub