Federal prosecutors say that Ohio man used MacOS malware that covertly operated cameras and mics and exfiltrated porn searches for 13 years


#1

Originally published at: https://boingboing.net/2018/01/11/libjpeg-considered-harmful.html


#2

Thank goodness our government would never…


#3

But I was told macs didn’t have security problems ever?

Next somebody will tell me Linux machines can be hacked.


#4

Have you read the news over the past couple months? There have been some big lapses, holy cow. I’m a Mac-user, btw.

My question is, did this malware turn on the camera light?

And also, OHMYGOD, with so much porn on the internet, why the hell does anyone need to do something this nasty? GEEZ.


#5

I don’t know what this particular malware does, but it would likely have been possible, at least on some models, to run the camera without the indicator light.

There was a finding in 2013 that some Macs had the camera LED controlled by the camera firmware, not hardware-wise in line with the power supply to the camera. By patching the camera firmware, the authors of the paper were able to capture video without turning on the LED.


#6

I’m sorry, I did forgot my sarcasm tags on that and probably shouldn’t be throwing around attitude at times like this.

I’ve been following computer security for decades and been cringing over the years about attitudes of security on the Mac. Yes it is a good base but it still has tons of flaws and all it takes is incentive and the user base becomes ripe for exploiting. Users thinking they are invulnerable to attack is just not a good recipe.

I guess the porn is more exciting if you add a layer of real voyeurism and illegality. Is that a kink now?


#7

I suppose it always has been – these types of abusive behaviors are obviously sexual in nature, but also relate to deep illness and issues surrounding power and powerlessness the abusers foster. What’s just so frightening these days is that a well-crafted virus or trojan or whatnot can make it so easy for a single abuser to cause SO much damage to SO many people, with very little effort. Remember that school district in Pennsylvania where it turned out the IT guy had been snooping on students’ webcams? This was a few years back. Blech.


#8

yes. in most macs the camera led is not separately controlled but part of the camera sensor circuit that lights whenever the camera sensor circuit has power so it isn’t possible to turn on and off separately from the camera. this was by design. this is not true on all generic laptops and older macs though and a good overall question when discussing camera activating malware.

They have had significantly fewer exploits over the last decade.
Most osx exploits have required users to install them, including this one, and because of Apple’s highly controlled ecosystem they are able to patch and eliminate many of the points exploited fairly quickly so they are rendered useless. That is one of the few real benefits of a closed restrictive ecosystem.

They certainly aren’t invulnerable.

The most vulnerable are the products Apple abandons and no longer includes in their update cycles, those are going to become more and more ripe to exploits.


#9

Power. Some people find having power over others* to be a turn-on. Some of these people are also not interested in consent (or, frequently, prefer a lack of consent).


* Sometimes, even when their victims don’t know about the exercise of power.


#10

You could actually do a bunch of neat stuff: the Apple cameras of the time used a Cypress CY7C68013A, which is a nice, versatile, part; pretty much just enough firmware to burn a device and vendor ID in, USB interface on one end and a much-sped-up 8051 core executing whatever firmware is handed to it by the driver at startup. Very flexible; but also meant that the adversary could not just disable the camera indicator light but do nifty things like turn the camera into a completely different type of USB device: HID keyboard to emulate physical presence, that sort of fun. If memory serves Apple (somewhat uncharacteristically for their current tastes) skipped any sort of firmware signing: some payloads obviously wouldn’t function; but there was nothing stopping you from loading anything that would fit.

https://www.usenix.org/conference/usenixsecurity14/technical-sessions/presentation/brocker


#11

This topic was automatically closed after 5 days. New replies are no longer allowed.