Apple’s User-Facing Cameras Have Been Flawed For More Than A Decade

Photo by Edu Carvalho from Pexels

Do you know someone who tears the gummy corner off of a sticky note or uses a piece of tape to cover their webcam on their laptop? Do you do this yourself? I don’t, but I do think that it would be really nice if all the tech companies got together and did something to make this practice unnecessary. I mean, it does seem like a whole lot of users have spent at least half a decade now covering their cameras because they’re worried that someone might be secretly hijacking them.

When this practice first cropped up I only noticed it from people who had Windows laptops and I would chuckle to myself — just another clear sign that Windows is riddled with malware threats and the users need to be paranoid at all times.

However, the practice soon jumped to other Mac users and I was bumfuzzled. Why would they be doing this? There’s a little green light that turns on whenever the camera is being accessed. It’s unnecessary to tape up your camera, and you’re getting sticky residue on it that’s going to obscure things when you do want to use it!

It was my assumption that non-Mac users were having this problem because laptop manufacturers have spent the last 20 years building shoddy hardware and cutting costs. I’ve considered switching to a Windows or Linux laptop a few times over the years because they’re cheaper, but when I get my hands on them the build quality is horrendous. I just figured they were too cheap to wire in a little LED light to let you know when the camera is running.

A few days ago I learned something worrying though, because I made fun of a friend of mine. She’s extremely tech savvy, her Ph.D is in computer science, and I thought it was ironic that she’d fallen for the trend of covering up webcams, forgetting that the LED indicator told you whether it was on or not.

I ribbed her about it and then she revealed to me that the LED light is useless.

Apparently since at least 2008 Apple has been pumping out webcams that have a little green LED on them that’s controlled by software. What!?

Why would you do this? From first principles, the only reason to put an LED next to a camera is to tell you whether or not it’s active. The best way to do this would be to connect the LED to the same circuit as the camera so that whenever the computer enables the device, the LED turns on. I’m not an electrical engineer, but I do know that engineers like to make things as simple as possible (the good ones, anyway) because the most elegant solution is usually the one that has fewer things that can go wrong while achieving the intended results.

Not only is wiring them together the easiest way to do things — because it doesn’t require writing code to switch on another piece of hardware, and then maintaining that code throughout every OS release and hardware change — but it is also the most reliable way of doing things, for the same reason I just mentioned. This solution also has the benefit of making it impossible to engage the camera without also alerting the user. If there is power going to the camera, there is power going to the LED, and no amount of clever hacking can change that. (I mean, okay, if the circuit is poorly designed and it powers the camera before the LED, then I guess maybe you could be clever and not supply enough power to turn the camera on, but like, just don’t design the control circuitry that way.)

Apparently though, someone decided that they’d do it in software, and so while you’re apparently not allowed to directly interact with that LED light through approved APIs, if you’re a malicious user you can totally get away with it. And hence, it’s entirely possible for my webcam to be on at all times and recording data, and I’d never know it unless I paid particular attention to my network traffic. That’s bad!

There seems to be an opportunity here for device manufacturers, and I’m baffled as to why they haven’t leapt on board. It’s not a staggeringly difficult thing to design a tiny circuit to connect the power to the camera to an LED so that they’re always both on or off, and never in a state where one is on and the other is off. I can’t imagine that it would even cost more than a fraction of a penny once it was put into production.

Plus, it’s something they can market against the competitors at the start. “Hey look everyone, our computer tells you when your webcam is active — for realsies this time!” They could even put it on those appalling stickers that they put below the keyboards and you have to peel them off and they don’t want to come off and then there’s a residue there that gets on your palms for the first few weeks you have the computer.

This is also something that ought to be worked into smartphones. They’ve got front-facing cameras that could be (and I believe, have been) hijacked without their owners being aware. Again, just wire in a little tiny LED that turns on whenever there’s a current to the camera.

Here’s the weird thing though: Apple has already done something similar in the latest iOS, but it went with the stupidest possible option again, and even went to the trouble of making it more stupid. They did it entirely in software. There isn’t even a physical LED, just a little dot that appears in the top right whenever a process is using the camera.

I get that iOS isn’t as prone to malware as Android for a lot of reasons, but that doesn’t solve the problem. Eventually someone IS going to hijack that camera and it will be on the news and everyone is going to start covering their front-facing cameras, which is a problem because that will probably also block literally the only way to unlock your phone without entering the PIN, which will discourage users from locking their phones.

Not having an LED that actually means something is, in the case of iPhones at least, a potential security threat. Someone needs to fix that. Just put a little, noticeable but tiny blue light in the instrument cluster. It’s worth it.

So … I don’t know. Maybe someone in the industry can tell me why software indications were chosen? It seems so contrived. Perhaps someone can also tell me why none of the manufacturers appear to have anyone in a decision-making or design capacity who has ever interacted actual humans enough to realize that people being paranoid about their webcams is a stunningly common thing. The percentage of people with tape over their webcams is high enough that pre-pandemic you couldn’t go to a packed coffee shop without seeing at least one case of it.

Maybe someone will fix it soon. That would be nice. It’s sad that there’s no way to fix the old systems, but going forward this ought to be industry standard. Just uh, just wire an LED to the user-facing camera, folks — it’s that simple.

from Hacker News https://ift.tt/3kr4CgL