First, you have to trust Apple that the indicator _really_ can't be disabled. You also have to trust that there isn't a vulnerability Apple is not aware about that could allow rolling the camera without the light coming on. This has happened in the past [0] and there are known Apple products that are vulnerable, yet the statement never mentions this making you believe it's impossible.
Second, once the camera light is on, the data has already been captured. The light just told you about it, not prevented it. The plastic cover or a piece of tape does prevent it even if your laptop security is compromised.
Third, in a world where remote conferences are more and more common, more and more software doesn't do a very good job at letting you know when it's about to enable your camera. You might click on a link to an all hands conference to listen in while you're changing only to have the software helpfully enable the camera and broadcast you for the rest of the company. I believe in big conferences organizer may sometimes control other ppl's camera as well. You can totally imagine a scenario when the organizer misclicks and enables the camera for the wrong person instead of a scheduled presenter.
> First, you have to trust Apple that the indicator _really_ can't be disabled. You also have to trust that there isn't a vulnerability Apple is not aware about that could allow rolling the camera without the light coming on.
I have made this point several times throughout this thread, so I apologize for repeating myself:
Every laptop Apple has manufactured in the last ten years has an LED connected to the same circuit which powers up the camera. You cannot send power to the camera without also sending power to the LED, which will in turn cause the LED to light up. Unless the LED is broken, in which case you will know because it will never light up.
If you manage to find a vulnerability in this system, I don't think I even mind, because you've also broken physics and very possibly found a way to generate unlimited electricity forever.
> Every laptop Apple has manufactured in the last ten years has an LED connected to the same circuit which powers up the camera.
At the very least, I need a citation or an official statement. Because clearly, this has not always been the case [1]:
We describe how to disable the LED on a class of Apple internal iSight webcams used in some versions of MacBook laptops and iMac desktops.
[..] our investigation of the iSight revealed that it is designed around a microprocessor and a separate image sensor with an indicator LED sitting between them such that whenever the image sensor is transmitting images to the microcontroller, a hardware interlock illuminates the LED. We show how to reprogram the microcontroller with arbitrary, new firmware. This in turn enables us to reconfigure the image sensor, allowing us to bypass the hardware interlock and disable the LED.
[..] iSight webcam [was] found in previous generation Apple products including the iMac G5 and early Intel-based iMacs,MacBooks, and MacBook Pros until roughly 2008
Whatever reason Apple had to design the camera system this way back in 2008, is probably still a valid reason (cost, hardware simplicity, spacial constraints etc.). It means Apple and others have incentives to build camera systems that are easier to compromise. It's enough for me to worry.
The problem is that the average user has no way to verify this and also the light doesn't prevent the camera from turning on, it merely notifies you that the camera is on.
A manual, physical barrier, especially an aftermarket one, solves those issues. Personally, I use electrical tape.
You’re focused on the wrong part of the chain here. As the camera system is only as weak as it’s weakest link, if Apple indeed made a circuit connected to the LED (and I fully trust you on that), then the weakest link is elsewhere: company provided laptops are often altered prior to be given to an employee. I know of colonies who install software to track messages etc. What’s to say the same companies don’t alter the circuit board to modify the LED behavior?
There is a risk/reward/effort to look at, putting a small piece of tape is low risk / low effort / high reward (if your company actually angers laptops).
Why do I even have to trust Apple and physics here? Why can't Apple just provide a physical lid for the camera to disable it. Why even take that chance.
I trust you absolutely and toally on this. Why wouldn't I?
But if you had your entire net worth riding on it, would you trust yourself to be infallibly correct or would you trust something along the lines of a post-it note to be completely sure? You know, if your life depended on it on every single possible model of apple laptop in all circumstances imaginable? (Do we include if your laptop was interecepted and altered by a hostile agent? Because we know that happens too...)
Please, share the circuit for the LED. To take a picture, it takes 4ms - a human eye would not even register that LED turning on.
I don't think I even mind, because you've also broken physics and very possibly found a way to generate unlimited electricity forever.
Unless there is an option to send higher voltage to the camera (control the VRM) and increase the current through the LED wear it off quickly for instance. The statement is incredible condescending, esp. given no link to actual schematics.
> You cannot send power to the camera without also sending power to the LED, which will in turn cause the LED to light up. Unless the LED is broken, in which case you will know because it will never light up.
You make multiple assumptions here
1) You assume that the during the time that passes between the LED breaking and the user noticing, there was not a single attack or a single blunder that caused the camera to turn on and record/capture something that was unintended.
2) You assume that the LED breaks deterministically. The LED can break randomly. Maybe it lights up when nothing is being recorded resulting in a false positive. The user has no way of differentiating between a false positive and a true positive which can result in unintended captures.
3) Similarly the LED can break in a way where it sometimes doesn't light up when something is being recorded even though power is always sent to the LED when the camera is on resulting in a false negative. Again, the user has no idea of differentiating between a false negative and a true negative.
> If you manage to find a vulnerability in this system, I don't think I even mind, because you've also broken physics and very possibly found a way to generate unlimited electricity forever
> Every laptop Apple has manufactured in the last ten years has an LED connected to the same circuit which powers up the camera. You cannot send power to the camera without also sending power to the LED, which will in turn cause the LED to light up. Unless the LED is broken, in which case you will know because it will never light up.
In order to accept this argument I need to trust that you, an internet rando I know nothing about, are telling the truth AND that it'll remain so for any future Apple models. I think no matter how confident you're in your assessment of the current Apple hardware, you can't in good faith argue that they will not change course in the future for whatever reason.
Also, again, they already messed it up once in the past. It won't be hard to imagine that they will do it again some time in the future or already doing so.
This is admittedly a bit of a movie plot threat, but could an evil maid attack rewire this, then later malware takes advantage of the rewiring?
IMHO layers of security are good.
On my end I worry about the risks of constantly just leaving my Mac, which has filevault enabled, simply protected by a screensaver. Is that less secure than if I put it to sleep? And presumably turning it off completely is safest?
How do I make informed choices about how much "locking" to do when I step away?
These are all things I think about reading an article like this, and I'd love to hear other's thoughts.
Yet Dell and some other laptop manufacturers started to include a physical privacy slider right in the hardware. Considering Apple stance on privacy, I hope they consider this at some point.
I think the third point is especially strong argument for having the cover. It gives you a second physical layer of security rather than possibly a button you might automatically click away and it gives you the opportunity to join the call first and then decide to actually share (e.g. if the setting is more formal than expected or if the other side isn’t sharing).
Relying on the light going on after the fact is a much weaker protection, the user may have opted in to always letting an app use a camera and between the 15 or so UIs that the conference apps have the user might miss that it actually turns the camera on unless the button is clicked.
Now if apple were to release an os Level protection that automatically pulls up a screen showing what is shared from the view of the camera and asks for that approval, that would improve this situation.
> Now if apple were to release an os Level protection that automatically pulls up a screen showing what is shared from the view of the camera and asks for that approval, that would improve this situation.
That doesn’t help for the attack that many people are using here, which is if the software on your machine is compromised.
I had to switch on my camera for a video call for the first time yesterday. (I can usually get around it and do audio only)
Removed the piece of electrical tape I had over the camera to find the image was completely blurry from the glue. Good to know if it ever falls off and I don't have tape to replace immediately.
Our company's video conferencing software has multiple "modes" for a conference call, which the moderator could configure. Hardly anyone ever changed the mode, but at one point while trying to configure something unrelated I ended up switching modes in the middle of the conference call. To my horror the software immediately turned on everyone's camera.
Luckily the strain of streaming 40 video feeds to everyone 40 participants pretty much locked up the call, but for a brief moment I was able to enable approximately 40 cameras from people who were just sitting in their houses, who knows how dressed or what was going on behind them (I tried not to look).
I'm pretty sure we can apply Hanlon's Razor here and assume it was just an innocent bug: it's not hard to see how joe programmer might have overlooked the default settings when the mode is changed during some completely unrelated refactor. But whatever the case, as long as video conferencing remains lucrative vendors will continue to pack features into the software, and as long as they keep adding features, they will continue to create additional edge cases to trigger these incidents.
> First, you have to trust Apple that the indicator _really_ can't be disabled.
I'm not disagreeing with your other points nor am I saying that this isn't the case nor am I a fan of any apple products... However designed circuits to implement such functionality is quite common.
This one is one of the most solid points. Remember Tim Apple saying "When we work on making our devices accessible by the blind, I don't consider the bloody ROI."?
Not to mention the CIA had an exploit for Samsung TVs that recorded audio even when the TV seems to be turned off[1]. It is better to have peace of mind by blocking the camera physically.
I agree, the official statement is comparing pears and apples. A led gives you no control.
The real alternative to a cover would be a physical on/off button next to the camera which would physically connect/disconnect the camera behind the hood.
I also thought about another point recently. Many companies hand out Apple laptops with pre-installed software to their employees. It's not entirely unrealistic to imagine that some of the pre-installed software is intended to spy on the employees to make sure they don't use company hardware to do anything weird and takes screenshots and camera shots occasionally.
In this kind of situations you'll see the LED and you'll know what's happening and you'd much prefer to have a physical cover on your webcam.
Any points like "but the LED is directly fed from the power line" are moot.
(1) With a mechanical shutter, the state of blocking can be trivially and reliably inspected. With electrical control, this is not the case.
(2) A mechanical shutter works by making it physically impossible for the camera to see anything, while powered or not. With any electrical control, this is nit the case.
So, either you use a mechanical shutter, or all bets are off.
You have to use some operating system at the end of the day, and vulnerabilities can impact any of them. You might as well trust Apple as much as the next company, since all of them are liable for millions of lines of code, and it's likely they all presently have undiscovered vulnerabilities.
They trust the physics, simplicity and verifiability of a cover more than they trust the invulnerability of Apple's black-box software & hardware implementation.
there are ways to get over other forms of trust, for example: use being pseudoanonymous. There is no way around video, unless you happen to wear a mask.
I used to work at Discord. There's a reason virtually every Trust and Safety (the division that handles online harassment cases) Associate has a physical covering over their webcam.
Regardless of how bad actors are accessing these photos, its eminently obvious that people are getting webcam photos of them taken without their knowledge.
I was very skeptical of the camera covers, but then through conversations with some of my co-workers, I realized that they weren't being used because people were worried about spies secretly turning on the camera. It was 90% of the time just peace of mind that their camera was actually off, instead of having to find the sometimes hard to see options in video chat programs etc.
Exactly this. I use one for these reasons, in descending order of practical concern:
1. I don't want to broadcast myself during a meeting when I'm not prepared, or perhaps leave a meeting open by accident.
2. If a bad actor does access my camera, I won't necessarily notice the indicator light, especially if I'm not actively using the computer at that moment.
3. I don't trust the indicator light to be permanently unhackable.
Right. And some apps like WebEx turn on the camera by default, which is insane but happens and until you click to turn it off, you're live.
Also, if you're using an external display, then how are you supposed to notice the green light on the MacBook sitting next to the display?
That Apple article is nonsense. I put a black tape over the camera and I know nothing including hacks can broadcast unintended scene. It's easy to remove the tape when I actually have to which isn't too often for me.
Same on all counts, though I went a step further and wired in a microminiature slide switch to completely power off the camera. That way applications see "no camera" unless I go out of my way to power it on. I painted the "on" side of the switch in retroreflective paint so I can see when it's on at a glance too, whether the camera is in use or not. This was on a thinkpad though, I doubt macos would tolerate a disappearing camera.
I've actually been on calls when the person did not want to show their webcam (and I had never seen them face to face) and did not notice they were showing their webcam due to having several screens.
This should really be the standard for laptop webcams. The T480 webcam cover is flush with the bezel and you barely even notice it because it's so subtle. One of my favorite features.
Yeah, I have the X1 Carbon and there is nothing that is ever going to make me as comfortable as a little piece of plastic that sldies in front of the lens of the camera.
Current cheap ones have them- my daughter has one for college. She had to use it for remote college for the pandemic- but it was the first time we used the webcam on that computer. We used an external webcam a few times because we thought the internal one was broken, but the door was just closed...
I quite often accidentally turn on the camera without intending (usually because an app automatically turns it on) to. Having a cover prevents me from being embarrassed by an unexpected exposure.
I've always used a sticker (black dot-shaped) or a piece of post-it note. Post-it is really convenient but it's ugly.
I still think the best solution would be to have no builtin camera or microphone. Just have something like the iSight that you manually and thus willingly connect to your thunderbolt. Works with your external monitor as well and you can orient it the way you like. It would also have better overall image and sound quality (low light, more shallow depth of field, etc.). And on the plus side for Apple and its shareholders, it's another $499 essential.
The UI pattern of a button with a crossed-out camera/mic always makes me think twice: is it a status indication that my camera is off, or is the button's action to turn off my camera (meaning my camera is on)?
I cover my camera to avoid that 5s mental dance at the start of every meeting.
Yeah, I started using to LARP, but it's actually huge for peace of mind. When I'm in meetings and I want to make sure that nobody can see make butt naked, I place the webcam cover. The person caught peeing on a zoom VC[1] would never have happened with a webcam cover.
Also, I am really worried about microphones. I have 2 google homes, 6 siris (iPhones and apple watch), a portal, a number of macbook pros and airs, a PS4, ... any of these devices could be listening to me at all time :/
I have the same with my headset. It has a physical mute button for the microphone, which I engage as soon as I'm done talking in Teams or similar. It's a dumb switch, so instant and with no annoying woman telling me I muted. Being a dumb switch it's also tactile, so I can tell by feel if I'm muted or not.
That way I don't have to worry about my annoying my colleagues by my mechanical keyboard, occasional excess gas events or similar.
The Huawei Mate book X Pro has a key on the keyboard that when pressed flicks up a camera. When it is down it shows a black hole inside the keyboard. When it is up it shows a great angle directly up your nose and typing when in a video call shows your hands really clearly. But it is still an interesting way to do it.
On my work laptop, my employer could conceivably turn the camera on to monitor me in some way. I don't think they would, but still I put tape over the camera because I don't want them to be able to do that.
I never really understood the point of camera covers.
If my computer is compromised to the point where an attacker can access my camera and microphone, information from my camera and microphone are the least of my problems.
Sure, someone could grab all my files, email, etc. That would be damaging.
But if I'm having a sensitive conversation in my home/office with someone and the camera and/or microphone come on, that could be damaging as well.
FWIW, I use a camera cover and Oversight[0] to tell me when an application uses the camera or microphone. It doesn't prevent it from happening, but at least I'm aware if something is going on. The weirdest thing I've seen yet is that the iOS Simulator uses the microphone.
Now I'm old enough that there's money in the bank accounts I access online, and I can afford a home big enough that the room I use my computer in isn't the room I get dressed in and have sex in, absolutely.
But if I was giving a computer to a 12 year old or 16 year old - what else is the hacker going to take? Their online gaming account?
Per OPs comment - it isn’t about a compromised system for me at all at least. If I’m in a video conference at 6am in my pjs I’m just a button click away from everybody seeing me. Camera cover let’s me know I can’t accidentally do this (and it has saved me on multiple occasions).
None of the proposed solutions do anything to actually stop the camera from taking a picture of you. Sure, you'll see the indicator light up for 3 seconds. But the attacker still got what they needed.
Camera covers have nothing to do with identifying compromise. They are strictly for preventing compromise. This is exactly opposite what a camera indicator light does, and thus the indicator should not be considered a "workaround" for not being able to install a camera cover.
Newer Thinkpads are the only laptops I've seen which bring their own camera shutters. Thinking how often you see people putting tape over their camera, it's quite astonishing build in shutters aren't more common. It's a tiny piece of plastic, costing nothing.
Now what I want is a hardware microphone switch, where the off state actually connects to a noise generator.
This could be solved in software at the OS-level with a permission dialog that popped up every time the camera was asked to be activated (as opposed to an ongoing website permission). Which would be overly annoying for most, but appreciated by a privacy-conscious minority.
But unless Apple ever did that (doubtful), once you see the green light it's already too late.
It does make me wonder if something like that could ever be done with a kernel extension or similar?
Personally I think a hardware switch that disabled the mic and camera is the best route. Engineers would have to be honest in actually connecting the switch directly to the camera rather than resorting to some firmware tom-foolery. Then you could wire the indicator to the switch as a visual reminder that your camera is attached to your PC.
It would be annoying as hell. I find annoying having to open the settings to grant the camera permission, if every time I have to make a call I have to give permission to the camera, no way.
Apart from that, I would be absolutely amazed if there isn't at least one failure mode of the led itself that allows the camera to turn on despite no light being emitted. Probably too rare for most people to worry about, but still.
I really get why people want a cover, and I think Apple are being a bit disingenuous trying to convince people they don't need one.
It's fine they warn about the danger of cracking the screen, but that entire "we protect your privacy spiel" was rather terrible, and also quite misleading as you so clearly pointed out!
This seems like a pretty mild warning for folks who might stick a bulky cover on their camera and press down / pack their laptop tightly and now have wedged part of the screen open with the cover.
I'm a fan of using painters tape.... pretty low profile, easily removed, stays on really well. Also the weird blue glow you get when the camera is on tells you pretty quick "Hey there's a cover on there" where sometimes with the all blackout covers ... I can't tell.
I renew my calls for all devices to have an led indicator (good on Apple here) and a physical switch that cuts power to mics and cameras for all devices with them. With the endless layers of software we have today, I have trouble trusting anything but cutting power.
> I'm a fan of using painters tape.... pretty low profile, easily removed, stays on really well
The cleverest solution I've seen that is 1.) easily toggled, and 2.) harmless to screens is a coworker who built a little vinyl veil that attaches to the top back of their monitor. They can flip it forward to cover the camera, or flip it back to use it. But if you close even the tightest of lids with a couple microns of vinyl in there, it's harmless. Bada-bing, problem solved, and they only used a penny or two worth of materials.
My wife uses a tiny speck of Blu Tak. It’s soft so just gets squashed flat when the lid closes and it’s designed to be infinitely reusable and come off things without leaving a mark. She just pulls it off and sticks it a few cm to the side of the camera when she wants to use it. She’s been doing it for 3+ years (same piece) and it’s genius.
It does not have to be a bulky cover. I used an extremely low profile webcam cover on my 2015 MBP for 3 years. I put a similar one on my 16" MBP, and it destroyed the screen after a couple weeks.
Specifically, this is the webcam cover I was using:
I've been using this exact same cover on 3 different MBPs (yes I use 3 MBPs simultaneously, a 2016 13", a 2019 13", and 2019 15") for almost a year and haven't noticed anything even remotely close to it damaging the screen on any of them.
I actually just tested it, and the cover doesn't even make contact with the lower half of the MacBook when closed. The cover fits into the trackpad area, which is recessed. I don't see how it could possibly damage the screen without me putting enough pressure on it where the screen would have been damaged regardless.
Does the 16" have a shallower trackpad or a thinner rubber gasket around the screen than the 13" and 15" models? Even for Apple, it sounds insane that they would create something so fragile it could be broken by a 0.02" piece of plastic.
I used this on the 2016 for years, but even though it's incredibly thin, it is too thick for the 2020. Would love to find a replacement if anyone has a suggestion.
Ahh, thanks for the link. The webcam covers I'd seen in the past were just removable plastic stickers, and I was having a hard time visualizing what counts as "thin".
One of the photos shows them be about as thick as a credit card.
But it's also a sign about Apple not doing a good wrt. making their premium products robust.
With many other Laptops in that price range you would either have to use a very fat cover or apply a amount of pressure which might damage your laptop anyway. I just tried it (carefully) with my laptop and the screen has enough "play"/"flex" to handle it just fine.
PS:
Fun fact as far as I remember a number of webcams with LED indicator allow (or did allow in the past) anyone using the camera
to switch off the indicator without stopping using the camera...
>Fun fact as far as I remember a number of webcams with LED indicator allow (or did allow in the past) anyone using the camera to switch off the indicator without stopping using the camera...
While this is still true for many laptops, it hasn't been true for MBP for at least the past 5 years (cannot be bothered to find the exact year), even if someone has full root access to the machine. I say that, because the camera LED on MBPs these days is hardware activated, not software. So if the camera is active on hardware level, the LED indicator will go green, no matter what.
I consider the piece of tape over my laptop camera like face masks. It may not be perfect nor pretty, but it's damn effective, and I feel better having it on.
For the whole damage from using a camera cover thing, I simply bought as low a profile one as I could find and used a few small felt pads in the top 2 screen corners and next to the camera just outside the width of where the touch pad is (keeps pressure off the pad so the sensor doesn't crack).
I had a laptop that just was a pain to pick at with your fingers to open... I just shoved a bunch of paper in there for a while before I went with your solution, some little rubber clear grippy pads in the corners to get it to stand away from the body just a bit.
I use 3M blue multi-surface masking tape on all my devices. I've had a piece on my surface laptop screen for several months now and it is still leaving no residue after removal. I also like to cover the microphone cutouts if feasible (these are directly adjacent the webcam on my laptop).
This happened to me. Twice. I bought a 16" mbp when it was released because the keyboard of the previous mbp gave me carpal tunnel. I immediately added a camera cover like I always had done on macs. My screen stopped working a few days later, but mbp still worked on my external monitor. I took it in and they replaced the display for free via applecare.
Once I got my mbp back, I added the camera cover again (stupidly). The next day I opened my mbp, and had a line down the center of my screen. That is when I realized what had happened. I then told Apple exactly what I think happened. And to their credit, the replaced it (again) for free.
Over the next weeks, I received 3 different calls from Apple staff, with seemingly increased responsibilities. They all asked detailed questions investigating what I thought happened and in what sequence.
We had to issue an internal notice to our 16" recipients after the first cases started coming in a few months ago. The second most common damage is pressure from pinching the screen to the bottom case during a one-handed pickup. A good squeeze walking between meetings is enough to crack it.
The latest MBPs are exceedingly fragile, can't run two displays from separate TB controllers without throttling, and have had more DOA batteries than any series I've ever encountered to date. This isn't even getting into other models.
How powerless is their QA that they'd let Operations dictate design unchecked? It feels like externalising their expenses taken a leap too far.
My company provides a ~1.2mm thick plastic cover with a little slider inside. I didn't even trust it enough to be used on a thinkpad, much less a macbook
What I do now is either ripping off a small piece of the sticky top of sticky notes (keep the remainder for later reuse) or a piece of washi tape.
Yeah looking at the thickness of most camera covers, I always thought "hmm this might damage the display if I close it". Well looks like this support article proves my point. I always used sticky notes or other stuff. Now thought I've got a standalone webcam that can tilt up and down so I just tilt up so it's facing my ceiling.
I look forward to getting extorted by hackers threatening to tell the world what my ceiling looks like.
If you're going to cover it, use a sticker, like the EFF stickers here[0]. They're reusable, so you can move it to the side for meetings. I used a hard plastic MongoDB-branded sliding camera cover on a couple laptops[1], and its presence appears to have contributed to backlight bleed like this[2].
Came here to say this. Have been using the EFF stickers for years and everyone always asks about them vs the kludgey plastic ones everyone wedges in there that Apple is making note of. I've used them in the past on my phones as well, but given the advent of multiple front facing cameras this has become more of a pain. I purchased some of this sticker material a while ago with the intent to try and laser cut some specific designs. This was a good reminder!
I've used the same EFF sticker for about 5 years now. They are great and whenever it stops sticking, I just rinse it off under warm water and let it dry. Good as new again.
The glue used for those varies, so you may end up with sticky glue on your webcam after removing the sticker (maybe that's good though if it falls off by accident)
Apple is completely missing the point. Primary reason to cover cameras is to avoid anything being recorded by accident, not just to stop hackers RATing you. Now with everyone working remote this has become even more important as it's super easy to get into the video conference with wrong settings and end up in an embarrassing situation. Activity LED doesn't help with this, when you see it damage is already done and Youtube is full of zoom bloopers to prove this. Of course, preventing hackers accessing your camera is just an extra feature. So I'll keep my cover on regardless what Apple says. I use just a piece of regular paper so it's not entirely blocking the light, light sensors work just fine, and also it's very thin so laptop shuts down normally without any problems.
Readit News
First, you have to trust Apple that the indicator _really_ can't be disabled. You also have to trust that there isn't a vulnerability Apple is not aware about that could allow rolling the camera without the light coming on. This has happened in the past [0] and there are known Apple products that are vulnerable, yet the statement never mentions this making you believe it's impossible.
Second, once the camera light is on, the data has already been captured. The light just told you about it, not prevented it. The plastic cover or a piece of tape does prevent it even if your laptop security is compromised.
Third, in a world where remote conferences are more and more common, more and more software doesn't do a very good job at letting you know when it's about to enable your camera. You might click on a link to an all hands conference to listen in while you're changing only to have the software helpfully enable the camera and broadcast you for the rest of the company. I believe in big conferences organizer may sometimes control other ppl's camera as well. You can totally imagine a scenario when the organizer misclicks and enables the camera for the wrong person instead of a scheduled presenter.
Camera covers solve all of those problems.
[0]: https://jscholarship.library.jhu.edu/handle/1774.2/36569
I have made this point several times throughout this thread, so I apologize for repeating myself:
Every laptop Apple has manufactured in the last ten years has an LED connected to the same circuit which powers up the camera. You cannot send power to the camera without also sending power to the LED, which will in turn cause the LED to light up. Unless the LED is broken, in which case you will know because it will never light up.
If you manage to find a vulnerability in this system, I don't think I even mind, because you've also broken physics and very possibly found a way to generate unlimited electricity forever.
At the very least, I need a citation or an official statement. Because clearly, this has not always been the case [1]:
We describe how to disable the LED on a class of Apple internal iSight webcams used in some versions of MacBook laptops and iMac desktops.
[..] our investigation of the iSight revealed that it is designed around a microprocessor and a separate image sensor with an indicator LED sitting between them such that whenever the image sensor is transmitting images to the microcontroller, a hardware interlock illuminates the LED. We show how to reprogram the microcontroller with arbitrary, new firmware. This in turn enables us to reconfigure the image sensor, allowing us to bypass the hardware interlock and disable the LED.
[..] iSight webcam [was] found in previous generation Apple products including the iMac G5 and early Intel-based iMacs,MacBooks, and MacBook Pros until roughly 2008
Whatever reason Apple had to design the camera system this way back in 2008, is probably still a valid reason (cost, hardware simplicity, spacial constraints etc.). It means Apple and others have incentives to build camera systems that are easier to compromise. It's enough for me to worry.
[1] https://jscholarship.library.jhu.edu/bitstream/handle/1774.2...
Taking a quick photo doesn't illuminate the LED for long enough for a human to reliably notice.
"because you've also broken physics "
Or merely recognized the role of the human element. A shame, Apple was once good at this.
A) trust that in your actual laptop in front of you, this mechanism is correctly implemented.
B) trust that you are not in the vulnerable phase where your LED broke and you did not notice yet. (Especially when you rarely use your camera).
A manual, physical barrier, especially an aftermarket one, solves those issues. Personally, I use electrical tape.
There is a risk/reward/effort to look at, putting a small piece of tape is low risk / low effort / high reward (if your company actually angers laptops).
But if you had your entire net worth riding on it, would you trust yourself to be infallibly correct or would you trust something along the lines of a post-it note to be completely sure? You know, if your life depended on it on every single possible model of apple laptop in all circumstances imaginable? (Do we include if your laptop was interecepted and altered by a hostile agent? Because we know that happens too...)
I don't think I even mind, because you've also broken physics and very possibly found a way to generate unlimited electricity forever.
Unless there is an option to send higher voltage to the camera (control the VRM) and increase the current through the LED wear it off quickly for instance. The statement is incredible condescending, esp. given no link to actual schematics.
You make multiple assumptions here
1) You assume that the during the time that passes between the LED breaking and the user noticing, there was not a single attack or a single blunder that caused the camera to turn on and record/capture something that was unintended.
2) You assume that the LED breaks deterministically. The LED can break randomly. Maybe it lights up when nothing is being recorded resulting in a false positive. The user has no way of differentiating between a false positive and a true positive which can result in unintended captures.
3) Similarly the LED can break in a way where it sometimes doesn't light up when something is being recorded even though power is always sent to the LED when the camera is on resulting in a false negative. Again, the user has no idea of differentiating between a false negative and a true negative.
Or your LED might be broken.
I can definitely assess a shutter.
In order to accept this argument I need to trust that you, an internet rando I know nothing about, are telling the truth AND that it'll remain so for any future Apple models. I think no matter how confident you're in your assessment of the current Apple hardware, you can't in good faith argue that they will not change course in the future for whatever reason.
Also, again, they already messed it up once in the past. It won't be hard to imagine that they will do it again some time in the future or already doing so.
IMHO layers of security are good.
On my end I worry about the risks of constantly just leaving my Mac, which has filevault enabled, simply protected by a screensaver. Is that less secure than if I put it to sleep? And presumably turning it off completely is safest?
How do I make informed choices about how much "locking" to do when I step away?
These are all things I think about reading an article like this, and I'd love to hear other's thoughts.
It would be very helpful if you could provide some evidence of that
Deleted Comment
Dead Comment
Deleted Comment
Relying on the light going on after the fact is a much weaker protection, the user may have opted in to always letting an app use a camera and between the 15 or so UIs that the conference apps have the user might miss that it actually turns the camera on unless the button is clicked.
Now if apple were to release an os Level protection that automatically pulls up a screen showing what is shared from the view of the camera and asks for that approval, that would improve this situation.
That doesn’t help for the attack that many people are using here, which is if the software on your machine is compromised.
Removed the piece of electrical tape I had over the camera to find the image was completely blurry from the glue. Good to know if it ever falls off and I don't have tape to replace immediately.
Our company's video conferencing software has multiple "modes" for a conference call, which the moderator could configure. Hardly anyone ever changed the mode, but at one point while trying to configure something unrelated I ended up switching modes in the middle of the conference call. To my horror the software immediately turned on everyone's camera.
Luckily the strain of streaming 40 video feeds to everyone 40 participants pretty much locked up the call, but for a brief moment I was able to enable approximately 40 cameras from people who were just sitting in their houses, who knows how dressed or what was going on behind them (I tried not to look).
I'm pretty sure we can apply Hanlon's Razor here and assume it was just an innocent bug: it's not hard to see how joe programmer might have overlooked the default settings when the mode is changed during some completely unrelated refactor. But whatever the case, as long as video conferencing remains lucrative vendors will continue to pack features into the software, and as long as they keep adding features, they will continue to create additional edge cases to trigger these incidents.
I'm not disagreeing with your other points nor am I saying that this isn't the case nor am I a fan of any apple products... However designed circuits to implement such functionality is quite common.
[0]; https://en.m.wikipedia.org/wiki/Series_and_parallel_circuits
[1] https://www.zdnet.com/article/how-cia-mi5-hacked-your-smart-...
The real alternative to a cover would be a physical on/off button next to the camera which would physically connect/disconnect the camera behind the hood.
In this kind of situations you'll see the LED and you'll know what's happening and you'd much prefer to have a physical cover on your webcam.
(1) With a mechanical shutter, the state of blocking can be trivially and reliably inspected. With electrical control, this is not the case.
(2) A mechanical shutter works by making it physically impossible for the camera to see anything, while powered or not. With any electrical control, this is nit the case.
So, either you use a mechanical shutter, or all bets are off.
Regardless of how bad actors are accessing these photos, its eminently obvious that people are getting webcam photos of them taken without their knowledge.
Or anyone with a basic knowledge of electronics who could verify it.
1. I don't want to broadcast myself during a meeting when I'm not prepared, or perhaps leave a meeting open by accident.
2. If a bad actor does access my camera, I won't necessarily notice the indicator light, especially if I'm not actively using the computer at that moment.
3. I don't trust the indicator light to be permanently unhackable.
Also, if you're using an external display, then how are you supposed to notice the green light on the MacBook sitting next to the display?
That Apple article is nonsense. I put a black tape over the camera and I know nothing including hacks can broadcast unintended scene. It's easy to remove the tape when I actually have to which isn't too often for me.
They have a small slider with the camera protection "glass" build in which can cover the camera and will "show" a red dot if it's covered.
1) Block the camera and hope the microphone is on mute 2) Hope the camera isn't on and home the microphone isn't on 3) Not have the mac at all
Clearly 1 is better than 2.
I'm in a lot of remote meetings, and wouldn't want to be accidentality presenting without expecting to.
I still think the best solution would be to have no builtin camera or microphone. Just have something like the iSight that you manually and thus willingly connect to your thunderbolt. Works with your external monitor as well and you can orient it the way you like. It would also have better overall image and sound quality (low light, more shallow depth of field, etc.). And on the plus side for Apple and its shareholders, it's another $499 essential.
I cover my camera to avoid that 5s mental dance at the start of every meeting.
Also, I am really worried about microphones. I have 2 google homes, 6 siris (iPhones and apple watch), a portal, a number of macbook pros and airs, a PS4, ... any of these devices could be listening to me at all time :/
[1]: https://geekologie.com/2020/03/poor-jennifer-woman-takes-lap...
That way I don't have to worry about my annoying my colleagues by my mechanical keyboard, occasional excess gas events or similar.
If my computer is compromised to the point where an attacker can access my camera and microphone, information from my camera and microphone are the least of my problems.
Sure, someone could grab all my files, email, etc. That would be damaging.
But if I'm having a sensitive conversation in my home/office with someone and the camera and/or microphone come on, that could be damaging as well.
FWIW, I use a camera cover and Oversight[0] to tell me when an application uses the camera or microphone. It doesn't prevent it from happening, but at least I'm aware if something is going on. The weirdest thing I've seen yet is that the iOS Simulator uses the microphone.
[0] https://www.objective-see.com/products/oversight.html
But if I was giving a computer to a 12 year old or 16 year old - what else is the hacker going to take? Their online gaming account?
Camera covers have nothing to do with identifying compromise. They are strictly for preventing compromise. This is exactly opposite what a camera indicator light does, and thus the indicator should not be considered a "workaround" for not being able to install a camera cover.
Now what I want is a hardware microphone switch, where the off state actually connects to a noise generator.
The Huawei Matebook has the camera as a hidden popup under one of the F-keys.
The Xiaomi Redmibook goes one step further and omits the camera+mic entirely!
This could be solved in software at the OS-level with a permission dialog that popped up every time the camera was asked to be activated (as opposed to an ongoing website permission). Which would be overly annoying for most, but appreciated by a privacy-conscious minority.
But unless Apple ever did that (doubtful), once you see the green light it's already too late.
It does make me wonder if something like that could ever be done with a kernel extension or similar?
Apart from that, I would be absolutely amazed if there isn't at least one failure mode of the led itself that allows the camera to turn on despite no light being emitted. Probably too rare for most people to worry about, but still.
I really get why people want a cover, and I think Apple are being a bit disingenuous trying to convince people they don't need one. It's fine they warn about the danger of cracking the screen, but that entire "we protect your privacy spiel" was rather terrible, and also quite misleading as you so clearly pointed out!
I'm a fan of using painters tape.... pretty low profile, easily removed, stays on really well. Also the weird blue glow you get when the camera is on tells you pretty quick "Hey there's a cover on there" where sometimes with the all blackout covers ... I can't tell.
I renew my calls for all devices to have an led indicator (good on Apple here) and a physical switch that cuts power to mics and cameras for all devices with them. With the endless layers of software we have today, I have trouble trusting anything but cutting power.
The cleverest solution I've seen that is 1.) easily toggled, and 2.) harmless to screens is a coworker who built a little vinyl veil that attaches to the top back of their monitor. They can flip it forward to cover the camera, or flip it back to use it. But if you close even the tightest of lids with a couple microns of vinyl in there, it's harmless. Bada-bing, problem solved, and they only used a penny or two worth of materials.
Specifically, this is the webcam cover I was using:
https://www.amazon.com/dp/B07C24NBGL/ref=cm_sw_r_sms_apa_i_T...
I actually just tested it, and the cover doesn't even make contact with the lower half of the MacBook when closed. The cover fits into the trackpad area, which is recessed. I don't see how it could possibly damage the screen without me putting enough pressure on it where the screen would have been damaged regardless.
Does the 16" have a shallower trackpad or a thinner rubber gasket around the screen than the 13" and 15" models? Even for Apple, it sounds insane that they would create something so fragile it could be broken by a 0.02" piece of plastic.
One of the photos shows them be about as thick as a credit card.
With many other Laptops in that price range you would either have to use a very fat cover or apply a amount of pressure which might damage your laptop anyway. I just tried it (carefully) with my laptop and the screen has enough "play"/"flex" to handle it just fine.
PS: Fun fact as far as I remember a number of webcams with LED indicator allow (or did allow in the past) anyone using the camera to switch off the indicator without stopping using the camera...
While this is still true for many laptops, it hasn't been true for MBP for at least the past 5 years (cannot be bothered to find the exact year), even if someone has full root access to the machine. I say that, because the camera LED on MBPs these days is hardware activated, not software. So if the camera is active on hardware level, the LED indicator will go green, no matter what.
It could be, but I wouldn't base it off just Apple having a warning about it.
I'm weird though, I'm one of those people that needs to have their arm twisted to use their camera.
Once I got my mbp back, I added the camera cover again (stupidly). The next day I opened my mbp, and had a line down the center of my screen. That is when I realized what had happened. I then told Apple exactly what I think happened. And to their credit, the replaced it (again) for free.
Over the next weeks, I received 3 different calls from Apple staff, with seemingly increased responsibilities. They all asked detailed questions investigating what I thought happened and in what sequence.
I am not surprised to see this support article.
The latest MBPs are exceedingly fragile, can't run two displays from separate TB controllers without throttling, and have had more DOA batteries than any series I've ever encountered to date. This isn't even getting into other models.
How powerless is their QA that they'd let Operations dictate design unchecked? It feels like externalising their expenses taken a leap too far.
My company provides a ~1.2mm thick plastic cover with a little slider inside. I didn't even trust it enough to be used on a thinkpad, much less a macbook
What I do now is either ripping off a small piece of the sticky top of sticky notes (keep the remainder for later reuse) or a piece of washi tape.
I look forward to getting extorted by hackers threatening to tell the world what my ceiling looks like.
[0]: https://supporters.eff.org/shop/laptop-camera-cover-set-ii
[1]: https://www.amazon.com/C-Slide-Sliding-Computers-Chromebooks...
[2]: https://i.imgur.com/P264KiI.jpg