Researchers at the Department of Computer Science at Johns Hopkins University say that Apple Inc.’s iSight camera system among other webcams can be vulnerable to hijack hacking. However, 19-year-old Miss Teen USA, Cassidy Wolf, found out the hard way when she received an anonymous email containing two nude photos of herself that were taken by her own hacked webcam.
The email demanded more nude photos from Wolf or the anonymous sender threatened to release her photos to the public if she didn’t comply. More demands were also made in the email, but the details of these demands were not shared.
The nude photos were taken over several months by Wolf’s own laptop webcam. Wolf said that her webcam light never came on during this period, which would have tipped her off that her webcam was in use. It was never confirmed whether the webcam light had been disabled by the hacker, or if Wolf just didn’t realize the LED light being on. The hacker was spying on her and through up to 150 other webcams in the area.
The FBI says suspected hacker, Jared Abrahams, breached the privacy of people by hacking into their webcams with his sophisticated network and peeping software. Abrahams has now pled guilty to extortion charges.
Earlier this month the FBI also revealed that they have been using a malicious software program called “malware” as a spying technique on suspects through the suspect’s own webcams. The malware program was able to allow surveillance without toggling on the “in-operation” LED light located on a suspect’s webcam. This is a similar sounding observation described by Miss Teen USA when her webcam was hacked and the nude photos were taken. Apple Inc.’s and other webcams have a hardware interlock between the LED light and the webcam. When the webcam is in operation, the LED light is always supposed to be toggled to the on position automatically.
Assistant professor and co-author of the Johns Hopkins’ paper – iSeeYou, Stephen Checkoway, says that he and his partner were able to hack into Apple Inc.’s iSight camera system and disable the LED light when the camera was operating. Checkoway and his paper’s co-author, Matthew Brocker, were able to independently control the camera to record audio, video, and snap pictures without enabling the camera’s integrated LED light. The team was able to accomplish their feat by reprogramming the microcontroller contained within the iSight camera system.
Checkoway and Brocker notified Apple Inc. about their ability to exploit the iSight camera system, and although Apple did not reply to requested comments, Apple sources say they took this very serious. The researchers did follow up with Apple several times, but were not informed by any possible plans for mitigation. Checkoway did note that the exploit now only works on older 2008 Apple products.
The federal government made agreements with seven computer rental companies last year, when it was discovered that they were unlawfully spying on their customers. The companies were allegedly capturing photos of their customers through the rental computer’s webcam.
Miss Teen USA is only one case where nude photos have been taken from a hacked webcam. Apple Inc. and other webcam manufacturers will always remain vulnerable to malware hacking programs. The Federal Trade Commission says that currently many thousands of people may be getting spied on from webcam software named PC Rental Agent. This program had previously been installed on approximately 420,000 computers across the world. When it’s not in use, covering the webcam with a piece of paper remains to be the best security from any hacked webcam.
By Brent Matsalla