ISeeYou

iSeeYou is a security bug affecting iSight cameras in some Apple laptops.

Discovery
The researchers' decision to study webcam indicator lights resulted from the widely reported WebcamGate case, in which a remote access tool installed on school-issued laptops took photographs of unconsenting students. The study demonstrated that the webcam indicator light could be turned off while the camera itself was turned on by bypassing the standby state of the signal. This was performed by changing the RESET register in the device's firmware to a value of 0x00c8.

Impact
The security flaw was reported internationally.

This vulnerability was used in the extortion of Miss Teen USA, Cassidy Wolf, when she received emails containing nude photos of herself, taken without her knowledge, from an unknown man. Wolf claimed she never knew she was being recorded and that her webcam light never turned on. The FBI arrested Jared Abrahams in relation to this crime as well as the sextortion of other female victims. Abrahams admitted he had infected victims' computers with malware and was able to record victims undress without the webcam light alerting them.

Journalists observed that Apple had sold their laptops as having a "hardware interlock" that was supposed to prevent such an attack, and called on Apple to implement hardware switches or other strong privacy protections.

Mitigation
The Apple laptops affected are capable of running a variety of operating systems, including macOS, Microsoft Windows, and Linux. Mitigations against iSeeYou may vary by operating system. The researchers released a macOS kernel extension, iSightDefender, to reduce the attack surface under macOS.