zlacker

[return to "Malware can turn off webcam LED and record video, demonstrated on ThinkPad X230"]
1. sbarre+T1[view] [source] 2024-11-27 20:27:36
>>xairy+(OP)
I thought the whole point of these camera LEDs was to have them wired to/through the power to the camera, so they are always on when the camera is getting power, no matter what.

Having the LED control exposed through the firmware completely defeats this.

◧◩
2. moritz+6e[view] [source] 2024-11-27 21:50:25
>>sbarre+T1
Since some sort of firmware is required, this seems like a "turing tarpit" security exploit from my laymans perspective.

There's no standard that I know, that, like "Secure EFI / Boot" (or whatever exact name it is), locks the API of periphery firmware and that would be able to statically verify that said API doesn't allow for unintended exploits.

That being said: imagination vs reality: the Turing tarpit has to be higher in the chain than the webcam firmware when flashing new firmware via internal USB was the exploit method.

◧◩◪
3. axoltl+ij[view] [source] 2024-11-27 22:32:16
>>moritz+6e
No firmware is required. Macbooks manufactured since 2014 turn on the LED whenever any power is supplied to the camera sensor, and force the LED to remain on for at least 3 seconds.

(Source: I architected the feature)

[go to top]