Malware can turn off webcam LED and record video, demonstrated on ThinkPad X230
(github.com)
from schizoidman@lemm.ee to technology@lemmy.world on 29 Nov 13:48
https://lemm.ee/post/48580389
from schizoidman@lemm.ee to technology@lemmy.world on 29 Nov 13:48
https://lemm.ee/post/48580389
cross-posted from: lemmy.bestiver.se/post/121053
threaded - newest
Most laptops have a physical slider that can mask the camera. But I don’t know of any tablets or phones that offer this feature.
I have a thin stick-on slider for my laptops. It’d look clunky, but you can stick it on any tablet or phone.
Except these days the camera is a hole in the screen in a mobile phone, so you’d be effectively blocking part of the screen too.
That hole in the screen is always black, so covering up the hole (and only the hole) won't make you miss a thing.
or get a phone that you can trust
Those pretty much don’t exist.
Here are the list of phones I trust, in order:
I’m on 3, because 1 & 2 don’t function well enough as phones (need reliable MMS, better audio, and better battery life). The first two have hardware switches, the last is controllable by software I somewhat trust. All three have significant caveats. Once 1 or 2 work properly as phones (don’t even need Android apps), I’ll switch.
Obligatory: Librem 5 and their entire company is a scam. Louis Rossmann talked about it.
Yup, but that doesn’t change how much I trust the hardware. I’m never going to buy from them, but I do think their phone hardware is decent. If I buy a Linux phone, it’ll be a PinePhone.
Purism is slowly correcting course regarding refund policies, but meaningful improvements take time. Also, the letter from “Purism” to Rossmann came from a Purism volunteer who had no authority to publicly represent the company.
Yeah…but usually the the sticker ones with a slide have a space where the cover slides to, and all that space will be over the screen. Unless you want to permanently cover the punch-hole camera.
there used to be phones with pop-up cameras for a year or two.
The Librem 5 offers hardware killswitches on the side of the phone, and the Pinephone offers hardware killswitches in the rear of the device after removing the backplate.
I just use some gaffers tape to cover the camera.
One complaint I have is a lot of laptop manufacturers who do put a camera slider in, paint the slider red when it’s closed and black when it’s open. It should be the opposite. Red is dangerous live.
I fix it just using some enameled nail polish. But it seems opposite of what it should be
That’s not possible, because the sensor is black (or at least very dark).
Right, but the ring around the sensor is plastic. That plastic could be red. To indicate that the camera is uncovered
What about the mic?
Plug in a dummy headphone jack. But some microphones are not disabled in hardware when that happens.
The framework laptop does have a hardware switch for that, which is nice
They have it that way because it reduces the support calls from idiots who can’t figure out why their webcam won’t work.
The problem here is that the led was software controlled which always struck me as more of a bandaid then a solution.
A proper hardware switch solution would mean the led and webcam are wired so if the webcam receives any power the led jumps on. The computer shouldn’t even know that led exists. Not sure how many devices actually do this though.
The tape on cam solution works on video but might still record sound which is in many cases more dangerous for sensitive information.
Of course one also has to wonder how much it matters having typed this on a phone with cam and microphone uncovered and no indicators.
I believe Framework has their webcam LED setup like this. At a minimum the physical switch cuts power to the whole webcam assembly.
That is exactly how the webcam light is setup in a Framework. The light is wired up to the camera sensors power, so whenever the camera has power, so does the light. The switch also fully disconnects it from the computer itself. At least in Linux, you can verify it using
lsusb. You can see the camera indicated asRealtek Semiconductor Corp. Laptop Camera. Whenever the switch is flipped though, it disappears all together from the list.And the Framework Laptop also has a switch for the mic. So even the mic can be completely turned of on the hardware level.
Yeah, this is exactly the problem. Never should have been software controlled.
And yes, it’s getting harder and harder to control for these privacy issues with the number of devices we routinely carry with microphones and cameras.
I believe apple has the led hardwire in MacBooks webcams.
Used to, but not anymore. I recall a similar exploit for MacBooks a few years back.
Both android and crapple phones have mic & cam indicators nowadays, tho, and if a piece of software has a level of access high enough to bypass those, you kinda have bigger issues… Also, the webcam receives power by default currently; as the repo mentions, it’s just another USB device (well, it’s 3v3, and not 5v, but it doesn’t really matter here)
The problem with that is a USB device is powered even if it’s not being used. You can’t communicate with it to identify it as a webcam without powering it. So the light will be on any time it’s plugged in.
The camera module itself can be powered off if properly designed and the led should be powered from the same source.
Yeah, but that’s additional design complexity, and most consumers, given the choice, would pick the cheaper option.
Could be interesting to have a law that made this cheaper option illegal as it is more dangerous to society
It’s more complex and expensive to have it controlled by software though.
Hardware controlled would be the equivalence of using a splitter to add a second lamp on an outlet attached to a light switch. (would only require a change in a trace or two and a transistor/resistor or two.)
Software controlled is the equivalence having to buy smart outlets and programming them yourself to have the two lamps turn on at the same time. (requires the same as a hardware switch, plus a more expensive or even an extra controller chip along with the need to write and program it.)
That’s the USB-controller, not the actual cam. It’s certainly possible to couple a LED with the power state of the camera chip and it was already done before.
IMHO both camera and microphone should have a physical switch disconnecting them.
On phones and tablets as well.
Framework laptops do this- and the switch that kills the camera also slides a shutter over the lens as well.
Oh, mine only seems to physically disconnect the camera and not slide anything in front of the lens. Do you have the 16?
That lens cover also seems unnecessary to me. A physical disconnect for the camera and microphone is a nice touch of Framework’s laptops…
No, I have the 13. Although I’m not in front of it right now, so I could be misremembering.
And you know, the led shouldn’t be fucking firmware controlled!
It’s a really good idea, but to work reliably, it should be HARDWIRED to light up when the cmos is receiving power.
It feels intentional to fuck this one up.
Most Thinkpad’s have a slidy cover not sure about the mics though
Anyone else ever join large conference calls from the shower?
Shower? No.
Naked? More times than clothed.
This is why so many laptops, including Lenovo laptops, have webcam covers. You could always put a piece of tape over it lol
Lights Out
It can’t turn off electrical tape.