Can webcams be turned on without the indicator light?
I've made a series of penetration tests in my network and one of the things I've tried was to record webcam and microphone.
Recording an end-user's microphone seems to be a stealth thing, but what about the webcam? In my tests, the indicator is turned on and I can't figure out a way to do this without turning on the light.
So far, I'm assuming that if someone broke into my computer and turned on the webcam, I'll know that.
But, if that's possible, which of the available hardwares on the market are vulnerable to that kind of attack?
Most definitely, but in order to do this you would probably have to patch the camera's firmware and then flash it. Similar attacks have been used to disable the "shutter sound" on cameras.
Does drivers have something related?
@Keyne doubtful, its probably firmware. in that the device has a set reactions to an incoming command like "start recording".
The answer is absolutely wrong! You're forgetting about the fact that it doesn't take firmware, but only a simple change in system configuration (as malware would be able to change). Check http://forums.logitech.com/t5/Webcams/Can-I-turn-off-red-LED/m-p/277305#M52816 for one of the many examples. LOGITECH WEBCAMS as an example DO NOT need firmware changes to have their light disabled! And note that I'm not yet talking about former Adobe Flash security issues that enabled camera use without indicating activation (read: while leaving the activity-indicating light off). Firmware only? You wish!
@user6373 that is one way of accomplishing the same task, it depends on the device. But, at the end of the day, the lights on the device is controlled by the firmware.
I'm not trying to troll this answer, but I don't really see why this isn't just hyperbole. If the camera's power circuit includes an LED then how could one power the camera without powering the LED? I know there is a link in the above comment, but that is for a peripheral device, not an integral laptop camera. Has someone actually looked to see if they are on separate circuits controlled independently by firmware? Lights were added by manufacturers to solve the RAT problem, so I'd be surprised if they didn't solve this simply by pulling the LED in parallel from the power circuit.
@rook most cameras (including many if not all Logitech cameras) have the light controlled by firmware, yes. However, this firmware has a SOFTWARE INTERFACE that offers application-based control over the camera's indicator light. We actually use this at work to disable the LEDs on our C920 cameras, just takes a command from `uvcdynctl` to set the camera to "LED Off" before activating the camera, and the LED never comes on. I suspect many other cameras have similar interfaces with this potential for abuse; however, there are also legitimate uses for it.
Im not sure about built-in webcams, but I think it is most likely possible.
I've found info on Logitech Webcams, where you can turn off the LED in the registry keys..
For QuickCam versions 188.8.131.529 thru 184.108.40.2063, LVUVC_LEDControl is located in the following registry key:
Note - If more than one camera is installed, you will have a "folder" for each device (i.e., 0000, 0001, 0002, etc...).
It has a default Data Value of REG_DWORD = 0x00000005 (5).
Based on your comments, I will assume that the following information is true:
0x00000000 (0) = LED Off 0x00000008 (8) = LED On
Please note that only certain cameras support this feature, so the mere addition of this key will not cause the LED Control buttons to appear in the QuickCam® Advanced Settings.
Hence, I do not see why it shouldnt be possible for built-in webcams, since they also require drivers (mine is for example up side down after a fresh install)
@Keyne Computerworld just brought an article about a flaw in flash that could allow webcam spying. http://www.computerworld.com/s/article/9221052/Adobe_to_fix_Flash_flaw_that_allows_webcam_spying?source=CTWNLE_nlt_security_2011-10-21&;utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+computerworld%2Fs%2Ffeed%2Ftopic%2F17+%28Computerworld+Security+News%29
It really depends on the type of camera, and how it is built. On Apple MacBook Pros (at least recent ones), the camera light is directly connected via the power supply to the camera module, so the light can't be circumvented even via a firmware hack. Older (really old) Logitech cameras had a similar design.
But just to be safe, I'm one of those guys with a dark tape over the camera.
A few years ago, some researchers found out a way to turn on the webcam on a Mac without the light being turned on: https://jscholarship.library.jhu.edu/handle/1774.2/36569
It seems as if the design of my ASUS notebook is good in this respect.
It uses a hardware video shutter, that cannot be turned on electronically.
That is a great solution to the privacy issue (excepting sound recording as you said).
This is what I have on all my web cams - it is a prereq in my buying decision:-)
One other thing that I haven't seen mentioned was popularized during the Lower Merion District School spying scandal last year is that the software that was used (LANRev TheftTrack) got around the Apple Macbook's camera light protections (camera light is hardwired to camera power) by simply turning it on briefly for a snapshot. Thus the camera isn't on all the time, but only at random intervals for a split-second.
This is a common feature on metasploit framework and it's used to take pictures.
Yes it can be done. Many web-camera control programs give you the ability to turn off the light. So it's definitely possible.
So as to know if the camera is active at a given time, I guess the best thing you have to do to ensure it stay disable, is to turn it off in the device manager. Off-course, you have to trust the Operating System to obey your commands. But that is a different question.
Under Linux it's possible to control the LED on a number of USB cameras using the
uvcdynctrllibwebcam command line tool (available via most package managers) e.g. to turn off the LED on device video1:
uvcdynctrl -d video1 -s 'LED1 Mode' 0
On Windows a number of cameras come with control software that allows for disabling of the LED in a number of cases (e.g. some Logitech models).
I use `uvcdynctl` at work for our fleet of systems, it's quite handy for us -- but yes, this demonstrates that many cameras allow the LED to be controlled by software, thus rendering the status light an inadequate indicator of compromise as OP was asking.
At least on older MacBooks / MacBook Pros from 2007 and 2008, there is a way to disable the LED as demonstrated by researchers from Johns Hopkins University and published in a paper.
They have also created a kernel extension for Mac OS X to prevent such an attack, called iSightDefender, available as source code on GitHub.
So, looking at those Logitech and iSight webcams' security, you can safely say that your privacy is not safe with a webcam aiming at you. You might also want to look at those laptop webcam cover stickers from EFF.
I used a neat little trick that will go unnoticed by the unsuspecting. I use a very small round rubber that often comes on the bottom of small devices like Vonage VoIP router. It provides a little lift off the surface to allow better ventilation and to reduce sliding of the device. I just use it to cover the LED and persons will think it came with the laptop.
Alternatively you can use the very small kitchen cabinet door cushion. They are normally used to reduce the banging when the cabinet door is close. Some are plastic or synthetic cloth with adhesive on one side. Pick up a pack of 100 for a a dollar or two at the hardware. Whatever colour they are just use a black permanent marker and that did the trick. My laptop is black.