Smile Mac Users!

by on March 15, 2007 · 12 comments

If you’ve got a Mac with an iSight camera, (like the one that came with my shiny new MacBook) what you’re looking at on the right there is your own face, rendered by Apple’s graphics system to look “painted.” I think that’s awfully damn cool.

Update: I got some reports that this was screwing up PC users, so I’ve moved it below the fold…

Is it also creepy and disturbing? People who know better than me say no: this hack only shows the local camera to the local user. You’d have to compromise the machine itself to access the camera remotely. And the camera has a helpful little green light to notify you when it’s taking pictures.

Still, this is something people need to be aware of. If you’ve got a computer with a camera built in and it got compromised, people could indeed abscond with video (and audio) of whatever your camera happens to be pointed at. So update your software regularly, and put a piece of tape over your camera before you do anything really embarrassing in front of it.

Hat tip to this guy from whom I’m clumsily hotlinking the Quicktime movie. I’ve got just enough technical skill to copy and paste his HTML, but not enough to create a copy of the .mov file on my own server that works.

For non-Mac users, here’s what it looks like. Those are my kitchen cabinets in the background:

painted_tim.png

  • http://mcgath.blogspot.com Gary McGath

    One of the first things I did when I set up my new iMac was to put a piece of sticky note over the camera. It’s easily removed if I ever do want to use it. Think of it as a lens cap.

  • http://mcgath.blogspot.com Gary McGath

    One of the first things I did when I set up my new iMac was to put a piece of sticky note over the camera. It’s easily removed if I ever do want to use it. Think of it as a lens cap.

  • Marcos

    Macs have had microphones for much longer than cameras… no one seemed creeped out at the possibility someone would break into your machine and hear what you’re saying. That is just as theoretically possible as someone accessing your isight.

    But no one has demonstrated any way to actually get video or audio from a remote machine… so, it’s really nothing to worry about. As long as we’re talking about what could happen, someone could break into your gmail account and read all your email. But we don’t worry about that either.

  • http://mcgath.blogspot.com Gary McGath

    Marcos: “No one has demonstrated” a great many combinations of existing functionality which are clearly feasible. There is no technical barrier that prevents malware from using the camera API, nor from sending the resulting captured images over TCP/IP. I can easily imagine some jerk propagating a worm for this purpose, and then distributing the resulting videos, just in the hope that they’ll catch someone naked.

  • Marcos

    Macs have had microphones for much longer than cameras… no one seemed creeped out at the possibility someone would break into your machine and hear what you’re saying. That is just as theoretically possible as someone accessing your isight.

    But no one has demonstrated any way to actually get video or audio from a remote machine… so, it’s really nothing to worry about. As long as we’re talking about what could happen, someone could break into your gmail account and read all your email. But we don’t worry about that either.

  • http://mcgath.blogspot.com Gary McGath

    Marcos: “No one has demonstrated” a great many combinations of existing functionality which are clearly feasible. There is no technical barrier that prevents malware from using the camera API, nor from sending the resulting captured images over TCP/IP. I can easily imagine some jerk propagating a worm for this purpose, and then distributing the resulting videos, just in the hope that they’ll catch someone naked.

  • http://www.davidmcelroy.org/ David McElroy

    Gary, I can also imagine aliens landing and blasting us all to bits with giant ray guns, but that doesn’t mean there’s a realistic chance of it happening. It’s the same with this. And in the unlikely event that this happens, I suspect you’ll hear about it in time to cover your iSight camera, if you have one. :-)

    It’s interesting to me that people get creeped out by oddball theoretical possibilities and ignore everyday possibilities that have been around for years. For instance, somebody COULD sneak up to the outside of your house and attach a small camera rigged to automatically take pictures through your window every now and then, but nobody reasonable worries about THAT.

  • http://www.davidmcelroy.org/ David McElroy

    Gary, I can also imagine aliens landing and blasting us all to bits with giant ray guns, but that doesn’t mean there’s a realistic chance of it happening. It’s the same with this. And in the unlikely event that this happens, I suspect you’ll hear about it in time to cover your iSight camera, if you have one. :-)

    It’s interesting to me that people get creeped out by oddball theoretical possibilities and ignore everyday possibilities that have been around for years. For instance, somebody COULD sneak up to the outside of your house and attach a small camera rigged to automatically take pictures through your window every now and then, but nobody reasonable worries about THAT.

  • http://mcgath.blogspot.com Gary McGath

    You must not be very familiar with the current state of the Internet if you regard malicious software that attempts to snoop on people as an “oddball theoretical possibility.” On an average day, there are at least half a dozen attempts to trick me into revealing credit card information, but so far not a single Martian has tried to blast me with a laser. Nor has anyone knocked on my door claiming to be from the First National Bank and asking me to verify my credit card information.

    Spying by Internet is much cheaper per person, and safer from detection, than doing the same thing in person. Thus it’s much more likely to happen to any given person.

  • http://mcgath.blogspot.com Gary McGath

    You must not be very familiar with the current state of the Internet if you regard malicious software that attempts to snoop on people as an “oddball theoretical possibility.” On an average day, there are at least half a dozen attempts to trick me into revealing credit card information, but so far not a single Martian has tried to blast me with a laser. Nor has anyone knocked on my door claiming to be from the First National Bank and asking me to verify my credit card information.

    Spying by Internet is much cheaper per person, and safer from detection, than doing the same thing in person. Thus it’s much more likely to happen to any given person.

  • http://www.davidmcelroy.org/ David McElroy

    Gary, you’re totally changing the subject. There’s no comparison between phishing attempts and somebody using an iSight camera to spy on people. Phishing happens all the time and it’s frequently successful. Less often, snooping can be successful when people hack (crack, really) into other people’s systems, but it still happens pretty much every day. Can you show me even ONE example where someone has hacked into a Mac and taken over the iSight camera? Until you can show that (or at LEAST show that it’s being seriously attempted,) then I’ll continue to called it an oddball theoretical possibility. It’s not happening yet, and I don’t see evidence yet that it is likely to happen.

    Your use of the word “spying” is so generic that it’s useless in this discussion. Do you consider phishing attempts to be spying? Do you consider keyloggers to be spying? THOSE sorts of things are certainly cheap and easy. But getting photos or video of someone from the camera built into a Mac is NOT common, cheap or even shown to be possible.

  • http://www.davidmcelroy.org/ David McElroy

    Gary, you’re totally changing the subject. There’s no comparison between phishing attempts and somebody using an iSight camera to spy on people. Phishing happens all the time and it’s frequently successful. Less often, snooping can be successful when people hack (crack, really) into other people’s systems, but it still happens pretty much every day. Can you show me even ONE example where someone has hacked into a Mac and taken over the iSight camera? Until you can show that (or at LEAST show that it’s being seriously attempted,) then I’ll continue to called it an oddball theoretical possibility. It’s not happening yet, and I don’t see evidence yet that it is likely to happen.

    Your use of the word “spying” is so generic that it’s useless in this discussion. Do you consider phishing attempts to be spying? Do you consider keyloggers to be spying? THOSE sorts of things are certainly cheap and easy. But getting photos or video of someone from the camera built into a Mac is NOT common, cheap or even shown to be possible.

Previous post:

Next post: