A common thing that is mentioned by many people is that the webcam LED light can’t be disabled because it poses a security risk to the users.
I think it is a security risk to mislead users in this way. Yes disabling the webcam LED is possible on most devices, allowing for someone to spy on the users without their knowledge.
First of all let me state even though most webcams can be exploited to disable the LED. It is worth noting all webcams have slightly different hardware and different drivers. So exploits will vary with each camera.
Many RAT’s have the ability to already disable the webcam LED. However many people will argue that RAT’s are primarily used for Windows systems. This may have been true years ago. But I recently wrote an article about a RAT called jRAT which was written in JAVA and can run on Windows, Mac, Linux, BSD and most other desktop based operating systems.
The scary part about jRAT is hardly any antivirus programs detect it. Which means unless the user knows what to look for they will most likely never know it is on their system since antiviruses don’t detect it.
Windows Logitech Cameras
For some bizarre reason Logitech feels the need to store information about it’s hardware in the Windows Registry. I guess because Logitech gets off on knowing many people will buy their cameras and become victims.
If we open the Registry in a Windows computer that has a Logitech camera on it. We will see the following Registry key.
The above key will show DWORD hexdecimal values like the following. It may have values something like the following.
Now this is a boolean value which means it’s either True or False. So any number that is not 0x00000000 is True which means the camera LED light will be active. If the hexadecimal value is 0x00000000 then the LED is turned off.
Windows Camera with RealTech Hardware
Cameras that use RealTech drivers can be hacked as well. It is as simple as locating the drivers which will be in a DLL format and patching them with a decent Hex Editor which can be found in any programmers arsenal of tools.
Up until 2010 Apple computers used iSight cameras. This to had it’s own exploit which researchers found and made availible to the public with the iSeeYou exploit.
Now Apple has added connected the LED light directly to the same drivers that manage power. This sounds like a good security measure, and I can understand the logic. And developers developing software and drivers for Apple computers will probably cringe at the idea of attempting to modify such firmware, since it runs the risk of bricking the system.
But a criminal wont care about the computer, and they have no problem attempting to create a patch to patch the firmware to get around this.
Once again Linux is also vulnerble. Unless you are someone who believes Linux can’t get viruses or any type of malware. In which case I urge you to scroll up the page and see where I mention jRAT. Or maybe you should read up on the post I wrote about creating a Linux based virus.
Now if you have read my work you know that software can be downloaded and installed on the users Linux system when you create the virus to do such things. So the only tool that needs to be installed on a Linux system is a nice handy command line tool called uvcdynctrl. If it is installed we can simply issue the following command.
uvcdynctrl -d video0 -s 'LED1 Mode' 0
This of course is assuming the camera device is video0. If it is video1 then you simply type replace video0 to video1. Heck an attacker could even create a script that tries every number from video0 to video100000.
Some may argue that they will know what programs they are using and they don’t just download and install just any program. Well that is great. But maybe they should read my post about file binding.
The truth is you need to know your system. Keep an eye on your drivers and if they have changed take note. Always have an up to date anti virus program installed on your system, even if your using Mac or Linux. And you should never feel paranoid by putting black electrical tape over your camera when not using it. Lets not forget about the school in Philadelphia that faced lawsuits for spying on the kids at home through the students webcams.