[atonse]

From my understanding, Apple has done sort of what you're asking for, they've hooked up the physical wiring of the camera LED to the camera itself, so it is physically impossible to power the camera without the LED being turned on (as opposed to the "turn on LED" being part of firmware logic that could be hacked).

[Wowfunhappy]

This is a better solution overall, as it's "by default". A hardware switch relies on the user to be privacy conscious. An LED which is physically connected to the camera circuit (!) is immediately noticeable if it turns on unexpectedly.

[rxhernandez]

As a layperson in this arena, I'm skeptical as to whether it's a great solution. Is it possible to turn the camera on and off very quickly? If so, a smart hacker could do that really quickly and if the owner ever notices they would probably think there is a problem with the electrical rather than thinking they are being monitored.

[seandougall]

> Is it possible to turn the camera on and off very quickly?

Not particularly. At least on my 2015 rMBP, using code that I wrote (so I know it's not doing anything extraneous), the light is on for about a quarter of a second before the first frame is returned from the camera. This is because the LED is literally showing you when the camera has power (which includes any sort of handshake with the system), not just when it's capturing frames.

Is that enough that a user who's really concentrating on the screen will nonetheless see the light come on? Not necessarily. But GP has a good point about this being a feature that doesn't rely on the user being proactive.

[jacobush]

It's a USB camera. It needs more time than a flicker to turn on and start producing frames. I don't think you could do as you said and still have the camera both work and the LED be dim.

[kelnos]

The camera on Macs has actually been a PCIe peripherafor quite a few years now. But your point stands; it still takes a good second or so after the LED turns on for the camera driver to start producing frames to userspace.

[anyfoo]

How long did it take you, a self-proclaimed layperson, to come up with the idea of quickly pulsing the camera? Now, how likely do you think it is that someone who's actively trying to prevent camera shenanigans would think of this idea as well, and mitigate by e.g. introduce delays or latch the light on for a couple of seconds?

[rxhernandez]

How likely? Who knows? It could be an intern that implemented it for all we know. I've seen more critical things implemented by interns at a medical device company I was previously at. Do you sincerely think Apple is more concerned with secure operation of a camera (that people are going to put tape over anyways if they are that concerned with security) than a full fledged (successful) medical device company is with medical devices?

Moreover, even if it wasn't an intern, how experienced do you think the engineer is at understanding human behavior in response to hacks? Many engineers I have met have difficulty conversing with other people and have even more difficulty in actually understanding their behavior. I can almost guarentee you that even switching it on and off at slow rates will convince most people that there are electrical issues.

Also do you honestly think the average electrical engineer is that well-versed with hacking paradigms? I would conjecture that software engineering is one of the leading fields to be a gateway to understanding hacking and during my electrical engineering degree, most of them acted like writing software was a nuisance they had to do to get through the degree. Hell, even most of the lab instructors we had from JPL looked down on software engineering and talked the same way to bad EE students that a cliche high school instructor would talk to bad high school students; instead of telling them, you better like asking, "do you want fries with that" they would say (in the same tone), "you better be good at writing software."

How do you even know what the budget for the department the engineer is in? How do you know they have the budget to spend weeks on securing a camera most security minded people are going to put tape over anyways? How do you know it wasnt some off the cuff, in a meeting comment, saying I can implement this feature in an hour and everyone was like that's nice, you should do that and the thought of security never went further than that?

Unless you were there, you dont have the slightest clue as to how well thought out the whole thing is.

[0x0]

If you install Oversight, you can get persistent notification center alerts for most mic and cam activations (of course, it likely won't help if you have targeted malware that knows how to disable/uninstall Oversight) - https://objective-see.com/products/oversight.html

[deca6cda37d0]

Or MicroSnitch

https://www.obdev.at/products/microsnitch/index.html

[sangnoir]

LED brightness is controlled by pulse-width modulation: at low frequencies, the camera LED would appear dimly lit. A more sophisticated approach might be to combine gaze detection to ramp-down frequency if someone is looking towards the camera/LED.

[kickopotomus]

PWM reduces average power. If the LED is on the same circuit as the camera, I don't know how successful you will be at powering the camera while trying to dim the LED.

[kevin_thibedeau]

A momentary flicker would not be perceptible in a lit room.

[ljm]

A momentary click on a phone line was also imperceptible... until it wasn’t.

You might not even see the flicker but if you catch it in your peripheral vision often enough, or you found out someone else was caught by it or it hit the news big time, you’d suddenly become more suspicious about that momentary flash. Maybe even paranoid.

[EGreg]

It is just like the small hacks that are possible with ANY of these “require UNRELATED user interaction” things.

Like being able to speak “” when the user clicks. Or something really short or kind of unpronounceable like “,,,,”. Apple could of course try to require the first speech to always be long enough to be unmistakably speech. But otherwise ANY user interaction is enough to enable ANY speech.

The alternative would he to have dialogs for everything: “would you like to turn on the camera?” “Would you like to let this website use speech to text?” “Always remember my choice for this domain”.

Seems giving the user a master switch that overrides things, and letting websites detect this and complain, doesnmr have many downsides but has tons of upsides.

And then of course there is browser fingerprinting. It’s now really hard to turn it off without breaking tons of sites that care about the width of your window (size of your phone) and your operating system, and so on

[kgwxd]

This is not a better solution overall and there's no reason we can't have both, other than manufacturer design choices. How often are you looking directly at your camera? Even if you are, once the camera comes on unexpectedly, it's too late.

[Wowfunhappy]

> How often are you looking directly at your camera?

On my Mac, I find the LED very noticeable when it comes on unexpectedly! It's bright and green and not part of my screen. And yes, this has actually happened to me!

> Even if you are, once the camera comes on unexpectedly, it's too late.

Nah, they saw a few frames—they're very unlikely to be useful. What's more important is knowledge.

I agree we could have both, but each of these features does have a financial cost. I consider the LED significantly more important.

[justinclift]

Doesn't really cover situations where the computer is in a persons bedroom (common with eg: teenagers), and not powered off overnight.

[XCSme]

I remember there was a story saying that it's possible, via software only (due to a "bug" and some "poor" hardware design), to turn on the camera without activating the LED.

[Nextgrid]

It used to be that the LED was controlled by firmware. As far as I know this is fixed now but I haven't proven it myself.

There are leaked schematics of MacBooks online (that unofficial repair shops use) so if you want to investigate this I'd expect it to be a good place to start.

[css]

https://jscholarship.library.jhu.edu/handle/1774.2/36569 (2013)

[seandougall]

Published in 2013, but describes "the Apple internal iSight webcam found in previous generation Apple products including the iMac G5 and early Intel-based iMacs, MacBooks, and MacBook Pros until roughly 2008".

[skybrian]

That's useful, but it's not as reassuring as a hardware switch where you can see it work.

(For video, anyway. I don't see any similar solution for audio.)

[ehsankia]

Two reasons why switch is better:

1. If it does happen to light up, what would you do, turn off your computer? That's shitty.

2. What if your AFK and aren't looking at the light?

[ljm]

A switch plus a notification (as opposed to modal prompt) if you try to get into video/audio calls but forget to flip it back. Just to remind you that you’re trying to enable video/mic but have the hardware switched off.

[toxik]

Arguably better to be aware of the breach than prevent one sensor from leaking too.

[jonny_eh]

What about the mic?

[SlowRobotAhead]

FWIW... I bet you could power the camera, get a still frame at 60fps, shut it down, and not see the led come on. It would be 1/60, 16ms plus or minus the amount of overhead needed, plus autofocus and exposure correction might make it impractical, but it’s definitely not a bulletproof fix.

[heavenlyblue]

Apple could simply make the camera take 1 second to activate.

[SlowRobotAhead]

Slow spool up embedded devices... we’re moving backwards :)

[heavenlyblue]

If Google Calendar thinks it’s OK to set a 500ms animation on opacity for event edit dialog - then it doesn’t seem like a 1 sec spooling for a webcam is too much :)

[cstejerean]

How much would you bet?

[SlowRobotAhead]

Considering I have a device here that has an I2C camera and in firmware I can turn it on and off at right around 25ms, I’d consider betting quite a bit.

Instead of being snarky, how about you explain why this isn’t possible. Even if it was 100ms almost no one would catch that.

[cstejerean]

I’m not being snarky, and we’re not talking about some random device you have. We’re talking about the camera on a Mac. The bet is that you can’t turn it on and off so fast as to be un-noticeable because there is a noticeable delay between that light turning on and getting an image from that camera. So I’ll gladly take the other side of that bet.

[outworlder]

> From my understanding, Apple has done sort of what you're asking for, they've hooked up the physical wiring of the camera LED to the camera itself, so it is physically impossible to power the camera without the LED being turned on

Correct. And that was my reason for NOT covering the camera. Because I would be able to see if it was on due to some malware. However, I did not expect a vulnerability like Zoom's, where a simple website would be able to trigger a webcam. Combined with external monitors, the LED would be potentially missed for a good amount of time. So I've reversed my position since then.

[t34543]

I’ve read this as well but my macbook senses ambient light and adjusts my backlight accordingly. Isn’t this through the camera - with no LED?

[klodolph]

The ambient light sensor is right next to the camera, I think it's usually to the left. It's a bit hard to test since they're close together. Macs have had ambient light sensors for a long time. For example, take an old iMac and put it to sleep. The power light will pulse with a period of about 2s, and the brightness will depend on the ambient light level.

Edit: Just tested on my MBP. Opened photo booth, covered the camera with my thumb, shone a bright flashlight at the point just left of the camera. The display got brighter but Photo Booth showed no changes in what the camera was seeing.

[Analemma_]

No, the ambient light sensing is done with a light sensor on the body - look for the tiny hole drilled into the chassis. It doesn't use the camera.

[ljm]

Remember when they did that for your battery power indicator! With a little button to trigger it.

[eightysixfour]

https://apple.stackexchange.com/questions/347895/where-is-th...