It is interesting. If it's known which bus the camera is in, why continuously deliver power to it? There must be some reason as to why it's a bad idea to constantly power buses as needed. Then again, that's how removable devices work, so?
"while you’re apparently not allowed to directly interact with that LED light through approved APIs, if you’re a malicious user you can totally get away with it."
I'd like to see evidence of this on any Mac made in the last 10 years.
Note that this hasn't been a problem for Apple hardware released after 2008, according to an Apple engineer:
> All cameras after that one were different: The hardware team tied the LED to a hardware signal from the sensor: If the (I believe) vertical sync was active, the LED would light up. There is NO firmware control to disable/enable the LED. The actual firmware is indeed flashable, but the part is not a generic part and there are mechanisms in place to verify the image being flashed. […]
Scroll about halfway down, there's more detail that I haven't quoted.
Even when they have the hardware LED, it doesn't help you if you're not looking at the device. I often leave my laptop and phone unattended and prefer to have the peace of mind knowing that they cannot possibly observe anything. I wish I could cover the microphone in a similar way.
> but when I get my hands on them the build quality is horrendous. I just figured they were too cheap to wire in a little LED light to let you know when the camera is running.
Shoddy? The author obviously never actually used a modern Windows laptop, and just listens to the fanboys on the Apple zealot forums.
My Lenovo Yoga has a light and a mechanical shutter to cover the camera. There's also a hot key that disables the camera on the driver level as an extra measure.
And they build quality and keyboard are much better than any Apple laptop, the screen resolution is higher, and there's an NVidia GPU.
Yeah, as long as one stays away from the cheapest lines, Lenovos are pretty good (and yes, they all have a LED camera light nowadays). I reckon their trackpad is worse than in MBPs, but they more than compensate for it with a much better keyboard.
This problem is pretty much solved outside of the apple laptop line. The solution is a simple physical shutter that you can shut or open whenever you want.
I’d be surprised if state actors didn’t already have this kind of capability, but you also have to trade it off against the degree to which you are or are not a high-value target.
I don’t understand the big deal with covering webcams.
If someone has that level of access to my Mac, they can record my screen, log my key strokes, and can access all my emails, bank accounts, and browser history.
Why would they want some photos of my face? What do they have to gain? That seems like the least of my concerns
It’s the same as or worse than letting someone peer in your window all day while you’re in your home office. Surely you can understand why other people aren’t interested in that sort of setup.
If someone stood outside your window everyday pressed up against the glass quietly watching you, wouldn’t you be suspicious of their motives? You’re right in that the value of headshots aren’t particularly valuable, so what then are they hoping to gain from watching your every move?
> Why would they want some photos of my face? What do they have to gain? That seems like the least of my concerns
I honestly do not understand this line of reasoning. It's unjustifiable. I mean, here we have an attack vector with a colossal potential to do you harm, and here you are arguing against a basic safety measure because you're able to think about other attack vectors? How does that even start to make any sense?
It’s like saying “make sure you lock up all your family photos in a safe, because if a burglar breaks in they could steal them”.
No, if they have access to my house they will steal my cash and TV. I fail to see why some photos of my face would be something someone with root access would care about in the slightest.
Folks aren't worried burglers will steal their photos because the photos are objectively precious, they are worried that the photos will be stolen because burglers steal things which are precious, and since family photos are considered precious to most people they make a faulty connection. It's irrational, but so is most everything we do as a society when you look at it closely.
Webcams being hackable means people can begin to irrationally fear for their privacy in their own homes. Rather than be free to move about and do as they wish, they second-guess whether someone would be watching, and even though they have no logical obligation to appease this unknown third-party's desires for propriety, they're going to be concerned about breaking norms. "I hope I don't look like a slob, or pick my nose, or start whacking it or ... " anything, because we all have a nervousness about being a particular way when others are around, even when we don't know those people or, as in this case, those people have no right to be there in the first place.
It's dumb and irrational and you can dissect it a million different ways and wax poetic about what it "says about society" or human psychology, but in the end it's just another expectation most people have - that their privacy in certain places will not be invaded and they are free to let their guard down - and as engineers and developers and everything else, it's our job to work within those constraints if we want user adoption, or at least if we want good-will.
Is it rational that people want privacy but they also want to post their thoughts and photos and videos online where anybody can see them forever? Nope. That's humans for you though, and the people who capitalized on letting them do it are now wealthier than most of us can imagine. Finding a way to reliably both actually make a webcam free from being useful to hijackers, and to prove to and convince the public that it is so, is a lucrative opportunity - I would say especially so in this new pandemic age.
It’s great to see the original author update the article & admit that he was incorrect. He even goes as far as to say that despite the embarrassment he’ll leave the article up. My favorite assetrtion from the article is "Apparently though, someone decided that they’d do it in software” referring to using software to illustrate when a camera is active. That statement alone is a red flag. When would Apple let a lone person decide something like that? But he does site an unnamed friend who has a PHD in Computer Science and thus would be intimate with the inner workings of Apple’s hardware for the last decade. To me, the issue with that article has nothing to do with laptops, cameras, or bloggers; it’s the lack of facts and fact checking. How we do we solve this? This isn’t really “fake news” … it’s bad news at best, based on mistaken assumptions. Seriously, how could software detect that this was a terrible article? This seems to be the biggest problem to solve today ...
21 comments
[ 0.18 ms ] story [ 56.2 ms ] thread> All cameras after that one were different: The hardware team tied the LED to a hardware signal from the sensor: If the (I believe) vertical sync was active, the LED would light up. There is NO firmware control to disable/enable the LED. The actual firmware is indeed flashable, but the part is not a generic part and there are mechanisms in place to verify the image being flashed. […]
Scroll about halfway down, there's more detail that I haven't quoted.
https://daringfireball.net/2019/02/on_covering_webcams
The problem is not that I want to know when I'm being watched. I just don't want to be watched at all.
No such problems with a physical cover.
It’s quite simple, really - the indicator only works if I look at the indicator. A sticker works all the time.
I guess it's a layered security situation.
>The camera is engineered so that it can’t activate without the camera indicator light also turning on. This is how you can tell if your camera is on.
https://support.apple.com/en-us/HT211148
If they have evidence otherwise that would be some news.
Shoddy? The author obviously never actually used a modern Windows laptop, and just listens to the fanboys on the Apple zealot forums.
My Lenovo Yoga has a light and a mechanical shutter to cover the camera. There's also a hot key that disables the camera on the driver level as an extra measure.
And they build quality and keyboard are much better than any Apple laptop, the screen resolution is higher, and there's an NVidia GPU.
I’d be surprised if state actors didn’t already have this kind of capability, but you also have to trade it off against the degree to which you are or are not a high-value target.
If someone has that level of access to my Mac, they can record my screen, log my key strokes, and can access all my emails, bank accounts, and browser history.
Why would they want some photos of my face? What do they have to gain? That seems like the least of my concerns
If someone stood outside your window everyday pressed up against the glass quietly watching you, wouldn’t you be suspicious of their motives? You’re right in that the value of headshots aren’t particularly valuable, so what then are they hoping to gain from watching your every move?
I honestly do not understand this line of reasoning. It's unjustifiable. I mean, here we have an attack vector with a colossal potential to do you harm, and here you are arguing against a basic safety measure because you're able to think about other attack vectors? How does that even start to make any sense?
No, if they have access to my house they will steal my cash and TV. I fail to see why some photos of my face would be something someone with root access would care about in the slightest.
Webcams being hackable means people can begin to irrationally fear for their privacy in their own homes. Rather than be free to move about and do as they wish, they second-guess whether someone would be watching, and even though they have no logical obligation to appease this unknown third-party's desires for propriety, they're going to be concerned about breaking norms. "I hope I don't look like a slob, or pick my nose, or start whacking it or ... " anything, because we all have a nervousness about being a particular way when others are around, even when we don't know those people or, as in this case, those people have no right to be there in the first place.
It's dumb and irrational and you can dissect it a million different ways and wax poetic about what it "says about society" or human psychology, but in the end it's just another expectation most people have - that their privacy in certain places will not be invaded and they are free to let their guard down - and as engineers and developers and everything else, it's our job to work within those constraints if we want user adoption, or at least if we want good-will.
Is it rational that people want privacy but they also want to post their thoughts and photos and videos online where anybody can see them forever? Nope. That's humans for you though, and the people who capitalized on letting them do it are now wealthier than most of us can imagine. Finding a way to reliably both actually make a webcam free from being useful to hijackers, and to prove to and convince the public that it is so, is a lucrative opportunity - I would say especially so in this new pandemic age.