First, you have to trust Apple that the indicator _really_ can't be disabled. You also have to trust that there isn't a vulnerability Apple is not aware about that could allow rolling the camera without the light coming on. This has happened in the past [0] and there are known Apple products that are vulnerable, yet the statement never mentions this making you believe it's impossible.
Second, once the camera light is on, the data has already been captured. The light just told you about it, not prevented it. The plastic cover or a piece of tape does prevent it even if your laptop security is compromised.
Third, in a world where remote conferences are more and more common, more and more software doesn't do a very good job at letting you know when it's about to enable your camera. You might click on a link to an all hands conference to listen in while you're changing only to have the software helpfully enable the camera and broadcast you for the rest of the company. I believe in big conferences organizer may sometimes control other ppl's camera as well. You can totally imagine a scenario when the organizer misclicks and enables the camera for the wrong person instead of a scheduled presenter.
> First, you have to trust Apple that the indicator _really_ can't be disabled. You also have to trust that there isn't a vulnerability Apple is not aware about that could allow rolling the camera without the light coming on.
I have made this point several times throughout this thread, so I apologize for repeating myself:
Every laptop Apple has manufactured in the last ten years has an LED connected to the same circuit which powers up the camera. You cannot send power to the camera without also sending power to the LED, which will in turn cause the LED to light up. Unless the LED is broken, in which case you will know because it will never light up.
If you manage to find a vulnerability in this system, I don't think I even mind, because you've also broken physics and very possibly found a way to generate unlimited electricity forever.
> Every laptop Apple has manufactured in the last ten years has an LED connected to the same circuit which powers up the camera.
At the very least, I need a citation or an official statement. Because clearly, this has not always been the case [1]:
We describe how to disable the LED on a class of Apple internal iSight webcams used in some versions of MacBook laptops and iMac desktops.
[..] our investigation of the iSight revealed that it is designed around a microprocessor and a separate image sensor with an indicator LED sitting between them such that whenever the image sensor is transmitting images to the microcontroller, a hardware interlock illuminates the LED. We show how to reprogram the microcontroller with arbitrary, new firmware. This in turn enables us to reconfigure the image sensor, allowing us to bypass the hardware interlock and disable the LED.
[..] iSight webcam [was] found in previous generation Apple products including the iMac G5 and early Intel-based iMacs,MacBooks, and MacBook Pros until roughly 2008
Whatever reason Apple had to design the camera system this way back in 2008, is probably still a valid reason (cost, hardware simplicity, spacial constraints etc.). It means Apple and others have incentives to build camera systems that are easier to compromise. It's enough for me to worry.
So is trust. You can’t possibly audit the source of every piece of software that touches your life, even if all of it were open source. Hell, things like Heartbleed or Shellshock sat in OpenSSL / Bash for 5-10 years.
If you don't trust an open-source program due to the possibility of e.g. Heartbleed, then it's only reasonable to trust closed-source software (e.g. the majority of macOS, including in all likelihood the parts of it controlling the camera) even less.
What if only the camera is allowed to shut itself down and never responds to such requests if they happen weithin the first one second after it has been powered on
You could connect the led to a capacitor, which would be charged when camera is connected to power, and would discharge powering the led for a few more seconds after power is disconnected.
But yeah, I wouldn’t trust a led, because I can’t reverse engineer the circuit that’s in my particular device.
It is extremely unlikely (in the human terms - not possible) that LED would break in such a way that it transmits the power and not emit light at the same time.
Of course the LED can be installed in a parallel connection on the circuit, but I read the op statement as it is not the case.
"Let's devise a way to purposefully burn the LED in such a way that current can go through." We have to keep in mind that not everything has to be by accident :) I have no idea how likely it is to be possible, though, you've got a point.
Why did you read that it's not the case? I read the opposite. That if the LED broke, you'd notice it because your camera would be on and the light would be off.
I would bet on the LED being parallel - otherwise sending more current through it will burn more power, generate more heat, and likely cause it to wear faster.
I think the point though is that it's not software controlled in any way: powering on the camera lights up the LED, and there's no way to bypass that with only software. Or at least that's the claim.
The problem is that the average user has no way to verify this and also the light doesn't prevent the camera from turning on, it merely notifies you that the camera is on.
A manual, physical barrier, especially an aftermarket one, solves those issues. Personally, I use electrical tape.
> ”the light doesn't prevent the camera from turning on, it merely notifies you that the camera is on.”
No, but the OS prevents the camera from turning on without permission from the user.
(There have been bugs/compromises to this in the past, but at the browser level - you still had to give camera permission to the browser)
Besides, if you’ve got some compromised or surreptitious software on your MacBook trying to secretly take photos, you probably have much bigger security problems to worry about than just what it can see through the camera.
Without worrying about malware, several times I've clicked on some Skype like program while trying to make a voice call only to find it trying to transmit ugly video of me.
Valid point. I have to admit I'm a bit "video call vain" as well. I like to make sure my hair doesn't look too crazy and my room doesn't look too messy before getting on zoom/skype/etc. But one thing the last few months has taught me is that many of my friends/colleagues/family really don't care about these things!
Yeah, I'm not even worried about malware, I'm more worried about joining a call with video on by mistake using a legit program.
I mean, the thing is that I never want to use video on calls, basically. Waste of bandwidth and no worry about broadcasting the wrong thing by mistake.
You’re focused on the wrong part of the chain here. As the camera system is only as weak as it’s weakest link, if Apple indeed made a circuit connected to the LED (and I fully trust you on that), then the weakest link is elsewhere: company provided laptops are often altered prior to be given to an employee. I know of colonies who install software to track messages etc. What’s to say the same companies don’t alter the circuit board to modify the LED behavior?
There is a risk/reward/effort to look at, putting a small piece of tape is low risk / low effort / high reward (if your company actually angers laptops).
If they take the efford to alter the circuit they might as well place a camera somewhere else, listen to all your network traffic, install a (hardware) keylogger and what not.
I think you are taking this too far.
People who fear to be tracked buy a laptop in a random store and don't use a provided one.
What about company laptops,where you're much more likely to be targeted based on your job, not your personality.
Snowden already showed us the depths that governments will go to, to compromise their victims with hardware swaps and worse. And it's already been 7 years. They're even better at it now.
> What’s to say the same companies don’t alter the circuit board
The realities of modifying hardware. Is it possible? Sure. Is a company going to do it routinely at scale? Highly unlikely, because unlike software modifications, this would be pretty expensive. Are you aware of any companies that routinely do _hardware_ modifications on employee Macbooks?
Not aware of any that do that for laptops but I know 2 personally that do that for phones. They have a collection of devices (phones) trash to go, so it’s not as unscalable as I initially thought because they re-use the devices.
So I’m assuming if some do it for phones, must be some doing it in laptops.
Again. It’s all about probabilities. 1/ What’s the likelihood of the company doing that? Close to none.
2/ what would be the severity of the issue if they were doing that for me? Very high.
3/ what’s the effort level to prevent that? Very little.
Why do I even have to trust Apple and physics here? Why can't Apple just provide a physical lid for the camera to disable it. Why even take that chance.
I happen to have (collecting dust somewhere...) one of those old Firewire webcams Apple made. It has a physical shutter you can open and close by rotating the front. It's about as beautiful and elegant as it gets.
If Apple still cared about beautiful and elegant products, it could surely find a way to incorporate a miniaturized version of that in a Macbook.
I trust you absolutely and toally on this. Why wouldn't I?
But if you had your entire net worth riding on it, would you trust yourself to be infallibly correct or would you trust something along the lines of a post-it note to be completely sure? You know, if your life depended on it on every single possible model of apple laptop in all circumstances imaginable? (Do we include if your laptop was interecepted and altered by a hostile agent? Because we know that happens too...)
Devil's advocate: If our threat model includes your laptop being tampered with by an evil maid competent enough to imperceptibly modify the camera LED circuit, couldn't they just install a separate camera elsewhere (maybe in one of the speakers)?
Or they put you to sleep in a way where you have no memory and place the bug inside your body. You can go on like that forever. So leave your doors unlocked because you can't ever be 'safe' right? Obviously not.
There's a scale from dead easy to more difficult to very dificult. Easier to get you is a bigger problem. Cheap & easy to prevent - well why wouldn't you? It's asymetric.
Wouldn't you feel hilariously stupid if someone modified your camera circuit when interecepting your laptop and you actually didn't stick a post-it over it to thwart their dastardly plans.
The point here is making the kind of claims made about LEDs and camera circuits is really, really easy when telling other people what is not a risk. When you carry that risk - ie "all possible models and other threat vectors" suddenly you should not be so sure anymore. A physical cover is better, easier, cheaper and basically infallible for what it is advertised to do. Asymetric payoffs are worth noting. A genunine plausible risk scenarios are all you need to take a /trivial/ mitigation step.
Apple making trivial mitigation steps harder is really, really, really stupid. In fact, beyond merely stupid, it's unwittignly and incompetently user-hostile. (Unless you think they're design process has been infiltrated by the NSA or something, which I guess is at least possible, but I think it unlikely in the face of utterly incompetent idiocy - which Apple do display from time to time).
Please, share the circuit for the LED. To take a picture, it takes 4ms - a human eye would not even register that LED turning on.
I don't think I even mind, because you've also broken physics and very possibly found a way to generate unlimited electricity forever.
Unless there is an option to send higher voltage to the camera (control the VRM) and increase the current through the LED wear it off quickly for instance. The statement is incredible condescending, esp. given no link to actual schematics.
In the past, this was exactly how it was done. Here's an article on the FBI doing it with an Apple webcam six years ago [0].
Should be noted that was after Apple went to the effort of making a hardware delay to try and force the LED to turn on first, but it was still worked around.
It doesn't have to be milliseconds. Most of people don't sit and stare on the camera all day. I have multiple displays and turning camera for a second when I am looking at another display - or even the laptop one but concentrating on something on the screen, especially the lower part - would slip my attention very easily. Or I might notice something off with peripheral sight, but it is very inexact and while I turn my head to bring it into the field of sight where I have a good resolution, it could be already gone. Of course, the cover has none of these problems. If it's covered, then it's covered.
You mean current, right? And it'd have current limit circuit, at a resistor but likely a slow start circuit entirely? Unless you share the schematics, it's an empty argument.
This used to be a thing, where you’d flash the LED briefly and hope the user didn’t notice. But new Macs prevent this by having a minimum duration the light will remain on.
FWIW I tried using the command line utility isightcapture on my 2019 macbook, and the LED turned on for 4-5 seconds and I got a dialog asking if I wanted to allow access to the camera. So this seems to be true.
I still have a camera cover though
> You cannot send power to the camera without also sending power to the LED, which will in turn cause the LED to light up. Unless the LED is broken, in which case you will know because it will never light up.
You make multiple assumptions here
1) You assume that the during the time that passes between the LED breaking and the user noticing, there was not a single attack or a single blunder that caused the camera to turn on and record/capture something that was unintended.
2) You assume that the LED breaks deterministically. The LED can break randomly. Maybe it lights up when nothing is being recorded resulting in a false positive. The user has no way of differentiating between a false positive and a true positive which can result in unintended captures.
3) Similarly the LED can break in a way where it sometimes doesn't light up when something is being recorded even though power is always sent to the LED when the camera is on resulting in a false negative. Again, the user has no idea of differentiating between a false negative and a true negative.
> If you manage to find a vulnerability in this system, I don't think I even mind, because you've also broken physics and very possibly found a way to generate unlimited electricity forever
> Every laptop Apple has manufactured in the last ten years has an LED connected to the same circuit which powers up the camera. You cannot send power to the camera without also sending power to the LED, which will in turn cause the LED to light up. Unless the LED is broken, in which case you will know because it will never light up.
In order to accept this argument I need to trust that you, an internet rando I know nothing about, are telling the truth AND that it'll remain so for any future Apple models. I think no matter how confident you're in your assessment of the current Apple hardware, you can't in good faith argue that they will not change course in the future for whatever reason.
Also, again, they already messed it up once in the past. It won't be hard to imagine that they will do it again some time in the future or already doing so.
This is admittedly a bit of a movie plot threat, but could an evil maid attack rewire this, then later malware takes advantage of the rewiring?
IMHO layers of security are good.
On my end I worry about the risks of constantly just leaving my Mac, which has filevault enabled, simply protected by a screensaver. Is that less secure than if I put it to sleep? And presumably turning it off completely is safest?
How do I make informed choices about how much "locking" to do when I step away?
These are all things I think about reading an article like this, and I'd love to hear other's thoughts.
Yet Dell and some other laptop manufacturers started to include a physical privacy slider right in the hardware. Considering Apple stance on privacy, I hope they consider this at some point.
I think the third point is especially strong argument for having the cover. It gives you a second physical layer of security rather than possibly a button you might automatically click away and it gives you the opportunity to join the call first and then decide to actually share (e.g. if the setting is more formal than expected or if the other side isn’t sharing).
Relying on the light going on after the fact is a much weaker protection, the user may have opted in to always letting an app use a camera and between the 15 or so UIs that the conference apps have the user might miss that it actually turns the camera on unless the button is clicked.
Now if apple were to release an os Level protection that automatically pulls up a screen showing what is shared from the view of the camera and asks for that approval, that would improve this situation.
> Now if apple were to release an os Level protection that automatically pulls up a screen showing what is shared from the view of the camera and asks for that approval, that would improve this situation.
That doesn’t help for the attack that many people are using here, which is if the software on your machine is compromised.
I didn’t refer to that concern, that’s a different discussion - in a corporate setting the policies might help avoid that by limiting what can be installed.
where they don’t help is accidentally activating the camera and only realizing afterwards. That’s a UX issue with so many different video conference technologies that all behave slightly differently.
I had to switch on my camera for a video call for the first time yesterday. (I can usually get around it and do audio only)
Removed the piece of electrical tape I had over the camera to find the image was completely blurry from the glue. Good to know if it ever falls off and I don't have tape to replace immediately.
Many high-end camera stores sell Gaffers tape. It is used extensively in the film industry exactly because it almost always leaves no residue. And what it does leave (in my experience) comes off very easily.
Our company's video conferencing software has multiple "modes" for a conference call, which the moderator could configure. Hardly anyone ever changed the mode, but at one point while trying to configure something unrelated I ended up switching modes in the middle of the conference call. To my horror the software immediately turned on everyone's camera.
Luckily the strain of streaming 40 video feeds to everyone 40 participants pretty much locked up the call, but for a brief moment I was able to enable approximately 40 cameras from people who were just sitting in their houses, who knows how dressed or what was going on behind them (I tried not to look).
I'm pretty sure we can apply Hanlon's Razor here and assume it was just an innocent bug: it's not hard to see how joe programmer might have overlooked the default settings when the mode is changed during some completely unrelated refactor. But whatever the case, as long as video conferencing remains lucrative vendors will continue to pack features into the software, and as long as they keep adding features, they will continue to create additional edge cases to trigger these incidents.
> First, you have to trust Apple that the indicator _really_ can't be disabled.
I'm not disagreeing with your other points nor am I saying that this isn't the case nor am I a fan of any apple products... However designed circuits to implement such functionality is quite common.
I wonder if the TrueTone sensor (which is most likely similar to a 1-pixel "camera") can be used to determine if the user is near the laptop, then only turn the camera on when you think they're not paying attention.
This one is one of the most solid points. Remember Tim Apple saying "When we work on making our devices accessible by the blind, I don't consider the bloody ROI."?
Not to mention the CIA had an exploit for Samsung TVs that recorded audio even when the TV seems to be turned off[1]. It is better to have peace of mind by blocking the camera physically.
> Kenneth White, a security researcher and cryptographer, told The Intercept that smart TVs are a "historically pretty easy target," and that there is "zero chance" that the CIA targeted only Samsung.
I agree, the official statement is comparing pears and apples. A led gives you no control.
The real alternative to a cover would be a physical on/off button next to the camera which would physically connect/disconnect the camera behind the hood.
I also thought about another point recently. Many companies hand out Apple laptops with pre-installed software to their employees. It's not entirely unrealistic to imagine that some of the pre-installed software is intended to spy on the employees to make sure they don't use company hardware to do anything weird and takes screenshots and camera shots occasionally.
In this kind of situations you'll see the LED and you'll know what's happening and you'd much prefer to have a physical cover on your webcam.
Any points like "but the LED is directly fed from the power line" are moot.
(1) With a mechanical shutter, the state of blocking can be trivially and reliably inspected. With electrical control, this is not the case.
(2) A mechanical shutter works by making it physically impossible for the camera to see anything, while powered or not. With any electrical control, this is nit the case.
So, either you use a mechanical shutter, or all bets are off.
You have to use some operating system at the end of the day, and vulnerabilities can impact any of them. You might as well trust Apple as much as the next company, since all of them are liable for millions of lines of code, and it's likely they all presently have undiscovered vulnerabilities.
Not sure what you are asking? As far as I can tell, hackers hack like fish swim. We just do. For a multitude of reasons.
For many people, me included, if you wanted to give me a bunch of money to do something and I bit, not that I would nowadays, that could actually lead to a loss of motivation.
As for vulnerabilities, many open source projects responds to them much quicker that industry. Say for pride in their work. as one motivation.
Pride can be fleeting. There's certainly advantages and disadvantages to depending on security patches from a paid organization and from volunteers. Regardless of which OS you use, you will need one that regularly patches its vulnerabilities.
They trust the physics, simplicity and verifiability of a cover more than they trust the invulnerability of Apple's black-box software & hardware implementation.
there are ways to get over other forms of trust, for example: use being pseudoanonymous. There is no way around video, unless you happen to wear a mask.
I used to work at Discord. There's a reason virtually every Trust and Safety (the division that handles online harassment cases) Associate has a physical covering over their webcam.
Regardless of how bad actors are accessing these photos, its eminently obvious that people are getting webcam photos of them taken without their knowledge.
I was very skeptical of the camera covers, but then through conversations with some of my co-workers, I realized that they weren't being used because people were worried about spies secretly turning on the camera. It was 90% of the time just peace of mind that their camera was actually off, instead of having to find the sometimes hard to see options in video chat programs etc.
Exactly this. I use one for these reasons, in descending order of practical concern:
1. I don't want to broadcast myself during a meeting when I'm not prepared, or perhaps leave a meeting open by accident.
2. If a bad actor does access my camera, I won't necessarily notice the indicator light, especially if I'm not actively using the computer at that moment.
3. I don't trust the indicator light to be permanently unhackable.
Right. And some apps like WebEx turn on the camera by default, which is insane but happens and until you click to turn it off, you're live.
Also, if you're using an external display, then how are you supposed to notice the green light on the MacBook sitting next to the display?
That Apple article is nonsense. I put a black tape over the camera and I know nothing including hacks can broadcast unintended scene. It's easy to remove the tape when I actually have to which isn't too often for me.
>Right. And some apps like WebEx turn on the camera by default, which is insane but happens and until you click to turn it off, you're live.
Not to mention apps that do it "right" like Hangouts that enable the camera for you to preview your video feed before you're actually live. Could be pretty confusing/concerning for someone who isn't used to an app (and when it broadcasts you or not) and sees the light come on. A cover takes that whole thought worry-pitfall out of the possibilities.
Tape? I bought 10 little plastic sliding cover things on Ali Express for <£2. Unless you're on a 100% China boycott (which I assume wouldn't permit a MacBook anyway) I don't see a reason not to use them. They're fine, permanent, had for 3 years and not fallen off or anything.
Same on all counts, though I went a step further and wired in a microminiature slide switch to completely power off the camera. That way applications see "no camera" unless I go out of my way to power it on. I painted the "on" side of the switch in retroreflective paint so I can see when it's on at a glance too, whether the camera is in use or not. This was on a thinkpad though, I doubt macos would tolerate a disappearing camera.
It totally does, internally the camera is just connected over USB. (I can tell you it copes with a disappearing camera because mine disappeared a while ago and never came back)
Sadly no pictures of the insides. I'll give you a description though. I cut a trace on the camera module (should have cut the cable instead on second thought) and soldered in two bits of enamel wire that go to a slide switch. Clipped a little bit of plastic off the lid so the switch was accessible, blind-drilled two tiny holes in the lid for the alignment pegs of the switch to go into, and glued it in place. I then did the painting with a very fine brush under a microscope. The wires are routed around the camera module and the switch is to the left of the camera, in order not to interfere with the little LED on the right of the camera that illuminates the work area. The outside looks like this (I didn't bother cleaning up the cut-off plastic edge): https://imgur.com/a/UpB1dJn
I've actually been on calls when the person did not want to show their webcam (and I had never seen them face to face) and did not notice they were showing their webcam due to having several screens.
I don't trust their implementation of a hardware link that is both reliable and truly un-exposed to software because I don't have the expertise or time to interpret their implementation, and even if I did, I don't trust that nothing about it will become vulnerable in any MacBook model going forward into the future. I don't think point 3 is moot in any practical sense.
The only way to physically get electricity to the camera unit, to be able to get any data from it is to pass that electricity through the indicator LED.
Multiple teardowns have confirmed that it's a hardware path that software cannot modify.
Right, so as time progresses news comes out about said hardware being hacked. I think you've validated his point. 5 years from now we will see how today's cameras have been hacked.
This was a known weakness back then, not some amazing breakthrough, and unless the vendors are actively lying about the hardware there's no way for someone to “hack” the power connection without a soldering iron.
This should really be the standard for laptop webcams. The T480 webcam cover is flush with the bezel and you barely even notice it because it's so subtle. One of my favorite features.
Yeah, I have the X1 Carbon and there is nothing that is ever going to make me as comfortable as a little piece of plastic that sldies in front of the lens of the camera.
Current cheap ones have them- my daughter has one for college. She had to use it for remote college for the pandemic- but it was the first time we used the webcam on that computer. We used an external webcam a few times because we thought the internal one was broken, but the door was just closed...
Support for this kind of thing is entirely voluntary. You can short the mic pin to ground (or connect an external mic), and it will disable the onboard mic by default because that's what is expected, but there's nothing physically stopping the audio controller from reading from the onboard mic anyway.
No it's not. It's meant for any port, but this model has it's own port so you don't need to keep plugging and unplugging it. You can leave it in and daisy chain by plugging your headset or speaker into it rather than directly.
I quite often accidentally turn on the camera without intending (usually because an app automatically turns it on) to. Having a cover prevents me from being embarrassed by an unexpected exposure.
I've always used a sticker (black dot-shaped) or a piece of post-it note. Post-it is really convenient but it's ugly.
I still think the best solution would be to have no builtin camera or microphone. Just have something like the iSight that you manually and thus willingly connect to your thunderbolt. Works with your external monitor as well and you can orient it the way you like. It would also have better overall image and sound quality (low light, more shallow depth of field, etc.). And on the plus side for Apple and its shareholders, it's another $499 essential.
The UI pattern of a button with a crossed-out camera/mic always makes me think twice: is it a status indication that my camera is off, or is the button's action to turn off my camera (meaning my camera is on)?
I cover my camera to avoid that 5s mental dance at the start of every meeting.
Yeah, I started using to LARP, but it's actually huge for peace of mind. When I'm in meetings and I want to make sure that nobody can see make butt naked, I place the webcam cover. The person caught peeing on a zoom VC[1] would never have happened with a webcam cover.
Also, I am really worried about microphones. I have 2 google homes, 6 siris (iPhones and apple watch), a portal, a number of macbook pros and airs, a PS4, ... any of these devices could be listening to me at all time :/
I have the same with my headset. It has a physical mute button for the microphone, which I engage as soon as I'm done talking in Teams or similar. It's a dumb switch, so instant and with no annoying woman telling me I muted. Being a dumb switch it's also tactile, so I can tell by feel if I'm muted or not.
That way I don't have to worry about my annoying my colleagues by my mechanical keyboard, occasional excess gas events or similar.
The Huawei Mate book X Pro has a key on the keyboard that when pressed flicks up a camera. When it is down it shows a black hole inside the keyboard. When it is up it shows a great angle directly up your nose and typing when in a video call shows your hands really clearly. But it is still an interesting way to do it.
On my work laptop, my employer could conceivably turn the camera on to monitor me in some way. I don't think they would, but still I put tape over the camera because I don't want them to be able to do that.
I never really understood the point of camera covers.
If my computer is compromised to the point where an attacker can access my camera and microphone, information from my camera and microphone are the least of my problems.
Sure, someone could grab all my files, email, etc. That would be damaging.
But if I'm having a sensitive conversation in my home/office with someone and the camera and/or microphone come on, that could be damaging as well.
FWIW, I use a camera cover and Oversight[0] to tell me when an application uses the camera or microphone. It doesn't prevent it from happening, but at least I'm aware if something is going on. The weirdest thing I've seen yet is that the iOS Simulator uses the microphone.
Now I'm old enough that there's money in the bank accounts I access online, and I can afford a home big enough that the room I use my computer in isn't the room I get dressed in and have sex in, absolutely.
But if I was giving a computer to a 12 year old or 16 year old - what else is the hacker going to take? Their online gaming account?
Per OPs comment - it isn’t about a compromised system for me at all at least. If I’m in a video conference at 6am in my pjs I’m just a button click away from everybody seeing me. Camera cover let’s me know I can’t accidentally do this (and it has saved me on multiple occasions).
None of the proposed solutions do anything to actually stop the camera from taking a picture of you. Sure, you'll see the indicator light up for 3 seconds. But the attacker still got what they needed.
Camera covers have nothing to do with identifying compromise. They are strictly for preventing compromise. This is exactly opposite what a camera indicator light does, and thus the indicator should not be considered a "workaround" for not being able to install a camera cover.
Newer Thinkpads are the only laptops I've seen which bring their own camera shutters. Thinking how often you see people putting tape over their camera, it's quite astonishing build in shutters aren't more common. It's a tiny piece of plastic, costing nothing.
Now what I want is a hardware microphone switch, where the off state actually connects to a noise generator.
This could be solved in software at the OS-level with a permission dialog that popped up every time the camera was asked to be activated (as opposed to an ongoing website permission). Which would be overly annoying for most, but appreciated by a privacy-conscious minority.
But unless Apple ever did that (doubtful), once you see the green light it's already too late.
It does make me wonder if something like that could ever be done with a kernel extension or similar?
Personally I think a hardware switch that disabled the mic and camera is the best route. Engineers would have to be honest in actually connecting the switch directly to the camera rather than resorting to some firmware tom-foolery. Then you could wire the indicator to the switch as a visual reminder that your camera is attached to your PC.
The HP Spectre x360 line has had physical kill switches to the camera for some time now. I think since the 2018 version. Still waiting for the microphone switch though.
But only one switch for both camera and mic; I am sitting right in front of one. Better than nothing but not always what you want. Same for for bluetooth and wireless which I find even more unpractical.
It would be annoying as hell. I find annoying having to open the settings to grant the camera permission, if every time I have to make a call I have to give permission to the camera, no way.
Apart from that, I would be absolutely amazed if there isn't at least one failure mode of the led itself that allows the camera to turn on despite no light being emitted. Probably too rare for most people to worry about, but still.
I really get why people want a cover, and I think Apple are being a bit disingenuous trying to convince people they don't need one.
It's fine they warn about the danger of cracking the screen, but that entire "we protect your privacy spiel" was rather terrible, and also quite misleading as you so clearly pointed out!
This seems like a pretty mild warning for folks who might stick a bulky cover on their camera and press down / pack their laptop tightly and now have wedged part of the screen open with the cover.
I'm a fan of using painters tape.... pretty low profile, easily removed, stays on really well. Also the weird blue glow you get when the camera is on tells you pretty quick "Hey there's a cover on there" where sometimes with the all blackout covers ... I can't tell.
I renew my calls for all devices to have an led indicator (good on Apple here) and a physical switch that cuts power to mics and cameras for all devices with them. With the endless layers of software we have today, I have trouble trusting anything but cutting power.
> I'm a fan of using painters tape.... pretty low profile, easily removed, stays on really well
The cleverest solution I've seen that is 1.) easily toggled, and 2.) harmless to screens is a coworker who built a little vinyl veil that attaches to the top back of their monitor. They can flip it forward to cover the camera, or flip it back to use it. But if you close even the tightest of lids with a couple microns of vinyl in there, it's harmless. Bada-bing, problem solved, and they only used a penny or two worth of materials.
My wife uses a tiny speck of Blu Tak. It’s soft so just gets squashed flat when the lid closes and it’s designed to be infinitely reusable and come off things without leaving a mark. She just pulls it off and sticks it a few cm to the side of the camera when she wants to use it. She’s been doing it for 3+ years (same piece) and it’s genius.
I’ve got some a lot older than that that’s still sticky. I have no idea what wizardry it’s made of but it’s incredible stuff. Probably involves actual magic (aka Materials Science, the closest thing we have to real magic). I use it every day to hold wires in place while soldering, or temporarily positioning components to decide on layouts, etc etc.
It does not have to be a bulky cover. I used an extremely low profile webcam cover on my 2015 MBP for 3 years. I put a similar one on my 16" MBP, and it destroyed the screen after a couple weeks.
Specifically, this is the webcam cover I was using:
I've been using this exact same cover on 3 different MBPs (yes I use 3 MBPs simultaneously, a 2016 13", a 2019 13", and 2019 15") for almost a year and haven't noticed anything even remotely close to it damaging the screen on any of them.
I actually just tested it, and the cover doesn't even make contact with the lower half of the MacBook when closed. The cover fits into the trackpad area, which is recessed. I don't see how it could possibly damage the screen without me putting enough pressure on it where the screen would have been damaged regardless.
Does the 16" have a shallower trackpad or a thinner rubber gasket around the screen than the 13" and 15" models? Even for Apple, it sounds insane that they would create something so fragile it could be broken by a 0.02" piece of plastic.
I used this on the 2016 for years, but even though it's incredibly thin, it is too thick for the 2020. Would love to find a replacement if anyone has a suggestion.
I've been using the same tiny square of black electrical tape for nearly 2 years without issue, just slides across when needed, the tackiness hasn't noticeably degraded in that time, it's barely noticeable to outsiders unless they really look for it and it hasn't let me down yet. When it does let me down, it basically zero cost to replace and it definitely won't crack my screen either :)
Ahh, thanks for the link. The webcam covers I'd seen in the past were just removable plastic stickers, and I was having a hard time visualizing what counts as "thin".
One of the photos shows them be about as thick as a credit card.
But it's also a sign about Apple not doing a good wrt. making their premium products robust.
With many other Laptops in that price range you would either have to use a very fat cover or apply a amount of pressure which might damage your laptop anyway. I just tried it (carefully) with my laptop and the screen has enough "play"/"flex" to handle it just fine.
PS:
Fun fact as far as I remember a number of webcams with LED indicator allow (or did allow in the past) anyone using the camera
to switch off the indicator without stopping using the camera...
>Fun fact as far as I remember a number of webcams with LED indicator allow (or did allow in the past) anyone using the camera to switch off the indicator without stopping using the camera...
While this is still true for many laptops, it hasn't been true for MBP for at least the past 5 years (cannot be bothered to find the exact year), even if someone has full root access to the machine. I say that, because the camera LED on MBPs these days is hardware activated, not software. So if the camera is active on hardware level, the LED indicator will go green, no matter what.
I consider the piece of tape over my laptop camera like face masks. It may not be perfect nor pretty, but it's damn effective, and I feel better having it on.
For the whole damage from using a camera cover thing, I simply bought as low a profile one as I could find and used a few small felt pads in the top 2 screen corners and next to the camera just outside the width of where the touch pad is (keeps pressure off the pad so the sensor doesn't crack).
I had a laptop that just was a pain to pick at with your fingers to open... I just shoved a bunch of paper in there for a while before I went with your solution, some little rubber clear grippy pads in the corners to get it to stand away from the body just a bit.
I use 3M blue multi-surface masking tape on all my devices. I've had a piece on my surface laptop screen for several months now and it is still leaving no residue after removal. I also like to cover the microphone cutouts if feasible (these are directly adjacent the webcam on my laptop).
This happened to me. Twice. I bought a 16" mbp when it was released because the keyboard of the previous mbp gave me carpal tunnel. I immediately added a camera cover like I always had done on macs. My screen stopped working a few days later, but mbp still worked on my external monitor. I took it in and they replaced the display for free via applecare.
Once I got my mbp back, I added the camera cover again (stupidly). The next day I opened my mbp, and had a line down the center of my screen. That is when I realized what had happened. I then told Apple exactly what I think happened. And to their credit, the replaced it (again) for free.
Over the next weeks, I received 3 different calls from Apple staff, with seemingly increased responsibilities. They all asked detailed questions investigating what I thought happened and in what sequence.
We had to issue an internal notice to our 16" recipients after the first cases started coming in a few months ago. The second most common damage is pressure from pinching the screen to the bottom case during a one-handed pickup. A good squeeze walking between meetings is enough to crack it.
The latest MBPs are exceedingly fragile, can't run two displays from separate TB controllers without throttling, and have had more DOA batteries than any series I've ever encountered to date. This isn't even getting into other models.
How powerless is their QA that they'd let Operations dictate design unchecked? It feels like externalising their expenses taken a leap too far.
My company provides a ~1.2mm thick plastic cover with a little slider inside. I didn't even trust it enough to be used on a thinkpad, much less a macbook
What I do now is either ripping off a small piece of the sticky top of sticky notes (keep the remainder for later reuse) or a piece of washi tape.
Yeah looking at the thickness of most camera covers, I always thought "hmm this might damage the display if I close it". Well looks like this support article proves my point. I always used sticky notes or other stuff. Now thought I've got a standalone webcam that can tilt up and down so I just tilt up so it's facing my ceiling.
I look forward to getting extorted by hackers threatening to tell the world what my ceiling looks like.
You mean the small plastic strips? I mix 3 colors on top of each other and snip off the non-adhesive end. Works great, even looks ok, with minimal raised surface.
If you're going to cover it, use a sticker, like the EFF stickers here[0]. They're reusable, so you can move it to the side for meetings. I used a hard plastic MongoDB-branded sliding camera cover on a couple laptops[1], and its presence appears to have contributed to backlight bleed like this[2].
Came here to say this. Have been using the EFF stickers for years and everyone always asks about them vs the kludgey plastic ones everyone wedges in there that Apple is making note of. I've used them in the past on my phones as well, but given the advent of multiple front facing cameras this has become more of a pain. I purchased some of this sticker material a while ago with the intent to try and laser cut some specific designs. This was a good reminder!
That's the part that I was struggling to figure out. I ended up purchasing some reusable vinyl window stick material from a hobby shop, but have yet to test it.
I've used the same EFF sticker for about 5 years now. They are great and whenever it stops sticking, I just rinse it off under warm water and let it dry. Good as new again.
The glue used for those varies, so you may end up with sticky glue on your webcam after removing the sticker (maybe that's good though if it falls off by accident)
Apple is completely missing the point. Primary reason to cover cameras is to avoid anything being recorded by accident, not just to stop hackers RATing you. Now with everyone working remote this has become even more important as it's super easy to get into the video conference with wrong settings and end up in an embarrassing situation. Activity LED doesn't help with this, when you see it damage is already done and Youtube is full of zoom bloopers to prove this. Of course, preventing hackers accessing your camera is just an extra feature. So I'll keep my cover on regardless what Apple says. I use just a piece of regular paper so it's not entirely blocking the light, light sensors work just fine, and also it's very thin so laptop shuts down normally without any problems.
> The camera is engineered so that it can’t activate without the camera indicator light also turning on.
Has anyone torn down the hardware and verified this lately?
It should not be a complicated feature at all. Just ensure you have the same voltage applied to your LED circuit as your camera circuit, and enforce that by having them on the same wire...
Important distinction. If your microphone is compromised, your web cam might be triggered to turn on just long enough to take a photo, or the camera could turn on only when the mic is quiet and there are indications the person is not engaged with the computer.
Note that this is not only about security. Sometimes a user simply makes a mistake, or have an app configured the wrong way, and accidentally turn on their cameras without intending to. Nothing has been compromised, everything is secure, but they still suffered an unexpected exposure. A camera cover will prevent many of these situations.
Should be a tiny mechanical device in addition to the light and it should only unlock with touch id. Same for microphone. Honestly, I want the same thing for phones too. The ease by which we are monitored is too damn high.
Yeah, light can turn on when one is looking away from the computer or sleeping and could potentially be spied on. A cover is a non spying guarantee, at least the visual part, spies can listen on the mic though
I’m not an electrical engineer so forgive me if this is a dumb question. Is it possible to wire it in such a way where the power actually travels through the LED, so if the LED ever stopped functioning or lost connection the webcam would literally receive no power?
Yes it's possible, as LEDs are indeed diodes, but done naively it would be a very bright LED, and it would tend to flicker as the current draw from the camera varies. It would be a hassle in general.
The LED could still always fail short, and then you're back to having a broken indicator again.
It's not that simple, what voltage and current need to held on that wire to light the LED and the camera? It's not uncommmon to find a situation where a chip doesn't technically have the right power on it's power rails, but is instead drawing power on the input ports. It's non-trivial to prove this is or isn't happening.
No, I think it is that simple. The camera module likely needs either 3.3v or 5v. The LED can also be powered at either 3.3 or 5v by simply using a series resistor. You just hook the camera and LED to the supply in parallel.
> a chip doesn't technically have the right power on it's power rails, but is instead drawing power on the input ports.
What does this mean? The data lines of camera modules are generally differential pair, and it is highly unlikely that significant power is being drawn from them.
All I'm saying is that I have literally worked with systems that have drawn power over differential pairs and it's fucked with our power measurements. So don't rule it out.
First, you have to trust Apple that the indicator _really_ can't be disabled. You also have to trust that there isn't a vulnerability Apple is not aware about that could allow rolling the camera without the light coming on. This has happened in the past [0] and there are known Apple products that are vulnerable, yet the statement never mentions this making you believe it's impossible.
Second, once the camera light is on, the data has already been captured. The light just told you about it, not prevented it. The plastic cover or a piece of tape does prevent it even if your laptop security is compromised.
Third, in a world where remote conferences are more and more common, more and more software doesn't do a very good job at letting you know when it's about to enable your camera. You might click on a link to an all hands conference to listen in while you're changing only to have the software helpfully enable the camera and broadcast you for the rest of the company. I believe in big conferences organizer may sometimes control other ppl's camera as well. You can totally imagine a scenario when the organizer misclicks and enables the camera for the wrong person instead of a scheduled presenter.
Camera covers solve all of those problems.
[0]: https://jscholarship.library.jhu.edu/handle/1774.2/36569