Your Source for Leaks Around the World!

Disabling Webcam Light in Windows and Mac Computers

In Apple, Archive, Internet, Malware, Microsoft, Surveillance, Technology on December 21, 2013 at 11:20 PM



On our Dell laptop, we find the DLL that comes with the RealTek drivers for our webcam. We quickly zero in on the exported function “TurnOnOffLED()”. We can quickly make a binary edit to this routine, causing it to return immediately without turning on the light.

Almost all webcams, even those inside your laptop’s screen, are USB devices. There is a standard for USB video cameras, the UVC standard. According to this standard, the LED indicator light is controlled by the host software. To hack this on Windows appears to require a filter driver. We are too lazy to write one, which is why we just hacked the DLLs in the demonstration. We believe this is what the FBI has done: a filter driver for the UVC standard would get most webcam products from different vendors, without the FBI having to write a custom hack for each one.



We describe how to disable the LED on a class of Apple internal iSight webcams used in some versions of MacBook laptops and iMac desktops. This enables video to be captured without any visual indication to the user and can be accomplished entirely in user space by an unprivileged (non-root) application. The same technique that allows us to disable the LED, namely reprogramming the firmware that runs on the iSight, enables a virtual machine escape whereby malware running inside a virtual machine reprograms the camera to act as a USB HumanInterface Device (HID) keyboard which executes code in the host operating system.

To defend against these and related threats, we build an OS X kernel extension, iSightDefender, which prohibits the modification of the iSight’s firmware from user space.

Related Links:

FBI’s Search for ‘Mo,’ Suspect in Bomb Threats, Highlights Use of Malware for Surveillance

U.S. Intellectual Property Commission Report Recommends Malware to Stop Piracy

UPnP Vulnerability Exposes 50 Million Network-Enabled Devices to Be Hacked & Controlled Remotely

  1. […] LeakSource 0 likesLeaksComputersDisablingLightWebcamWindows […]


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

%d bloggers like this: