Beyond a certain point Apple computers became a status symbol and now they seem to be able to get the users to cater to them instead of the other way around.
But no, this analogy does not follow, because your microwave will still work after you put your dog in there -- and I have not seen guidance from Siemens telling me that microwaving my dog voids my microwaves warranty.
When I moved to Germany I was surprised how everyone taped the camera on their laptops with these small, thin, easy to remove stickers that left no residue made for bookmarking your notebooks.
This should still work on Macs as a sticker is thin enough not to damage the display.
That's what I use as well, and I'm still using the same one that I started with. It's lasted over a year.
I appreciate this line:
> The camera is engineered so that it can’t activate without the camera indicator light also turning on. This is how you can tell if your camera is on.
But I still want a physical assurance that the camera can't see anything. I don't want to have to count on myself noticing the light.
Some Lenovo ThinkPads have built-in shutters, and I wish Apple would do the same for MacBooks. In my ideal laptop, it would also physically disable the microphone.
I've never understood physical covers, then again I am never in a compromising position in front of my laptop.
Any malware that can take pictures can record keystrokes. I want no cover so I can see the activity light because knowing the webcam is on is more important than it being on.
The (pennsylvania?) school district webcam spying scandal got kicked off because a boy noticed his webcam light coming on. If it had been covered would he have noticed?
No, the school district wouldn't have had pictures of him, but they still would have screengrabs, audio, and keystrokes and he likely never would have noticed.
Take all of the pictures of my double chin that you want.
I want to know that my webcam is coming on without my authorization so I can root out the spyware that is keylogging.
Passwords > Pics
If you're the type whose life will be ruined by pictures taken by your webcam, by all means cover it up. I'm too old and hairy to be blackmailed with nudie pics.
Having my passwords leak would seriously cramp my style, though.
And no, nobody is going to waste a zero-day that can reprogram a webcam controller to disable the light (if possible and often it is not) on a nudie-pics malware. They are going to use it to make actual money.
For me it's not about blackmail, it's about making sure the camera isn't accidentality enabled unexpectedly during a meeting.
The worst that would happen is I'd look kinda unprofessional slurping up some noodles, but having the camera covered allows me to be confident I'm not presenting unless I intend to.
We've been 100% Microsoft Teams since March so I'd say that in several hundred calls and conferences since then I've never activated the webcam without intent.
It doesn’t matter how often this happens, it matters that it can happen. It is much nicer to have a cover and not worry, then to always remember “did I remember to deactivate the camera?”
I don't understand why people have window curtains and close them at night. If you have them closed then you can't see the person spying on you outside. Door locks are more important.
This is what you sound like. The things can be used in conjunction with one another. It is not an or scenario, you can have both. You can also have covers which don't cover the indicator. You use different deterrent mechanisms for different threats. It is as simple as that.
Except to use your metaphor, software control of a webcam is like closing the blinds and putting a physical cover over the lens is like covering a window in aluminum foil in addition to closing the blinds.
I live in Los Angeles. If there's bright lights outside, it means the guy down the street is being an asshole again (he keeps rearranging his outdoor sensor light to point out at different parts of the street) or someone kicked a neighbor's garden lights (why do people even have these?)
This is an interesting side effect of designing a thin, fancy glass display! I see a lot of people who cover their camera and I appreciate their concerns but I do trust the green light.
Although... You may not see the light on if you leave your laptop open when you're away from your desk. I do wish it was easier to get a laptop with no camera or microphone at all!
This seems like a pretty mild warning for folks who might stick a bulky cover on their camera and press down / pack their laptop tightly and now have wedged part of the screen open with the cover.
I'm a fan of using painters tape.... pretty low profile, easily removed, stays on really well. Also the weird blue glow you get when the camera is on tells you pretty quick "Hey there's a cover on there" where sometimes with the all blackout covers ... I can't tell.
I renew my calls for all devices to have an led indicator (good on Apple here) and a physical switch that cuts power to mics and cameras for all devices with them. With the endless layers of software we have today, I have trouble trusting anything but cutting power.
But it's also a sign about Apple not doing a good wrt. making their premium products robust.
With many other Laptops in that price range you would either have to use a very fat cover or apply a amount of pressure which might damage your laptop anyway. I just tried it (carefully) with my laptop and the screen has enough "play"/"flex" to handle it just fine.
PS:
Fun fact as far as I remember a number of webcams with LED indicator allow (or did allow in the past) anyone using the camera
to switch off the indicator without stopping using the camera...
>Fun fact as far as I remember a number of webcams with LED indicator allow (or did allow in the past) anyone using the camera to switch off the indicator without stopping using the camera...
While this is still true for many laptops, it hasn't been true for MBP for at least the past 5 years (cannot be bothered to find the exact year), even if someone has full root access to the machine. I say that, because the camera LED on MBPs these days is hardware activated, not software. So if the camera is active on hardware level, the LED indicator will go green, no matter what.
For the whole damage from using a camera cover thing, I simply bought as low a profile one as I could find and used a few small felt pads in the top 2 screen corners and next to the camera just outside the width of where the touch pad is (keeps pressure off the pad so the sensor doesn't crack).
I had a laptop that just was a pain to pick at with your fingers to open... I just shoved a bunch of paper in there for a while before I went with your solution, some little rubber clear grippy pads in the corners to get it to stand away from the body just a bit.
> I'm a fan of using painters tape.... pretty low profile, easily removed, stays on really well
The cleverest solution I've seen that is 1.) easily toggled, and 2.) harmless to screens is a coworker who built a little vinyl veil that attaches to the top back of their monitor. They can flip it forward to cover the camera, or flip it back to use it. But if you close even the tightest of lids with a couple microns of vinyl in there, it's harmless. Bada-bing, problem solved, and they only used a penny or two worth of materials.
My wife uses a tiny speck of Blu Tak. It’s soft so just gets squashed flat when the lid closes and it’s designed to be infinitely reusable and come off things without leaving a mark. She just pulls it off and sticks it a few cm to the side of the camera when she wants to use it. She’s been doing it for 3+ years (same piece) and it’s genius.
I’ve got some a lot older than that that’s still sticky. I have no idea what wizardry it’s made of but it’s incredible stuff. Probably involves actual magic (aka Materials Science, the closest thing we have to real magic). I use it every day to hold wires in place while soldering, or temporarily positioning components to decide on layouts, etc etc.
It does not have to be a bulky cover. I used an extremely low profile webcam cover on my 2015 MBP for 3 years. I put a similar one on my 16" MBP, and it destroyed the screen after a couple weeks.
Specifically, this is the webcam cover I was using:
I used this on the 2016 for years, but even though it's incredibly thin, it is too thick for the 2020. Would love to find a replacement if anyone has a suggestion.
I've been using the same tiny square of black electrical tape for nearly 2 years without issue, just slides across when needed, the tackiness hasn't noticeably degraded in that time, it's barely noticeable to outsiders unless they really look for it and it hasn't let me down yet. When it does let me down, it basically zero cost to replace and it definitely won't crack my screen either :)
Ahh, thanks for the link. The webcam covers I'd seen in the past were just removable plastic stickers, and I was having a hard time visualizing what counts as "thin".
One of the photos shows them be about as thick as a credit card.
I've been using this exact same cover on 3 different MBPs (yes I use 3 MBPs simultaneously, a 2016 13", a 2019 13", and 2019 15") for almost a year and haven't noticed anything even remotely close to it damaging the screen on any of them.
I actually just tested it, and the cover doesn't even make contact with the lower half of the MacBook when closed. The cover fits into the trackpad area, which is recessed. I don't see how it could possibly damage the screen without me putting enough pressure on it where the screen would have been damaged regardless.
Does the 16" have a shallower trackpad or a thinner rubber gasket around the screen than the 13" and 15" models? Even for Apple, it sounds insane that they would create something so fragile it could be broken by a 0.02" piece of plastic.
I use 3M blue multi-surface masking tape on all my devices. I've had a piece on my surface laptop screen for several months now and it is still leaving no residue after removal. I also like to cover the microphone cutouts if feasible (these are directly adjacent the webcam on my laptop).
I consider the piece of tape over my laptop camera like face masks. It may not be perfect nor pretty, but it's damn effective, and I feel better having it on.
People are suggesting just using tape, but the issue is when you want to un-cover it frequently (which is probably more common now than a few months ago). For a couple dollars you can get a thin, nice-looking little plastic cover that you can actually slide out of the way when you need to use it. Most of these are thin enough not to be a problem, but they vary, and even the really thin ones usually don't quite let your Macbook close all the way, potentially putting pressure on a narrow point.
TBH the thing I’ve noticed is just how fast people stopped turning cameras on during Webex.
Before the nearly everyone at my company what was WFH or was joining from their laptop rather than a video conferencing room had their camera on.
Within like a week of the lockdown people stopped and I can imagine why you stopped dressing, stopped shaving heck I can hear bedsheets on some of the calls I attend.
That might vary by team. My team/org still uses cameras a lot as it makes it easier to empathize and be empathized with. Especially if we're trying to be persuasive, a human face is easier to emotionally connect with than a voice.
That's some pretty broad-strokes-painting. I'm still on a video call every week, and I'm not in as many meetings as most of my coworkers. I'm also in two separate weekly online roleplaying game groups and we use cameras for those because it's much less fun without the added expressiveness.
Something I noticed specifically with webex is that the latency isn't nearly as bad in audio-only mode. Not as good as Mumble or Discord, but you can actually have a decent phone call.
We had specific guidance to not have cameras on because of the bandwidth load on the VPN. For cost reasons, they've also turned off access from the 800 number to dial in to meetings.
That's definitely a "YMMV" situation. There are a few people at my org who always have their cameras off, and occasionally I'll keep mine off as well, but in the meetings I'm in, 80% of people have their cameras on.
I'd recommend gaffer's tape instead: https://en.wikipedia.org/wiki/Gaffer_tape. It's similar to electrical tape but it's designed to leave no residue when peeled off.
> The camera is engineered so that it can’t activate without the camera indicator light also turning on.
Has anyone torn down the hardware and verified this lately?
It should not be a complicated feature at all. Just ensure you have the same voltage applied to your LED circuit as your camera circuit, and enforce that by having them on the same wire...
Yeah, light can turn on when one is looking away from the computer or sleeping and could potentially be spied on. A cover is a non spying guarantee, at least the visual part, spies can listen on the mic though
Important distinction. If your microphone is compromised, your web cam might be triggered to turn on just long enough to take a photo, or the camera could turn on only when the mic is quiet and there are indications the person is not engaged with the computer.
Should be a tiny mechanical device in addition to the light and it should only unlock with touch id. Same for microphone. Honestly, I want the same thing for phones too. The ease by which we are monitored is too damn high.
Note that this is not only about security. Sometimes a user simply makes a mistake, or have an app configured the wrong way, and accidentally turn on their cameras without intending to. Nothing has been compromised, everything is secure, but they still suffered an unexpected exposure. A camera cover will prevent many of these situations.
I’m not an electrical engineer so forgive me if this is a dumb question. Is it possible to wire it in such a way where the power actually travels through the LED, so if the LED ever stopped functioning or lost connection the webcam would literally receive no power?
Yes it's possible, as LEDs are indeed diodes, but done naively it would be a very bright LED, and it would tend to flicker as the current draw from the camera varies. It would be a hassle in general.
The LED could still always fail short, and then you're back to having a broken indicator again.
It's not that simple, what voltage and current need to held on that wire to light the LED and the camera? It's not uncommmon to find a situation where a chip doesn't technically have the right power on it's power rails, but is instead drawing power on the input ports. It's non-trivial to prove this is or isn't happening.
No, I think it is that simple. The camera module likely needs either 3.3v or 5v. The LED can also be powered at either 3.3 or 5v by simply using a series resistor. You just hook the camera and LED to the supply in parallel.
> a chip doesn't technically have the right power on it's power rails, but is instead drawing power on the input ports.
What does this mean? The data lines of camera modules are generally differential pair, and it is highly unlikely that significant power is being drawn from them.
All I'm saying is that I have literally worked with systems that have drawn power over differential pairs and it's fucked with our power measurements. So don't rule it out.
> The camera is engineered so that it can’t activate without the camera indicator light also turning on. This is how you can tell if your camera is on.
I'd assume this is done in firmware for the camera module?
I still prefer a hardware solution or even a toggle, 1\2 the reason I like the cover is less for privacy and more to prevent joining meetings with the camera on when I'm not ready
removes the need to always be thinking about some random indicator being on or off
I was very skeptical of the camera covers, but then through conversations with some of my co-workers, I realized that they weren't being used because people were worried about spies secretly turning on the camera. It was 90% of the time just peace of mind that their camera was actually off, instead of having to find the sometimes hard to see options in video chat programs etc.
No it's not. It's meant for any port, but this model has it's own port so you don't need to keep plugging and unplugging it. You can leave it in and daisy chain by plugging your headset or speaker into it rather than directly.
Support for this kind of thing is entirely voluntary. You can short the mic pin to ground (or connect an external mic), and it will disable the onboard mic by default because that's what is expected, but there's nothing physically stopping the audio controller from reading from the onboard mic anyway.
This should really be the standard for laptop webcams. The T480 webcam cover is flush with the bezel and you barely even notice it because it's so subtle. One of my favorite features.
Yeah, I have the X1 Carbon and there is nothing that is ever going to make me as comfortable as a little piece of plastic that sldies in front of the lens of the camera.
Current cheap ones have them- my daughter has one for college. She had to use it for remote college for the pandemic- but it was the first time we used the webcam on that computer. We used an external webcam a few times because we thought the internal one was broken, but the door was just closed...
I quite often accidentally turn on the camera without intending (usually because an app automatically turns it on) to. Having a cover prevents me from being embarrassed by an unexpected exposure.
Exactly this. I use one for these reasons, in descending order of practical concern:
1. I don't want to broadcast myself during a meeting when I'm not prepared, or perhaps leave a meeting open by accident.
2. If a bad actor does access my camera, I won't necessarily notice the indicator light, especially if I'm not actively using the computer at that moment.
3. I don't trust the indicator light to be permanently unhackable.
Right, so as time progresses news comes out about said hardware being hacked. I think you've validated his point. 5 years from now we will see how today's cameras have been hacked.
This was a known weakness back then, not some amazing breakthrough, and unless the vendors are actively lying about the hardware there's no way for someone to “hack” the power connection without a soldering iron.
I don't trust their implementation of a hardware link that is both reliable and truly un-exposed to software because I don't have the expertise or time to interpret their implementation, and even if I did, I don't trust that nothing about it will become vulnerable in any MacBook model going forward into the future. I don't think point 3 is moot in any practical sense.
The only way to physically get electricity to the camera unit, to be able to get any data from it is to pass that electricity through the indicator LED.
Multiple teardowns have confirmed that it's a hardware path that software cannot modify.
Right. And some apps like WebEx turn on the camera by default, which is insane but happens and until you click to turn it off, you're live.
Also, if you're using an external display, then how are you supposed to notice the green light on the MacBook sitting next to the display?
That Apple article is nonsense. I put a black tape over the camera and I know nothing including hacks can broadcast unintended scene. It's easy to remove the tape when I actually have to which isn't too often for me.
Tape? I bought 10 little plastic sliding cover things on Ali Express for <£2. Unless you're on a 100% China boycott (which I assume wouldn't permit a MacBook anyway) I don't see a reason not to use them. They're fine, permanent, had for 3 years and not fallen off or anything.
>Right. And some apps like WebEx turn on the camera by default, which is insane but happens and until you click to turn it off, you're live.
Not to mention apps that do it "right" like Hangouts that enable the camera for you to preview your video feed before you're actually live. Could be pretty confusing/concerning for someone who isn't used to an app (and when it broadcasts you or not) and sees the light come on. A cover takes that whole thought worry-pitfall out of the possibilities.
I've actually been on calls when the person did not want to show their webcam (and I had never seen them face to face) and did not notice they were showing their webcam due to having several screens.
Same on all counts, though I went a step further and wired in a microminiature slide switch to completely power off the camera. That way applications see "no camera" unless I go out of my way to power it on. I painted the "on" side of the switch in retroreflective paint so I can see when it's on at a glance too, whether the camera is in use or not. This was on a thinkpad though, I doubt macos would tolerate a disappearing camera.
Sadly no pictures of the insides. I'll give you a description though. I cut a trace on the camera module (should have cut the cable instead on second thought) and soldered in two bits of enamel wire that go to a slide switch. Clipped a little bit of plastic off the lid so the switch was accessible, blind-drilled two tiny holes in the lid for the alignment pegs of the switch to go into, and glued it in place. I then did the painting with a very fine brush under a microscope. The wires are routed around the camera module and the switch is to the left of the camera, in order not to interfere with the little LED on the right of the camera that illuminates the work area. The outside looks like this (I didn't bother cleaning up the cut-off plastic edge): https://imgur.com/a/UpB1dJn
It totally does, internally the camera is just connected over USB. (I can tell you it copes with a disappearing camera because mine disappeared a while ago and never came back)
I have the same with my headset. It has a physical mute button for the microphone, which I engage as soon as I'm done talking in Teams or similar. It's a dumb switch, so instant and with no annoying woman telling me I muted. Being a dumb switch it's also tactile, so I can tell by feel if I'm muted or not.
That way I don't have to worry about my annoying my colleagues by my mechanical keyboard, occasional excess gas events or similar.
The UI pattern of a button with a crossed-out camera/mic always makes me think twice: is it a status indication that my camera is off, or is the button's action to turn off my camera (meaning my camera is on)?
I cover my camera to avoid that 5s mental dance at the start of every meeting.
On my work laptop, my employer could conceivably turn the camera on to monitor me in some way. I don't think they would, but still I put tape over the camera because I don't want them to be able to do that.
The Huawei Mate book X Pro has a key on the keyboard that when pressed flicks up a camera. When it is down it shows a black hole inside the keyboard. When it is up it shows a great angle directly up your nose and typing when in a video call shows your hands really clearly. But it is still an interesting way to do it.
Yeah, I started using to LARP, but it's actually huge for peace of mind. When I'm in meetings and I want to make sure that nobody can see make butt naked, I place the webcam cover. The person caught peeing on a zoom VC[1] would never have happened with a webcam cover.
Also, I am really worried about microphones. I have 2 google homes, 6 siris (iPhones and apple watch), a portal, a number of macbook pros and airs, a PS4, ... any of these devices could be listening to me at all time :/
I've always used a sticker (black dot-shaped) or a piece of post-it note. Post-it is really convenient but it's ugly.
I still think the best solution would be to have no builtin camera or microphone. Just have something like the iSight that you manually and thus willingly connect to your thunderbolt. Works with your external monitor as well and you can orient it the way you like. It would also have better overall image and sound quality (low light, more shallow depth of field, etc.). And on the plus side for Apple and its shareholders, it's another $499 essential.
I never really understood the point of camera covers.
If my computer is compromised to the point where an attacker can access my camera and microphone, information from my camera and microphone are the least of my problems.
Now I'm old enough that there's money in the bank accounts I access online, and I can afford a home big enough that the room I use my computer in isn't the room I get dressed in and have sex in, absolutely.
But if I was giving a computer to a 12 year old or 16 year old - what else is the hacker going to take? Their online gaming account?
Per OPs comment - it isn’t about a compromised system for me at all at least. If I’m in a video conference at 6am in my pjs I’m just a button click away from everybody seeing me. Camera cover let’s me know I can’t accidentally do this (and it has saved me on multiple occasions).
Sure, someone could grab all my files, email, etc. That would be damaging.
But if I'm having a sensitive conversation in my home/office with someone and the camera and/or microphone come on, that could be damaging as well.
FWIW, I use a camera cover and Oversight[0] to tell me when an application uses the camera or microphone. It doesn't prevent it from happening, but at least I'm aware if something is going on. The weirdest thing I've seen yet is that the iOS Simulator uses the microphone.
People also do it so they don't accidentally open something that's got the camera enabled. If you're a school teacher answering questions for students in the evening you don't want to click the wrong thing and turn on video, or close the lid with something running then open it later, having forgotten, and now you're broadcasting. Stuff like that. Whether teh haxx0rs can get at the camera is irrelevant for that reason of using covers.
Personally I wish all my devices had hardware toggles for camera and mic, both. Phone included, since it's only a "phone" a small fraction of the time these days, the rest of the time it's a small Web-stuff device.
> "Designed to protect your privacy, Mac notebooks have a camera indicator light to let you know when the camera is on. ... Published Date: July 02, 2020"
The fact that they worked at all is an indication that something similar may work in the future. It's not like apple has never had a regression in software.
Risk to the average apple customer is? Do you think that most people need to worry about this? Point Apple is making is it's not needed for the vast majority of their users and if you feel better use a piece of paper.
So let's stipulate it can happen (because well it can happen). That would take both someone being targeted en masse (prior to apple having a fix in place) and it making a difference to the person or people it happened to. Is that really a big enough risk to spend time worrying about?
Not to presume what the OP was meaning, but I'm guessing they were pointing to these cases as a "it has been vulnerable before, it may be vulnerable again. But a cover is not exploitable in this way" rather than "these exploits work".
Which bugs, loopholes, backdoors, etc allow the camera to get through my cover (I upgraded to sliding plastic from electrical tape at the start of lockdown and there was a need for an actual camera)
Do you expect him to post links to zero day exploits? If it's actively targeted and done so consistently and sequentially, it is reasonable to expect that it _could_ be happening now.
I don't think they are saying that a vulnerability currently exists. I think they are saying that people don't trust these lights because they have a bad track record. It could be that the current implementation is better, but how is an end user supposed to know it's better?
It's kind of a matter of fool me once, shame on you, fool me twice, shame on me.
> that people don't trust these lights because they have a bad track record.
No tech people who think about and obsess about this type of 'risk' don't trust the lights. Most Apple customers vast majority don't think and don't care.
I would wager money that precisely zero of the "tech people who think about and obsess about this type of 'risk'" have had their privacy compromised as a result of an Apple laptop misrepresenting the on/off state of the camera.
It's been twelve years since a vulnerability in this was reported, and by all reports the LED power state is now implemented in hardware. It's long since time to obsess over other sources of risk, instead of the dead ghosts of previous ones.
An opaque piece of tape used to disable a camera is one of few components a user can completely understand. Apple is probably correct to tell users to rely on Apple's security features, but those features are way more complicated than a piece of tape.
I had a laptop with a physical switch for WiFi/Bluetooth in 2006 or so (with a matching orange/blue light that would turn up when you toggled it). The problem was that this was actually all done by a software driver - when I booted into Linux with the laptop I was surprised to find that the bluetooth/wifi modules were on regardless of the switch's position.
At the end of the day, unless you have a really nice microscope, solid understanding of electrical engineering, and a few tens of thousands of hours ahead of you, you have to trust whoever you're buying the hardware from that it will do what they say it will. No amount of hardware efforts can solve the fundamental human trust problem.
I had another laptop with a hardware switch and a corresponding LED, and it worked exactly as it should - the hardware was completely inaccessible under Linux. So yes, it can be done and it's not rocket science.
Yes, what you describe is trivial - and it would be similarly trivial to design a module that appears to respect the switch (regardless of Linux/Windows) and yet records things surreptitiously, only to offload it at a later date.
Remember the amount of effort VW was willing to expand to cheat emissions testing.
It would be mildly impressive if a manufacturer made a fake cover with a switch to detect when it's "closed" and make the main camera stream filtered to look like the cover is real, while having a 2nd back-door unfiltered stream. Of course this could be detected by someone who took the unit apart.
On Thinkpads, the cover has a prominent red dot painted on it, that ends up in the location where camera lens would normally be. And, of course, you can visibly see the edge of the cover move as you slide it. So I don't know how you'd fake that.
The question isn't whether you can add a cover to the product after the fact, it's whether you can trust a switch on a product to do what the manufacturer says it does.
It's like the halting problem. It's hard to decide whether a given switch works in the general case. But it's possible to design an obviously correct breaker.
Edit: the gnarly thing might be ensuring it doesn't harvest power through data wires or store power in covert capacitors or batteries.
I have a Lenovo Thinkpad T480. Its webcam switch is a slider that covers the webcam lens. You don't need a fancy microscope, or a solid understanding of EE, or tens of thousands of hours. You need the ability to see the slider cover the lens. Takes all of half a second and at least 1 eye.
And the hackers still win, cause no one remembers to slide it shut after a call, and they can hack the led so there is no physical indicator when they are watching.
I prefer aluminum foil under the tape that's over the lens so it can be flipped up out of the way easily but still block the view. But the cover does the same thing and doesn't take the effort of putting in a piece of tape.
But you just moved the goal-posts from a discussion about whether the implementation was faulty (and Apple was misleading their product owners) to one about whether the design compromises are right.
Apple claims that the LED comes on when the camera is active, which it claims helps protect your privacy. That seems to be true, and certainly no-one seems to have any contradictory examples that are not 12+ years old.
I can argue that when one uses a sliding cover, one can easily forget to reset it after a video chat. The design is bad. The right solution is simply not to have a camera. It's just a different design compromise.
The question is whether this is a firmware implementation that's just waiting for a 0-day or if the +V for the CMOS sensor is literally wired to the LED. If the latter I'd like to see a picture of it.
I was the security architect for this feature on recent Macs. The LED is wired to the camera PMIC and is powered by the voltage rail that powers the camera. The PMIC will always remain on if the system has power. Macs newer than 4 or so years also have a feature that forces the LED to stay lit for at least 3 seconds after it has been turned on to prevent the single-frame-grab attack.
So you have to perpetually watch out for the LED indicator to see if it ever randomly turns on for 3 seconds? And what if it does come up unexpectedly? At this point it's too late and you've already been captured. A mechanical cover that can slide on and off the camera seems like much better security.
The point is that the hardware has been designed properly. Combined with the OS-level permissions, it should be assurance enough for the majority of use cases.
If you need further assurances, then by all means, use a physical cover.
The claim was that single-frame grab attempts are prevented by an indicator that stays on for 3 seconds. First, you do have to be alert for all of these potential 3 seconds windows, and second, it doesn't prevent anything but only tell you that it has already happened.
No, it wasn't. The claim was whether it was implemented correctly, as the entire conversation started with examples where it was not implemented correctly.
Properly designed hardware would add one small - and in every way possible, since we've already identified the circuit that drives the single power source - addition. A physical switch that prevents camera from being turned on. Same for the microphone. Unfortunately, this is never done. So people put covers on.
There is a little LED that lights up when they open. The door latch is controlled via software and so is the light, though I would assume in the case of power failure they'd unlock for fire safety reasons.
I know where you were going with that, but the situation is different than what you’re trying to show. On Macs the light is on the path of the camera: if it is on the camera is, if it is not then the camera is not. Whereas with the door you might think that if it was latchless someone could just push it open when the light was off. The camera light is really a door alarm, not a door latch. (And as I just mentioned, doors with an alarm but no lock often do exist, usually for fire safety reasons).
A door without a latch does not prevent
an unauthorized person from trespassing.
A camera without a cover does not prevent
an unauthorized person from trespassing.
Ah, good. Is the microphone similarly protected? Sometimes I feel I must be the only person on earth who doesn't use their laptop while naked and couldn't care less if the imager was watching me. The microphone, however, could be an actual security threat. Phone calls, muttered passwords, etc.
According to an anonymous Gruber source, Apple fixed the issue by tying the led to the Vsync on the camera board. I have not found a teardown or anything other than this confirming it https://daringfireball.net/2019/02/on_covering_webcams
I don't see how that fixes the problem; if you don't trust Apple to build in hardware safeguards around the camera indicator light, why would you trust them with a hardware switch?
A hardware switch should in theory be more easily verifiable than a software one through physical testing. Running tests on PCB traces to verify that a switch indeed works is probably a whole lot easier in general practice than decapping chips or decompiling and analyzing low level firmware or low level OS components.
But are you going to run those tests on PCB traces on your own hardware? If not, then you have to trust that your hardware is identical to whatever hardware was torn-down and tested. I suppose this is good enough unless your threat model includes someone swapping your computer enroute to you with a modified one.
But even then, are you sure the computer whose PCB you tested hasn't been swapped or modified since then? That Chinese operatives didn't splinter cell it while you were out grocery shopping?
Just so you know, switches in something as complicated as a laptop have a good chance at being connected to a processor , with firmware being the thing that determines what the switch does. So you still need trust, even with a physical switch.
Source: write firmware for a living, and write drivers for physical switches.
It should be implemented with the same robustness as if the user's life depended on it.
As an analogy, you wouldn't implement a car brake by running it through some firmware. Instead, you'd preferably make a direct physical connection between the pedal and the actual brake.
There's another angle, which is that even if the wiring works and forms an iron clad promise the camera is not working, not having camera covers trains the population to be okay with having cameras pointed at them all the time, even in their most personal and private spaces.
For many people the trust in integrated laptop cameras has been thoroughly eroded especially in case of Macs. (From my experience by interacting with people not having much tech experience, limited to Germany, maybe also limited to the social cycle(s) I interacted with.)
The paradox thing is that the same people who often don't trust webcams in Apple Laptops or Apple All-In-One PCs do not bother or even think about weather or not the camera in their iPhone could spy on them or weather or not they microphone in webcams could still spy one them...
Maybe that's misguided and naive, but I pretty much trust my phone to protect me from bad actors taking over the camera; I'll have to trust the apps I use that have camera access to not spy on me, but those are few.
Until relatively recently, any userspace app on my computer could freely access the camera and microphone, including background processes and malware, so that feels a lot riskier. There seems to be a permission for this that must be granted in the newer macOS versions, but I assume there might be ways around that.
This might be true for yourself as a technical savvy person. Camera covers are particularly important to people who are self-aware enough to realize they don't have the tech skills to keep bad actors from gaining access to their camera
As a tech-savvy person, I definitely don't have the skills to make sure of that on a laptop. I might be one brew install obscure-util-from-random-HN-comment (or npm install ...) away from inadvertently giving away all my privacy.
My thoughts exactly. On my phone, I have to trust Apple. On my laptop, I have to trust everyone who wrote code I downloaded. That’s two quite different crowds.
Then you haven't seen all the malware and spyware on phone apps that have been approved by Apple and Google right? I don't trust anyone regarding my tech as far as I can throw them.
I could have a System 76 machine with latest xyz hacker proof Linux distro and I'd still assume all was heard and listened to through that device. Just makes no sense to trust any mass production device.
I'd also add that my laptop camera is pointed at me[1], and has a decent view of most of my room, whereas the vast majority of the time my phone's camera is pointed directly at my desk or straight up at the ceiling. I'd find my laptop's camera being compromised far more intrusive.
[1] Or least _was_, until I disconnected it - I needed to replace the screen anyway, and I _never_ used the camera, so I just popped the camera out at the same time
I would say you are equally likely to catch someone jacking off through the webcam as to catch valuable information through the microphone. They are therefore equally lucrative
How could it be equally lucrative? The amount of information someone can gather from a camera is much smaller than what you could gather from a microphone in a given room.
If I am in a conference room talking about strategy, an uncovered camera will just pick me up. The microphone will capture everyone’s conversation.
I'm not sure real "jerking face" blackmail is that frequent. If caught the author would face heavy charges. It's probably way easier and less risky to massively scam by pretending you had access to the webcam than to actually bother to hack.
Beside I'm not sure a "jerking face" would be more than awkward if published. A reverse angle in which you could identify what was the video used for the jerking session would be way more compromising.
And in this regard poorly protected IOT surveillance cameras have way more evil potential that webcam in my opinion.
Corporate espionage is potentially more lucrative yes but the opportunities are much less. There are millions of MacBooks out there with significantly more people jacking off in front of them than discussing lucrative corporate secrets
How many people are doing something that is worth the time to blackmail in front of a camera and have the means to pay a substantial sum of money compared to the value of corporate secrets?
Also what are the chances that a microphone wouldn’t overhear something incriminating even if the camera were covered in your bedroom?
And I am really not trying to go down the road of wondering if you are doing something incriminating in your bedroom and your partner is being completely silent what that implies.....
Depends on your tolerance for shaming. I, for one, would probably be a bit pissed off if someone threaten to publish video of me jerking off, but wouldn't care about that enough to pay anyone any money. Listening to a secret conversations in conference room on the other hand, than can be valuable on it's own, no need to blackmail.
Honestly, unless you're cheating on your SO, society is growing increasingly tolerant/indifferent of most of the other things you could see on a webcam
Honestly. I could care less what society thinks. But the scenario where one would have their laptop open and awake in their bedroom while cheating on their spouse and have enough money to make blackmail worthwhile and trust the information won’t get out anyway is slim.
There where a lot of horror stories about random people spying on "you" through mac webcams. Like in the sense that they hope to capture NSFW material and similar.
Most of this stories where not actually happening, I don't remember exactly but I think they came from a single story of targeted hacker attacks where such a thing actually happened and then people got blackmailed.
But it's was more comparable to some rumors which wildly spread and then many non technical people ended up believing and which somewhat had a truth at it's core somewhere so it's not easy to just put it of as "mad up".
Also it happened like a 5+ years ago, it just stuck with a lot of non tech people somehow. And it (normally) doesn't hurt so tech people aren't that likely to tell people that this isn't quite right. It's often already hard enough to convince them to do any privacy focused actions.
Any story about Apple gets about 50x the hype because it’s a more understandable brand and set of products. The only other OEM that has any story traction is Lenovo, because China. Nobody knows what a Dell Latitude 43675b is.
There’s nothing notable or worse about the Apple issues. If anything, they are probably a lower risk than the average PC.
There's a reason Zukerberg's laptop has its mic and camera tapped up. It doesn't matter what device you use unless there's a physical switch to disconnect it'll never be safe. Software can ALWAYS have zero days, just because it hasn't been exploited yet doesn't mean it can't be.
But can't you specifically wire the indicator light to always be lit if the camera has power?
I don't see Apple claiming they've done that but a correct design would make the indicator light work that way and be related to software at all. Meaning you could only disable the indicator light by physically modifying the device.
This is the only correct design, yet almost nobody does this. One of the challenges is verifying that this was done correctly.
You may be able to verify a design like this once with a teardown, but it's impractical to verify your particular device, and next to impossible to re-verify this every time you leave your laptop unattended.
This isn’t speculation. Opening up hardware to modify the internals is something that covert agencies do, and it’s naive to think that the purpose is equivalent to a simple bug.
As someone who posts to Hacker News you are by almost any definition a potential information source or APT vector.
I had an Apple on-site support engineer open up a 16” MBP on my kitchen table a couple of weeks ago to replace a cracked screen, and he brought only
a small tool roll, a headlamp, and a anti-static work surface and wrist-strap. Took him only a few minutes to strip it down, longer to rebuild and recommission for use.
I must add, I peeked over his shoulder a few times, and my comment that it looks as good inside as it does out was answered with “yes, it’s like being asked to restore a work of art”.
I was just trying to make a joke. I've actually been very happy with working on my MBP, it was easier to re-paste than a Dell XPS from the same year. The interior of Macbooks I've seen have been laid out remarkably well.
What he said was that his threat model doesn't include state agencies. Many people use their laptops in bed and they probably don't want random people using their laptop webcam to take random nudes.
And, while I hear the NSA being quoted a lot, let's be fair, how many of us have the opsec to stand up to a genuine NSA attack?
A reasonable goal in thwarting the NSA should be to stop some random bureaucrat from typing on a few keys and getting access to your stuff without a signature. As long as some bureaucrat has to put their signature on a piece of paper and get budget to get my stuff, I'm safe against random trawling.
Besides, if the NSA really wants you, they'll just fabricate the evidence. It's way cheaper.
> > This isn’t speculation.
> He didn't say it was.
They didn’t need to use the word to imply it. I did however assume they’re weren’t so self-centeredly solipsistic as to think that their personal choices were the universal general case, or advisable for a typical participant on this forum.
But then:
> Besides, if the NSA really wants you, they'll just fabricate the evidence. It's way cheaper.
Again, no. That’s another of those “surely this doesn’t happen” comments, and once again, it is flat wrong. Even setting aside that discrediting/compromising someone is likely to be different agency; just as with bugging them, there are still plenty more reasons besides eavesdropping or coercion,
such as industrial espionage, or sabotage, and the main point is that this isn’t theoretical. It happens. Deal with it, don’t deal, up to you, but never assume you can’t be a target.
This is why I only take a disposable laptop and phone across US or Chinese borders. Both have intelligence services with the resources, ability, and inclination toward systematically documenting anyone even remotely interesting.
> As long as some bureaucrat has to put their signature on a piece of paper and get budget to get my stuff, I'm safe against random trawling
If this level of willingness to disregard the entire history of bureaucracy and covert action helps you feel safe, and if you have no direct or indirect ties to any other human being, body of data, or corporate entity that could ever be at any kind of risk, then why not I guess.
My work laptop (a Thinkpad) has a built-in plastic slider that physically covers the camera. If something activates the camera while that cover is closed, it won't see anything.
I wanted this, but I wanted the WQHD display more.
Lenovo didn't allow you to configure a T480 with both the high-resolution display and the plastic slider, it was either-or. The high-resolution display was their premium option that omitted the slider and added two more IR cameras for Windows Hello support.
So in addition to not getting the slider, I also had to disable the IR cameras.
I'm half tempted to buy the version of the display bezel with the slider and see if it'll fit as a replacement.
Bingo. It's a lot simpler to just allow the user to physically block the lens, which vetoes everything[1], rather than trust or verify that all that stuff is implemented correctly and reliably.
[1] Yes, yes, assuming you can block all frequencies the camera is capable of detecting.
even then there probably should be some minimum "flash" time in that if it turns on and off faster than the LED lights up or human eyes can see then it may still take images faster than we can register?
EDIT: a commenter below said
"Macs newer than 4 or so years also have a feature that forces the LED to stay lit for at least 3 seconds after it has been turned on to prevent the single-frame-grab attack."
Frankly, by the time the indicator is noticed, it may be too late. Even with the LED wired in place and a 'feature' (capacitor or software?) forcing it to stay lit for 3 seconds, the damage may be done. It does, at least, let you know an attack occurred.
I really think an LED is barking up the wrong tree. A built-in hardware cover would have the same effect as the LED, and no one would have to trust it, since the camera would just be recording the back of the cover if it was hacked in stealth mode.
Doesn't that require the same kind of trust in the correctness of the wiring that is at issue in some other comments? I can see that a camera cover works, but I think I couldn't see that a physical switch was actually interrupting the wiring without doing a teardown.
Boy, wait until you find about what's possible manipulating PCB or processor designs (the Bloomberg fiction piece "The big Hack" illustrates what would be possible with just PCB manipulation). Or firmware or anything else proprietary running with elevated rights (normal ones are already enough to cause a lot of damage on most systems).
Well, what got it declared fiction was "a broad search doesn't turn up good evidence that this has been done", rather than "experts agree this is obviously impossible". So the reaction to the piece did demonstrate something.
Well, I don't mean to fuel your paranoia, but there are materials opaque to the human eye but not necessarily fully opaque to a CMOS sensor, especially one without infrared/UV filters.
It would be quite possible, trivial even, to design a web camera with a nice built-in black camera cover -- which is transparent to the camera.
If you don't assume the internal wiring is as described I do not think there is a way for you to guarantee the microphone is not recording. It's even less obvious than a camera lens being covered or not, and taping over the "microphone hole" won't actually block receiving sound at all.
I do physically disconnect or cover cameras. My desktop computer has no microphone unless I plug one in. Laptop and phone though? I definitely remember in the aughts that the police could remotely turn your phone into a bug without any user indication at all. To the best of my knowledge the only way to actually be sure you aren't being recorded with your own equipment is to remove power... of course now the batteries are soldered on, totally a coincidence I'm sure.
Depends on the laptop hardware in question, just as it does on which smartphone you’re using, as your link indicates.
If your laptop (or iPad, in the case of the latest gen) is an Apple T2 equipped device, this is somewhat relevant (“somewhat” as it’s not directly related to my original reply)
That does nothing except switching the default audio source to the blocked channel. Any app that can access the default source can access the still working microphone just as well.
There’s apps (it’s also pretty easy to write one yourself like I did) that monitor when the input source is changed and forces it back immediately. Yes, wish that feature was built into the OS, but I also don’t grant almost any app microphone access.
If the microphone is built into the laptop it should have a hardware switch. That still has problems as you note, but it is far better than the current state of affairs for most devices. And it still requires trust in someone (or opening the device yourself).
A better solution would be to have the microphone be physically removable, but even then it could have an internal power source and storage...
I used one of those (same asin) for a while. Cracked my screen just like TFA says. Thankfully Apple repaired it and looked the other way. I'm guessing they won't be so forgiving now with this article out there.
Ironically for Americans' wariness China, the "pop-up webcam" in Huawei laptops completely resolves the security and trust issue, by providing a physical way to disable the camera.
The attack most people are worried about is your camera being activated while your laptop is open. Huawei's approach seems worse since you can't just apply a cover to it.
my laptop has a piece of tape over it, but i can still see the LED lit when it comes on. however, as far as the flash of a quick snap, does the camera on the MacBook take an image faster than the iDevices? the phones always take at least a second after pushing the button, so maybe Apple would be better off putting the same kind of camera in the laptop to ensure it is impossible to take a photo quickly
If an iPhone is displaying the current camera contents on the screen, the software already has access to the camera, and is already "taking photos" in real-time.
This has been the case for quite some time (10 years or so). I've torn apart two Macbooks to specifically test this and the LED is enabled when the camera receives power. It's impossible to disable with software.
You can modify the Macbook of course, which is why the paranoid type will still use tape.
Some attacks I've seen will take a photo with the camera as fast as possible so you might not notice, but the light will always turn on.
Not really - there are lots of times when you will not be present with your laptop (think airport security).
It's orders of magnitude easier to get access to a mobile device than to setup a camera in every possible location a target might move to. But they'll helpfully carry the device with them.
Oh absolutely, but if I were targeting Zuckerberg this would now be a camera he carries with him and almost always has an available network connection (If I were a billionaire I'd be switching devices near constantly to stave off attacks). You could be carrying around the bug for at least a year if not more.
Your average blackmailer would be better off with the separate camera route (and likely wouldn't be sophisticated enough otherwise) but a state-sponsored attack could probably pull it off.
Better but not bulletproof; LED's can fail. Manufacturers might consider leaving a shallow recess around the camera to accommodate the paranoid among us.
The important thing isn't whether the indicator will be lit or not.
The point is whether you will be able to prevent the camera from taking a video/picture you don't want it to.
Unless you can physically disconnect or block the camera, there's not guarantee that a piece of software can't record.
The best Apple can offer here is that you will know the recording was done (assuming you are looking at your computer, and not looking away or in another room) .
A way to overvoltage/current and burn out the LED. Probability low, but nonzero.
More plausible situation: There are times when the camera is pointed at me, but my head is not pointed at the camera. Perhaps I left the laptop on in the corner of a room while it's playing music, or a myriad of other things.
A cover is a simple, foolproof solution to the camera issue.
Or, more accurately, he and his security experts are weighing the challenge of accurately assessing potential hardware failures against the $0.50 of tape which provably prevents them. If you’re a high-value target there is a lot to be said for layered defenses and easily verified safety measures.
The light indicator in modern webcams is a "physical" indicator. Sure, it won't stop it from being hacked, but it will light up whenever it is active. That part can't be hacked, since it's in the hardware.
I think a really large portion of users here would be extremely good attack targets. Developers with privileged access to source code and operations staff with privileged access to systems make up a significant portion of the users here.
Besides: Most people don't accidentally want to show up on a video conference while undressed when they accidentally hit the wrong button in some confusing skeumorphic app specific interface: The LED only warns you after its too late.
100%. The bank I used to work at had a part of the employee handbook dedicated to what happens if you're kidnapped. We're just being naive and casual as we are wont to do. Bro don't worry have another free granola bar.
And in fact one of the devs was poached by a shady bunch of foreign looking suits who would have fit right in with big brother.
In all fairness you have a split second between the light coming on and the video stream initializing to err hide your shame. What are you doing in front of your computer with no pants on? Naked yoga?
120%. I used to work in an industry where a developer was killed in a drive-by shooting, after he reported certain code to the regulatory agency.
Generally speaking - as developers type away on their packet handling or authentication code, they all too naively believe they won't be a target of a new friend or bribe.
Yep. When the Saudi government wanted to persecute dissidents and journalists, they went to the service providers to get compromising info on them. They just paid employees at the companies that didn't play ball to siphon data and target people clandestinely.
Testing on my phone at least, tape does nothing to prevent discernable audio from being recorded. I think the device would need to be encased to block the microphone
Removing components also removes functionality. What if he wants to use it later? I guess he could have another laptop specially for the purpose, he can certainly afford that.
I think the simplest explanation is whoever was staging the scenery around him didn't think anybody would notice the taped laptop. If they did realize that, they probably would have untaped. It wasn't meant to be a detail you notice or centerpiece of conversation. That's my guess.
There are also doctors who are anti-vaccine, financial planners who don't max out 401ks, sysadmins with unpatched home systems, etc. Just because someone could possibly know that the thing they're doing is illogical doesn't mean they act on that knowledge.
> There's a reason Zukerberg's laptop has its mic and camera tapped up
This is an incredibly weakly phrased argument; there's a reason people are flat-earthers as well. The existence of a reason does not automatically make that reason a good one.
I actually take his webcam tape to mean that his security group (which includes people who have serious hardware chops) doesn't think that the investment in a better option is worth it.
Lastly, about that 0day argument. Many camera LEDs are implemented in hardware, which means instead of hardware prevention they have hardware detection. There are reasons for both, and neither is unambiguously better.
Which, as I said, us hardware prevention. It stops someone from recording you, it also stops you from knowing someone tried to record you (i.e. hardware detection).
The hacking consequences I care about are having my bank accounts drained, not having my picture taken.
Google "rootkit". This is a great example of theoretical security vs actual security. In theory, people review logs on their personal machines and hunt for bad guys. In practice, virtually nobody has ever done that. The reality is that personal laptop compromises are discovered through side-effects. Heat, sluggishness, webcam turning on, accounts being hijacked.
Seeing that pic was eyeopening for me. I believe he had other ports taped over as well.
At the same time, he's going to be an exclusive target for myriad actors big and small, up to and including entire nations, so extra paranoia is probably warranted.
The irony of this is too much. The guy who pioneered privacy invasion as a philosophy is guarding his own privacy. He should have a Facebook live stream following him 24/7
It's connected to the damn circuit! You can't power up the webcam without powering up the light any more than you can make the camera see through a piece of electrical tape.
There could still be a circuit in the light that could pass the current without lighting up. Or even if there was no such thing, it could be added in the future after everyone was shamed into believing you are a fool for putting tape over your camera.
There are probably other ways. Stop trying to shame people just because you haven't thought of a way to bypass this.
Neither of those things is the case. You can’t power the camera circuit without passing through the low power light. We can rely on the diligent work of security researchers to attempt bypasses and do teardowns for us, so the risk of Apple compromising an older model only exists for people who buy immediately on release.
The support document also suggests a paper-thin cover, so it’s not attempting to shame anyone.
Is your point that because these issues have been fixed there will never be a new camera exploit in the future?
I don't see how what you're saying supports that. If your point is simply that Apple has resolved camera vulnerabilities in the past, that's nice, but doesn't exactly give me much peace of mind about future vulnerabilities.
No, the point is that old light indicators were done in software (and were open to exploits), whereas newer indicators have all since moved to being wired right in the hardware. The power of the webcam lights up the indicator.
If the sensor is physically getting power, the light is too, unless the wire is broken. They are on the same circuit. It is not a firmware thing, its basics circuits Physics 101. The light could be burnt out, yes. The wire could break sure. But it can't be hacked (minus pulse modulation, not giving the light enough time to light up). But if you power up the camera, and something isn't physically broke... the light comes on. I know the privacy incident has already happened, separate argument. I think people are missing the hardwired point. This discussion should be focusing on the fact that if the camera has powered on, and we see it, it's already too late.
Because Apple said so? I simply don't have this level of trust.
Because someone disassembled their MacBook and reverse engineered things? And that person is trustworthy and competent? That is better, but even if it was true for the MacBook they reverse engineered, suppliers make tweaks to parts all the time. Can I be sure that my MacBook still has the exact same camera?
Because you opened up your MacBook to confirm? Maybe then you can trust it.
I expect you are probably correct, but it doesn't really matter. If you don't want to be filmed, the correct engineering approach is not to have a camera pointed at you 24/7. It is a bit like the gun rule of not pointing a gun at things you don't want to shoot - sure, the trigger should be enough of a control, but accidents happen.
If you spend your entire life with a camera pointed at your face, your face (and activity) will be accidentality filmed by that camera sooner or later. Indicator or otherwise. The indicator light is a good idea but I'm still spiritually on the side of the tape people.
Indeed, I'm a little surprised Apple didn't follow the Thinkpad approach of simply having a sliding piece with an aperture that extremely obviously blocks the camera. Surely Apple can't seriously think their users would be confused by this and complain... I don't think my desktop computer's webcam is likely to get hacked either but I'm still going to unplug it when I'm not using it.
I can see Jony Ive's head exploding: "Sullying my perfect, smooth, invented-new-aluminum-machining-technology-to-make-it-possible masterpiece with some latch?! Why don't you go work for Dell."
It's not irrelevant, it's information that allows any reasonable person to conclude that Apple implemented a solution before and has since decided to exchange that simple and effective failsafe for a marginally thinner product. I can't physically control whether I have a naked camera pointed at me all day but hey, at least my laptop can fit into a manilla envelope, right? Right? Totally worth it.
It’s irrelevant to bring up iSight’s shutter because they are totally different products. It was literally hundreds of times larger than the cameras we’re talking about here; so it makes no sense to expect a shutter on these just because iSight had them more than a decade ago. That’s like saying that a racecar should have folding seats because a minivan might have it and they are both vehicles.
I wonder, do the ThinkPads with that feature have a thicker lid than Apple laptops? I suspect they be thicker anyway because of the touchscreen, which would then provide a few millimeters more room for a shutter. But I'm completely speculating.
I have a new X1 Carbon, and I don't have a MacBook to compare but I can't imagine needing my laptop to be lighter or thinner. It easily fits into any bag and I can carry it with one hand with no worry.
I will gladly trade a millimeter of thickness for increased functionality. It's the same thing where apple will ruthlessly optimize for thickness to the point where they can't cool the CPUs. They literally prefer form over function, as if the tool I use all day every day is an art piece.
It is the mentality not the thinking. In china no one trust anyone really. Hence security strangely is no 1 priority. Hence the cover is in Lenovo portable, but not apple. You are guilty somehow somewhere and to be checked out, and vice visa.
Like fish said to be the final species to discover water, one mainlander comes to hk and surprise to see us so relax about security. What the law even assume people are innocent until proved otherwise ...
the mentality of hermit in One of the largest population of ... hermits. You just put on your shell.
As now become one of the hermit by force and talked as a hermit, may I suggest they just do it away with the camera. Use a wireless or usb based one. No hacking possible.
Economically (if not ethnically) trust is important as it lower the transaction costs. Chicago school heritage I guess of pre NSO HONG Kong. I switch to my two mac Mini of intel and arm. Unfortunately still have the old 3 cable apple monitor (work well with both 2018 and 2012 MacBook Pro) that have a camera. Guess a cover is ok.
I think you'd have to pay extra to buy a laptop without an integrated camera and microphone, not to mention there likely being no options that are also actually high performance laptops.
A peace of plastic in front of the camera is really simple to understand and trust - the rest you need to know about tech and trust someone did it correctly.
I'm pretty confident after the 2008 camera exploit they engineered the camera to wire the active light directly to the camera power source, which I think is what you're talking about with #3. #1 and #2 seem kind of irrelevant to me. Unless it manually operated (in that case, why not use a physical switch?) it behaves the same as the green indicator light, relies on #3, and after its turned on it's already capturing.
Would you notice it if it was one frame every 15 minutes for example?
As for the second point, sure. In theory. If there’s no bugs or vulnerabilities or backdoors
I have personally turned on the camera without the indicator light coming on on a 2012 Macbook Pro 15" with double-digit percent success rate, meaning someone with more time / expertise could probably do it consistently. I have been unable to do it on newer 15" pros or other models (Air / pro 13").
Recent Apple laptops have a separate SoC dedicated to secure boot as well as making sure macOS has no direct control over that camera indicator light, and more
If the T2 chip is compromised, then separate SoC protection is moot. The only true protection is a physical covering (like in the Lenovo) or physical kill switch (like the Purism laptops).
At that stage though all bets are off - the hackers have access to everything you have typed, all your files, all the audio from your microphones, your credit card details, those photos of you and your partner on the hard drive...
Yet the camera on a laptop is the thing that we need to cover? It’s a weird security model, that’s all.
Besides, on a MacBook it sounds like the webcam light is almost impossible to circumvent because of the implementation.
For those photos of you and your partner you made the conscious decision to take them, perhaps even weighing the risks of them being compromised at some point. This is very different from a video feed being captured of you unknowingly. That goes for both the impact of such a compromise, and the feeling of the risk of being watched.
Almost impossible just means it requires lots of money/dedication, but still a T2 chip compromise is scalable and can be done remotely, which is fundamentally different from physically compromising hardware.
Well Purism laptops have hardware switches for the microphones too.
But it's not even just for hackers. Zoom had the SUPER annoying habit of turning your cam on when the meeting organiser selected that everyone should cam.
This led to several colleagues being unaware they were being shown at that time. One was even lying in bed and called in from her phone. That's her business, it was 8pm at her location. But now everyone knows.
A hardware slider would have prevented all of these real-world problems.
In terms of giving some kind of supply chain assurance it's not a bad idea by itself. I'd prefer a non-bricking variant with a red boot screen warning about non-original spare parts, or something to that effect.
Sure, but it's way too tempting and too short of a step from that, to "Sorry, this device won't work with unauthorized third-party parts... for your safety. Please shell out $$ for repairs from an Authorized Retailer, if you can find one and if they offer them."
I think it's a bit overstating that it destroys the secondhand market. I still see non-working Macs on ebay for hundreds of dollars. The resale value of a well-maintained Mac continues to be much higher than any other brand. These kinds of changes have also made great strides in reducing the incentive to steal phones. There was a specific update that the NYPD pointed out reduced iPhone thefts significantly.
But, I do wholeheartedly endorse right to repair. I'm very bummed about the recovery options for newer laptops with non-removable drives. I was also bummed to hear that ARM-Macs won't have Target Disk Mode.
It hasn't had a chance to impact the secondhand market yet. The laptops with the T2 chip are relatively new, and aren't getting decommissioned & recycled in significant numbers. It will be a tremendous waste when they are.
Those laptops will still be valuable for some parts, but considering now that not only the RAM is soldered to the motherboard, but the SSD too... there's not going to be much left to use.
I find the "theft" argument very hard to swallow for two reasons. First, thieves will consistently steal electronics -- smash-and-grab first, discard later. A thief unable to sell your irretrievably lost phone is a pyrrhic victory, to be sure. Thieves with domain knowledge may be savvy enough to stay away, but I would bet that is rare and more limited to organized theft rings.
Secondly, and more damning, Apple has repeatedly paid lobbyists to parrot the anti-theft security scenario at hearings discussing enacting right-to-repair laws (as well as spreading misleading FUD on repair safety). Apple could work with legit recyclers to find sustainable ways to recover donated products, but they very deliberately refuse to. IMO this makes their security arguments suspect.
In general, I'm very distrustful of a security model that relies so heavily on their cloud holding all the keys.
> It hasn't had a chance to impact the secondhand market yet.
I do think we're talking about different secondhand markets--or at least different large sections of it. Buying/selling working Macs aren't affected. That's the only one I've ever dealt with. I do think I was wrong above about non-working Macs--I do think there will be no resale value if they had a T2 chip.
> I find the "theft" argument very hard to swallow...
Multiple cities cited 25-35% drop when activation locks were rolled out. Personally, I've only had iPhones stolen before this. I do think most are crimes of opportunity, but a large chunk, especially if they're stealing multiple phones, know how they're going to unload them. But, I don't think this T2 repair thing is relevant. I don't imagine thieves parting off stolen phones because it's not worth it. Even organized crime.
I do agree Apple has misrepresented the situation and right to repair is one of the few topics I write to my representatives about.
The secondhand market I'm referring to is not one-to-one personal sales, but recyclers / refurbishers dealing with donated devices. It's already a huge issue with Apple products. Thousands of perfectly good working iPhones and iPads are not removed from iCloud accounts (either through a lack of consumer education -- resetting a device does NOT do this -- or it being too resource-intensive on the enterprise level) and the activation lock renders them worthless e-waste. This is what is going to happen to T2 chip Apple laptops.
Agreed, thieves aren't parting off stolen phones. I was referring primarily to unattended property theft (car break-ins, theft from public spaces, etc.) not muggings. Probably depends on what is driving the crime.
> Designed to protect your privacy, Mac notebooks have a camera indicator light to let you know when the camera is on. ...
The main problem with that isn't that it is possible to disable the LED. The problem is that the LED is like a smoke detector, when it alerts you it's already too late, you are on fire (or your photo/video has already been taken). An indicator LED doesn't protect your privacy, it only tells you when it has already been breached.
Indeed. Think of the “American Pie” situation. Laptop open playing Spotify to get you in the mood, then bop, on goes the camera thanks to a bug in zoom. Are you going to notice?
The problem with a physical cover is that if the bad guys can install software on your computer that can access the camera without setting off the LED they can also install just about anything they want. At that point nothing on the computer can be trusted.
On new Macs the light is a minimum 3 seconds even for a single frame photo. Anyone monitoring you has to turn the light in just to see if you are there, and what you are doing, and will likely have to watch for hours to catch any incriminating footage.
> will likely have to watch for hours to catch any incriminating footage
It's not just 'incriminating footage' that's the problem. There are perfectly legal sites I visit that I'd prefer didn't have a photo identifying me. Takes only seconds to snap such a picture if using an exploit like the safari one in April.
There should be roughly ~0 cost (maybe a few cents?) to tie indicator LEDs to the camera and microphones's power supplies, and make it independently auditable by anyone with a multimeter (and maybe a magnifying glass?)
Is there a database of laptops that do this correctly?
I guess you'd also want the microphone physically disconnected when the cover is closed, or at least have the LED visible when the cover is closed.
If you read to the bottom of the directions it says you can use a sticker. So this looks like its targeted to the plastic camera covers that can be turned on and off.
You should try this on a recent (last 4-5 years or so) Macbook! There is a hardware timer that forces the LED on for at least 3 seconds even if the camera only grabs a single frame.
> The camera is engineered so that it can’t activate without the camera indicator light also turning on. This is how you can tell if your camera is on.
Is this verifiably true? I trust Apple on security matters more than the average laptop maker, but the fact that so many of these indicator lights are software-controlled erodes my trust in basically all of them.
This [1] is the best source I've seen. 2008 era Mac laptops definitely had that exploit, but since then they've made hardware changes.
> All cameras after that one were different: The hardware team tied the LED to a hardware signal from the sensor: If the (I believe) vertical sync was active, the LED would light up. There is NO firmware control to disable/enable the LED. The actual firmware is indeed flashable, but the part is not a generic part and there are mechanisms in place to verify the image being flashed. […]
If you're going to cover it, use a sticker, like the EFF stickers here[0]. They're reusable, so you can move it to the side for meetings. I used a hard plastic MongoDB-branded sliding camera cover on a couple laptops[1], and its presence appears to have contributed to backlight bleed like this[2].
Came here to say this. Have been using the EFF stickers for years and everyone always asks about them vs the kludgey plastic ones everyone wedges in there that Apple is making note of. I've used them in the past on my phones as well, but given the advent of multiple front facing cameras this has become more of a pain. I purchased some of this sticker material a while ago with the intent to try and laser cut some specific designs. This was a good reminder!
That's the part that I was struggling to figure out. I ended up purchasing some reusable vinyl window stick material from a hobby shop, but have yet to test it.
The glue used for those varies, so you may end up with sticky glue on your webcam after removing the sticker (maybe that's good though if it falls off by accident)
I've used the same EFF sticker for about 5 years now. They are great and whenever it stops sticking, I just rinse it off under warm water and let it dry. Good as new again.
Lenovos have a physical cover that can be shut when camera is not in use. It’s paranoia free and tape is no longer needed for that. Maybe apple could do something similar for their users comfort
Tangentially related: I have an HP notebook that has a physical webcam switch near the USB ports and microSD slot. This switch is not wired to the webcam in any way. It's a USB HID device. You need to install software drivers to make that switch function as a control of the webcam. That is insane.
989 comments
[ 3.0 ms ] story [ 385 ms ] threadBut no, this analogy does not follow, because your microwave will still work after you put your dog in there -- and I have not seen guidance from Siemens telling me that microwaving my dog voids my microwaves warranty.
This should still work on Macs as a sticker is thin enough not to damage the display.
I appreciate this line:
> The camera is engineered so that it can’t activate without the camera indicator light also turning on. This is how you can tell if your camera is on.
But I still want a physical assurance that the camera can't see anything. I don't want to have to count on myself noticing the light.
Some Lenovo ThinkPads have built-in shutters, and I wish Apple would do the same for MacBooks. In my ideal laptop, it would also physically disable the microphone.
[1] https://www.thinkwiki.org/wiki/ThinkShutter
Any malware that can take pictures can record keystrokes. I want no cover so I can see the activity light because knowing the webcam is on is more important than it being on.
The (pennsylvania?) school district webcam spying scandal got kicked off because a boy noticed his webcam light coming on. If it had been covered would he have noticed?
No, the school district wouldn't have had pictures of him, but they still would have screengrabs, audio, and keystrokes and he likely never would have noticed.
Take all of the pictures of my double chin that you want.
I want to know that my webcam is coming on without my authorization so I can root out the spyware that is keylogging.
Passwords > Pics
If you're the type whose life will be ruined by pictures taken by your webcam, by all means cover it up. I'm too old and hairy to be blackmailed with nudie pics.
Having my passwords leak would seriously cramp my style, though.
And no, nobody is going to waste a zero-day that can reprogram a webcam controller to disable the light (if possible and often it is not) on a nudie-pics malware. They are going to use it to make actual money.
The worst that would happen is I'd look kinda unprofessional slurping up some noodles, but having the camera covered allows me to be confident I'm not presenting unless I intend to.
We've been 100% Microsoft Teams since March so I'd say that in several hundred calls and conferences since then I've never activated the webcam without intent.
There's been a few times that my camera has activated in a meeting, and shown a black screen because of the cover.
My Lenovo Ubuntu machine has cover built into the casing, which seems ideal. For my Macbook, I use a thin (<.1mm) plastic sliding cover.
This is what you sound like. The things can be used in conjunction with one another. It is not an or scenario, you can have both. You can also have covers which don't cover the indicator. You use different deterrent mechanisms for different threats. It is as simple as that.
Bypass attacks have been demonstrated on old hardware. Nothing most people would own today.
Although... You may not see the light on if you leave your laptop open when you're away from your desk. I do wish it was easier to get a laptop with no camera or microphone at all!
I'm a fan of using painters tape.... pretty low profile, easily removed, stays on really well. Also the weird blue glow you get when the camera is on tells you pretty quick "Hey there's a cover on there" where sometimes with the all blackout covers ... I can't tell.
I renew my calls for all devices to have an led indicator (good on Apple here) and a physical switch that cuts power to mics and cameras for all devices with them. With the endless layers of software we have today, I have trouble trusting anything but cutting power.
With many other Laptops in that price range you would either have to use a very fat cover or apply a amount of pressure which might damage your laptop anyway. I just tried it (carefully) with my laptop and the screen has enough "play"/"flex" to handle it just fine.
PS: Fun fact as far as I remember a number of webcams with LED indicator allow (or did allow in the past) anyone using the camera to switch off the indicator without stopping using the camera...
It could be, but I wouldn't base it off just Apple having a warning about it.
While this is still true for many laptops, it hasn't been true for MBP for at least the past 5 years (cannot be bothered to find the exact year), even if someone has full root access to the machine. I say that, because the camera LED on MBPs these days is hardware activated, not software. So if the camera is active on hardware level, the LED indicator will go green, no matter what.
The cleverest solution I've seen that is 1.) easily toggled, and 2.) harmless to screens is a coworker who built a little vinyl veil that attaches to the top back of their monitor. They can flip it forward to cover the camera, or flip it back to use it. But if you close even the tightest of lids with a couple microns of vinyl in there, it's harmless. Bada-bing, problem solved, and they only used a penny or two worth of materials.
Specifically, this is the webcam cover I was using:
https://www.amazon.com/dp/B07C24NBGL/ref=cm_sw_r_sms_apa_i_T...
One of the photos shows them be about as thick as a credit card.
I actually just tested it, and the cover doesn't even make contact with the lower half of the MacBook when closed. The cover fits into the trackpad area, which is recessed. I don't see how it could possibly damage the screen without me putting enough pressure on it where the screen would have been damaged regardless.
Does the 16" have a shallower trackpad or a thinner rubber gasket around the screen than the 13" and 15" models? Even for Apple, it sounds insane that they would create something so fragile it could be broken by a 0.02" piece of plastic.
Also, to be fair, the webcam cover I used was metal (I didn't realize that when I bought it).
I'm weird though, I'm one of those people that needs to have their arm twisted to use their camera.
Before the nearly everyone at my company what was WFH or was joining from their laptop rather than a video conferencing room had their camera on.
Within like a week of the lockdown people stopped and I can imagine why you stopped dressing, stopped shaving heck I can hear bedsheets on some of the calls I attend.
Pretty much now the cameras are useless.
I fold and drape a microfiber cloth(like for screen or glasses cleaning) over it when I'm not using the camera.
This one destroyed my screen completely:
https://www.amazon.com/dp/B07C24NBGL/ref=cm_sw_r_sms_apa_i_T...
Has anyone torn down the hardware and verified this lately?
It should not be a complicated feature at all. Just ensure you have the same voltage applied to your LED circuit as your camera circuit, and enforce that by having them on the same wire...
A camera cover guarantees that the camera can only work when the camera is uncovered.
A camera light alerts you once the camera is already on.
Add more than one if this is a concern, and it can still be compact. This is already done today in "RGB" leds.
The LED could still always fail short, and then you're back to having a broken indicator again.
> a chip doesn't technically have the right power on it's power rails, but is instead drawing power on the input ports.
What does this mean? The data lines of camera modules are generally differential pair, and it is highly unlikely that significant power is being drawn from them.
I'd assume this is done in firmware for the camera module?
removes the need to always be thinking about some random indicator being on or off
I'm in a lot of remote meetings, and wouldn't want to be accidentality presenting without expecting to.
1) Block the camera and hope the microphone is on mute 2) Hope the camera isn't on and home the microphone isn't on 3) Not have the mac at all
Clearly 1 is better than 2.
It seems to be something with a switch that disconnects one of the rings of a 4 pin. Easy enough, but $5 doesn’t seem awful.
Of course it doesn’t disconnect built in microphones, and with modern Apple phones getting rid of 3.5mm jacks it’s value is less.
They have a small slider with the camera protection "glass" build in which can cover the camera and will "show" a red dot if it's covered.
https://i.imgur.com/HrF8jjk.png
1. I don't want to broadcast myself during a meeting when I'm not prepared, or perhaps leave a meeting open by accident.
2. If a bad actor does access my camera, I won't necessarily notice the indicator light, especially if I'm not actively using the computer at that moment.
3. I don't trust the indicator light to be permanently unhackable.
Apple is good, but they are not perfect
https://news.ycombinator.com/item?id=23796606
Can recommend. Physical security > *.
I hope you’re a billionaire with secrets because otherwise this is pure paranoia.
You could copy some data over live, but there are also non-exportable cryptographic keys in the Secure Enclave.
Or as other poster mentioned, just swap whole units.
Multiple teardowns have confirmed that it's a hardware path that software cannot modify.
Also, if you're using an external display, then how are you supposed to notice the green light on the MacBook sitting next to the display?
That Apple article is nonsense. I put a black tape over the camera and I know nothing including hacks can broadcast unintended scene. It's easy to remove the tape when I actually have to which isn't too often for me.
The sliding covers are fine but it’s just more effort to order one.
Not to mention apps that do it "right" like Hangouts that enable the camera for you to preview your video feed before you're actually live. Could be pretty confusing/concerning for someone who isn't used to an app (and when it broadcasts you or not) and sees the light come on. A cover takes that whole thought worry-pitfall out of the possibilities.
I believe it’s only possible with the FaceTime app, which turns the camera on when opening the app.
That way I don't have to worry about my annoying my colleagues by my mechanical keyboard, occasional excess gas events or similar.
I cover my camera to avoid that 5s mental dance at the start of every meeting.
Also, I am really worried about microphones. I have 2 google homes, 6 siris (iPhones and apple watch), a portal, a number of macbook pros and airs, a PS4, ... any of these devices could be listening to me at all time :/
[1]: https://geekologie.com/2020/03/poor-jennifer-woman-takes-lap...
I still think the best solution would be to have no builtin camera or microphone. Just have something like the iSight that you manually and thus willingly connect to your thunderbolt. Works with your external monitor as well and you can orient it the way you like. It would also have better overall image and sound quality (low light, more shallow depth of field, etc.). And on the plus side for Apple and its shareholders, it's another $499 essential.
If my computer is compromised to the point where an attacker can access my camera and microphone, information from my camera and microphone are the least of my problems.
But if I was giving a computer to a 12 year old or 16 year old - what else is the hacker going to take? Their online gaming account?
Sure, someone could grab all my files, email, etc. That would be damaging.
But if I'm having a sensitive conversation in my home/office with someone and the camera and/or microphone come on, that could be damaging as well.
FWIW, I use a camera cover and Oversight[0] to tell me when an application uses the camera or microphone. It doesn't prevent it from happening, but at least I'm aware if something is going on. The weirdest thing I've seen yet is that the iOS Simulator uses the microphone.
[0] https://www.objective-see.com/products/oversight.html
https://www.theregister.com/2013/12/19/apple_isight_webcam_l...
Personally I wish all my devices had hardware toggles for camera and mic, both. Phone included, since it's only a "phone" a small fraction of the time these days, the rest of the time it's a small Web-stuff device.
Perhaps Apple missed these?
2013: iSeeYou: Disabling the MacBook Webcam Indicator LED https://jscholarship.library.jhu.edu/handle/1774.2/36569
2016: Your Mac’s Camera Can Be Hacked https://www.intego.com/mac-security-blog/your-macs-camera-ca...
2016: Former NSA employee: This hack gains access to your Mac's webcam https://www.cnet.com/news/mac-webcam-hack-ex-nsa-employee/
So let's stipulate it can happen (because well it can happen). That would take both someone being targeted en masse (prior to apple having a fix in place) and it making a difference to the person or people it happened to. Is that really a big enough risk to spend time worrying about?
https://daringfireball.net/2019/02/on_covering_webcams
Which bugs, loopholes, backdoors, etc allow the camera to get through my cover (I upgraded to sliding plastic from electrical tape at the start of lockdown and there was a need for an actual camera)
It's kind of a matter of fool me once, shame on you, fool me twice, shame on me.
No tech people who think about and obsess about this type of 'risk' don't trust the lights. Most Apple customers vast majority don't think and don't care.
It's been twelve years since a vulnerability in this was reported, and by all reports the LED power state is now implemented in hardware. It's long since time to obsess over other sources of risk, instead of the dead ghosts of previous ones.
... applies only to older Mac notebooks from like 2008 period which are long since obsolete according to Apple's announced support policy.
>2016: Your Mac’s Camera Can Be Hacked https://www.intego.com/mac-security-blog/your-macs-camera-ca....
... refers specifically the exploit above.
>2016: Former NSA employee: This hack gains access to your Mac's webcam https://www.cnet.com/news/mac-webcam-hack-ex-nsa-employee/
... is an attack that depends on the camera already being in use by another application and therefore has nothing to do with the camera indicator.
At the end of the day, unless you have a really nice microscope, solid understanding of electrical engineering, and a few tens of thousands of hours ahead of you, you have to trust whoever you're buying the hardware from that it will do what they say it will. No amount of hardware efforts can solve the fundamental human trust problem.
Remember the amount of effort VW was willing to expand to cheat emissions testing.
Edit: the gnarly thing might be ensuring it doesn't harvest power through data wires or store power in covert capacitors or batteries.
/s
So, there's definitely value to a built-in cover; in my case it would stay shut permanently.
Apple claims that the LED comes on when the camera is active, which it claims helps protect your privacy. That seems to be true, and certainly no-one seems to have any contradictory examples that are not 12+ years old.
I can argue that when one uses a sliding cover, one can easily forget to reset it after a video chat. The design is bad. The right solution is simply not to have a camera. It's just a different design compromise.
Bonus points for using a Sawzall to get started.
I was the security architect for this feature on recent Macs. The LED is wired to the camera PMIC and is powered by the voltage rail that powers the camera. The PMIC will always remain on if the system has power. Macs newer than 4 or so years also have a feature that forces the LED to stay lit for at least 3 seconds after it has been turned on to prevent the single-frame-grab attack.
The point is that the hardware has been designed properly. Combined with the OS-level permissions, it should be assurance enough for the majority of use cases.
If you need further assurances, then by all means, use a physical cover.
prevent? by the time the LED turns on, the attack has already happened.
Do the doors at Apple HQ have locks? Or is there just a little LED next to them that lights up when they open?
I think Apple's building security architect should have a conversation with their camera security architect.
A door without a latch does not prevent an unauthorized person from trespassing. A camera without a cover does not prevent an unauthorized person from trespassing.
Apples webcams are broken by design.
Other companies fixed theirs years ago: https://www.youtube.com/watch?v=37NFVGLX3vw
https://daringfireball.net/2019/02/on_covering_webcams
Source: write firmware for a living, and write drivers for physical switches.
I.e., a traditional switch inline on the circuit(s) connecting the camera / microphone to the rest of the system.
As an analogy, you wouldn't implement a car brake by running it through some firmware. Instead, you'd preferably make a direct physical connection between the pedal and the actual brake.
For many people the trust in integrated laptop cameras has been thoroughly eroded especially in case of Macs. (From my experience by interacting with people not having much tech experience, limited to Germany, maybe also limited to the social cycle(s) I interacted with.)
The paradox thing is that the same people who often don't trust webcams in Apple Laptops or Apple All-In-One PCs do not bother or even think about weather or not the camera in their iPhone could spy on them or weather or not they microphone in webcams could still spy one them...
Until relatively recently, any userspace app on my computer could freely access the camera and microphone, including background processes and malware, so that feels a lot riskier. There seems to be a permission for this that must be granted in the newer macOS versions, but I assume there might be ways around that.
I could have a System 76 machine with latest xyz hacker proof Linux distro and I'd still assume all was heard and listened to through that device. Just makes no sense to trust any mass production device.
[1] Or least _was_, until I disconnected it - I needed to replace the screen anyway, and I _never_ used the camera, so I just popped the camera out at the same time
If I am in a conference room talking about strategy, an uncovered camera will just pick me up. The microphone will capture everyone’s conversation.
Beside I'm not sure a "jerking face" would be more than awkward if published. A reverse angle in which you could identify what was the video used for the jerking session would be way more compromising.
And in this regard poorly protected IOT surveillance cameras have way more evil potential that webcam in my opinion.
Also what are the chances that a microphone wouldn’t overhear something incriminating even if the camera were covered in your bedroom?
And I am really not trying to go down the road of wondering if you are doing something incriminating in your bedroom and your partner is being completely silent what that implies.....
Most of this stories where not actually happening, I don't remember exactly but I think they came from a single story of targeted hacker attacks where such a thing actually happened and then people got blackmailed.
But it's was more comparable to some rumors which wildly spread and then many non technical people ended up believing and which somewhat had a truth at it's core somewhere so it's not easy to just put it of as "mad up".
Also it happened like a 5+ years ago, it just stuck with a lot of non tech people somehow. And it (normally) doesn't hurt so tech people aren't that likely to tell people that this isn't quite right. It's often already hard enough to convince them to do any privacy focused actions.
There’s nothing notable or worse about the Apple issues. If anything, they are probably a lower risk than the average PC.
I don't see Apple claiming they've done that but a correct design would make the indicator light work that way and be related to software at all. Meaning you could only disable the indicator light by physically modifying the device.
You may be able to verify a design like this once with a teardown, but it's impractical to verify your particular device, and next to impossible to re-verify this every time you leave your laptop unattended.
As someone who posts to Hacker News you are by almost any definition a potential information source or APT vector.
I must add, I peeked over his shoulder a few times, and my comment that it looks as good inside as it does out was answered with “yes, it’s like being asked to restore a work of art”.
For the former a piece of tape is enough.
He didn't say it was.
What he said was that his threat model doesn't include state agencies. Many people use their laptops in bed and they probably don't want random people using their laptop webcam to take random nudes.
And, while I hear the NSA being quoted a lot, let's be fair, how many of us have the opsec to stand up to a genuine NSA attack?
A reasonable goal in thwarting the NSA should be to stop some random bureaucrat from typing on a few keys and getting access to your stuff without a signature. As long as some bureaucrat has to put their signature on a piece of paper and get budget to get my stuff, I'm safe against random trawling.
Besides, if the NSA really wants you, they'll just fabricate the evidence. It's way cheaper.
They didn’t need to use the word to imply it. I did however assume they’re weren’t so self-centeredly solipsistic as to think that their personal choices were the universal general case, or advisable for a typical participant on this forum. But then:
> Besides, if the NSA really wants you, they'll just fabricate the evidence. It's way cheaper.
Again, no. That’s another of those “surely this doesn’t happen” comments, and once again, it is flat wrong. Even setting aside that discrediting/compromising someone is likely to be different agency; just as with bugging them, there are still plenty more reasons besides eavesdropping or coercion, such as industrial espionage, or sabotage, and the main point is that this isn’t theoretical. It happens. Deal with it, don’t deal, up to you, but never assume you can’t be a target.
This is why I only take a disposable laptop and phone across US or Chinese borders. Both have intelligence services with the resources, ability, and inclination toward systematically documenting anyone even remotely interesting.
> As long as some bureaucrat has to put their signature on a piece of paper and get budget to get my stuff, I'm safe against random trawling
If this level of willingness to disregard the entire history of bureaucracy and covert action helps you feel safe, and if you have no direct or indirect ties to any other human being, body of data, or corporate entity that could ever be at any kind of risk, then why not I guess.
Lenovo didn't allow you to configure a T480 with both the high-resolution display and the plastic slider, it was either-or. The high-resolution display was their premium option that omitted the slider and added two more IR cameras for Windows Hello support.
So in addition to not getting the slider, I also had to disable the IR cameras.
I'm half tempted to buy the version of the display bezel with the slider and see if it'll fit as a replacement.
[1] Yes, yes, assuming you can block all frequencies the camera is capable of detecting.
EDIT: a commenter below said
"Macs newer than 4 or so years also have a feature that forces the LED to stay lit for at least 3 seconds after it has been turned on to prevent the single-frame-grab attack."
I really think an LED is barking up the wrong tree. A built-in hardware cover would have the same effect as the LED, and no one would have to trust it, since the camera would just be recording the back of the cover if it was hacked in stealth mode.
Boy, wait until you find about what's possible manipulating PCB or processor designs (the Bloomberg fiction piece "The big Hack" illustrates what would be possible with just PCB manipulation). Or firmware or anything else proprietary running with elevated rights (normal ones are already enough to cause a lot of damage on most systems).
All you can do is reduce attack surface.
Well, I don't mean to fuel your paranoia, but there are materials opaque to the human eye but not necessarily fully opaque to a CMOS sensor, especially one without infrared/UV filters.
It would be quite possible, trivial even, to design a web camera with a nice built-in black camera cover -- which is transparent to the camera.
I do physically disconnect or cover cameras. My desktop computer has no microphone unless I plug one in. Laptop and phone though? I definitely remember in the aughts that the police could remotely turn your phone into a bug without any user indication at all. To the best of my knowledge the only way to actually be sure you aren't being recorded with your own equipment is to remove power... of course now the batteries are soldered on, totally a coincidence I'm sure.
If your laptop (or iPad, in the case of the latest gen) is an Apple T2 equipped device, this is somewhat relevant (“somewhat” as it’s not directly related to my original reply)
https://support.apple.com/en-gb/guide/security/secbbd20b00b/...
A better solution would be to have the microphone be physically removable, but even then it could have an internal power source and storage...
https://www.youtube.com/watch?v=IKY3hvYKPpA
Too bad it mainly shows your nostrils :(
Can you guarantee the manufacturer followed the design specification for every batch?
Threat models matter.
You can modify the Macbook of course, which is why the paranoid type will still use tape.
Some attacks I've seen will take a photo with the camera as fast as possible so you might not notice, but the light will always turn on.
There was an exploit, over 10 years ago like you said, that allow to disable it. But that was corrected.
Edit
- iıSeeYou: Disabling the MacBook Webcam Indicator LED - This was 2008 - https://jscholarship.library.jhu.edu/bitstream/handle/1774.2...
Looking for t1 links.
Edit 2
Can't find anything confirming the t1 right now..
https://support.apple.com/guide/security/hardware-microphone...
> iSeeYou ( 2008 )
Which is it?
If the attacker has done this, they might as well just hide the camera somewhere else.
It's orders of magnitude easier to get access to a mobile device than to setup a camera in every possible location a target might move to. But they'll helpfully carry the device with them.
Your average blackmailer would be better off with the separate camera route (and likely wouldn't be sophisticated enough otherwise) but a state-sponsored attack could probably pull it off.
The point is whether you will be able to prevent the camera from taking a video/picture you don't want it to.
Unless you can physically disconnect or block the camera, there's not guarantee that a piece of software can't record.
The best Apple can offer here is that you will know the recording was done (assuming you are looking at your computer, and not looking away or in another room) .
A way to overvoltage/current and burn out the LED. Probability low, but nonzero.
More plausible situation: There are times when the camera is pointed at me, but my head is not pointed at the camera. Perhaps I left the laptop on in the corner of a room while it's playing music, or a myriad of other things.
A cover is a simple, foolproof solution to the camera issue.
Yeah, people who don't understand how hardware works.
"Because I saw somebody smarter than I am had a piece of tape over their camera"
https://www.npr.org/sections/thetwo-way/2016/04/08/473548674...
The light indicator in modern webcams is a "physical" indicator. Sure, it won't stop it from being hacked, but it will light up whenever it is active. That part can't be hacked, since it's in the hardware.
It’s a very different threat than most people have.
Most people on hacker news? Unclear.
I think a really large portion of users here would be extremely good attack targets. Developers with privileged access to source code and operations staff with privileged access to systems make up a significant portion of the users here.
Besides: Most people don't accidentally want to show up on a video conference while undressed when they accidentally hit the wrong button in some confusing skeumorphic app specific interface: The LED only warns you after its too late.
And in fact one of the devs was poached by a shady bunch of foreign looking suits who would have fit right in with big brother.
In all fairness you have a split second between the light coming on and the video stream initializing to err hide your shame. What are you doing in front of your computer with no pants on? Naked yoga?
Generally speaking - as developers type away on their packet handling or authentication code, they all too naively believe they won't be a target of a new friend or bribe.
Virtue signaling mostly.
It’s not difficult to open a laptop and remove those components all together. Especially for someone like Zuckerberg.
I think the simplest explanation is whoever was staging the scenery around him didn't think anybody would notice the taped laptop. If they did realize that, they probably would have untaped. It wasn't meant to be a detail you notice or centerpiece of conversation. That's my guess.
> There's a reason Zukerberg's laptop has its mic and camera tapped up
This is an incredibly weakly phrased argument; there's a reason people are flat-earthers as well. The existence of a reason does not automatically make that reason a good one.
I actually take his webcam tape to mean that his security group (which includes people who have serious hardware chops) doesn't think that the investment in a better option is worth it.
Lastly, about that 0day argument. Many camera LEDs are implemented in hardware, which means instead of hardware prevention they have hardware detection. There are reasons for both, and neither is unambiguously better.
The hacking consequences I care about are having my bank accounts drained, not having my picture taken.
At the same time, he's going to be an exclusive target for myriad actors big and small, up to and including entire nations, so extra paranoia is probably warranted.
Given the business he is in, the reason is blatant hypocrisy?
There are probably other ways. Stop trying to shame people just because you haven't thought of a way to bypass this.
The support document also suggests a paper-thin cover, so it’s not attempting to shame anyone.
I don't see how what you're saying supports that. If your point is simply that Apple has resolved camera vulnerabilities in the past, that's nice, but doesn't exactly give me much peace of mind about future vulnerabilities.
Most webcams do report themselves to the OS while inactive, so they are actually communicating with the system (and thus powered)
Point being that the indicator light can be hacked and isn't too be blindly trusted.
Can't hack that without extensive physical access to the machine.
No guarantee it can't be hacked again.
Because Apple said so? I simply don't have this level of trust.
Because someone disassembled their MacBook and reverse engineered things? And that person is trustworthy and competent? That is better, but even if it was true for the MacBook they reverse engineered, suppliers make tweaks to parts all the time. Can I be sure that my MacBook still has the exact same camera?
Because you opened up your MacBook to confirm? Maybe then you can trust it.
If you spend your entire life with a camera pointed at your face, your face (and activity) will be accidentality filmed by that camera sooner or later. Indicator or otherwise. The indicator light is a good idea but I'm still spiritually on the side of the tape people.
Complex systems are hard to secure.
I will gladly trade a millimeter of thickness for increased functionality. It's the same thing where apple will ruthlessly optimize for thickness to the point where they can't cool the CPUs. They literally prefer form over function, as if the tool I use all day every day is an art piece.
Isn't that part of the appeal of Apple products? People will gladly spend more because of the looks, not the functionality.
Like fish said to be the final species to discover water, one mainlander comes to hk and surprise to see us so relax about security. What the law even assume people are innocent until proved otherwise ...
the mentality of hermit in One of the largest population of ... hermits. You just put on your shell.
As now become one of the hermit by force and talked as a hermit, may I suggest they just do it away with the camera. Use a wireless or usb based one. No hacking possible.
Economically (if not ethnically) trust is important as it lower the transaction costs. Chicago school heritage I guess of pre NSO HONG Kong. I switch to my two mac Mini of intel and arm. Unfortunately still have the old 3 cable apple monitor (work well with both 2018 and 2012 MacBook Pro) that have a camera. Guess a cover is ok.
Yeah, not ideal.
1. Electrically blurred glass. 2. Polarizing filters 3. Power kill switch, in hardware. But I guess Applw will balk at this too.
The user controls which apps get to turn on the camera...no one else.
https://appleinsider.com/articles/19/07/29/what-apples-t2-ch... https://en.wikipedia.org/wiki/Apple_Silicon#T_series
Yet the camera on a laptop is the thing that we need to cover? It’s a weird security model, that’s all.
Besides, on a MacBook it sounds like the webcam light is almost impossible to circumvent because of the implementation.
Almost impossible just means it requires lots of money/dedication, but still a T2 chip compromise is scalable and can be done remotely, which is fundamentally different from physically compromising hardware.
But it's not even just for hackers. Zoom had the SUPER annoying habit of turning your cam on when the meeting organiser selected that everyone should cam.
This led to several colleagues being unaware they were being shown at that time. One was even lying in bed and called in from her phone. That's her business, it was 8pm at her location. But now everyone knows.
A hardware slider would have prevented all of these real-world problems.
Poor Apple had already destroyed that for iPhones and iPads but just couldn't do it for their laptops, until now!
https://www.vice.com/en_us/article/akw558/apples-t2-security...
But, I do wholeheartedly endorse right to repair. I'm very bummed about the recovery options for newer laptops with non-removable drives. I was also bummed to hear that ARM-Macs won't have Target Disk Mode.
Those laptops will still be valuable for some parts, but considering now that not only the RAM is soldered to the motherboard, but the SSD too... there's not going to be much left to use.
I find the "theft" argument very hard to swallow for two reasons. First, thieves will consistently steal electronics -- smash-and-grab first, discard later. A thief unable to sell your irretrievably lost phone is a pyrrhic victory, to be sure. Thieves with domain knowledge may be savvy enough to stay away, but I would bet that is rare and more limited to organized theft rings.
Secondly, and more damning, Apple has repeatedly paid lobbyists to parrot the anti-theft security scenario at hearings discussing enacting right-to-repair laws (as well as spreading misleading FUD on repair safety). Apple could work with legit recyclers to find sustainable ways to recover donated products, but they very deliberately refuse to. IMO this makes their security arguments suspect.
In general, I'm very distrustful of a security model that relies so heavily on their cloud holding all the keys.
I do think we're talking about different secondhand markets--or at least different large sections of it. Buying/selling working Macs aren't affected. That's the only one I've ever dealt with. I do think I was wrong above about non-working Macs--I do think there will be no resale value if they had a T2 chip.
> I find the "theft" argument very hard to swallow...
Multiple cities cited 25-35% drop when activation locks were rolled out. Personally, I've only had iPhones stolen before this. I do think most are crimes of opportunity, but a large chunk, especially if they're stealing multiple phones, know how they're going to unload them. But, I don't think this T2 repair thing is relevant. I don't imagine thieves parting off stolen phones because it's not worth it. Even organized crime.
I do agree Apple has misrepresented the situation and right to repair is one of the few topics I write to my representatives about.
Agreed, thieves aren't parting off stolen phones. I was referring primarily to unattended property theft (car break-ins, theft from public spaces, etc.) not muggings. Probably depends on what is driving the crime.
The main problem with that isn't that it is possible to disable the LED. The problem is that the LED is like a smoke detector, when it alerts you it's already too late, you are on fire (or your photo/video has already been taken). An indicator LED doesn't protect your privacy, it only tells you when it has already been breached.
You will have plenty of notice.
It's not just 'incriminating footage' that's the problem. There are perfectly legal sites I visit that I'd prefer didn't have a photo identifying me. Takes only seconds to snap such a picture if using an exploit like the safari one in April.
Is there a database of laptops that do this correctly?
I guess you'd also want the microphone physically disconnected when the cover is closed, or at least have the LED visible when the cover is closed.
Possibly move the ambient light sensor to the side, leave more space for tape/cover, or add a hardware cutout switch.
Besides, on current versions of macOS, you need to grant permissions to an app before it can use the camera.
Is this verifiably true? I trust Apple on security matters more than the average laptop maker, but the fact that so many of these indicator lights are software-controlled erodes my trust in basically all of them.
> All cameras after that one were different: The hardware team tied the LED to a hardware signal from the sensor: If the (I believe) vertical sync was active, the LED would light up. There is NO firmware control to disable/enable the LED. The actual firmware is indeed flashable, but the part is not a generic part and there are mechanisms in place to verify the image being flashed. […]
[1] https://daringfireball.net/2019/02/on_covering_webcams
[0]: https://supporters.eff.org/shop/laptop-camera-cover-set-ii
[1]: https://www.amazon.com/C-Slide-Sliding-Computers-Chromebooks...
[2]: https://i.imgur.com/P264KiI.jpg
https://supporters.eff.org/shop/laptop-camera-cover-set-ii
Been using them for years, and they work great!
https://www.youtube.com/watch?v=aZByDkSuY5c