Apple Warns Against Closing MacBooks With a Cover Over the Camera

[szw-mapple fan]

I mentioned my privacy regimen in another post, regarding everything in the house. I trust none of the companies out there, Apple or otherwise. My point re: the software libraries wasn't to provide a direct comparison to hardware, but to look at it in the larger picture of trust and how people rely on others for their security; people are depending on Apple to tell the truth about the camera and LED, just as people in programming are depending on everyone else in the profession to figure out if their software libraries have malicious capacity. There's a certain ratio of trust and effort there to results. I'm sure if I had more time I'd come up with something flip and pointed, but dinner is waiting... 😁

Your points are completely valid, but at some point you will have to put your trust in what Apple or another device manufacturer claims. There are many ways that a laptop or personal device can be exploited to spy or steal personal data. Unless you are willing to develop a new software/hardware system on your own you can't be completely sure. It all comes down to what level of trust you are willing to give. I tend to believe Apple on the LED light issue, mainly because they have little reason to lie about something like this and the fallout would be huge if it turn out they did or if they were negligent. There also hasn't been research to suggest that any post-2008 MacBooks can be manipulated in a way that can circumvent the light. An exploit is probably not impossible, but if I were targeted by people who do have this capability, I think I would have much bigger issues to worry about.

 

[Sill]

Your points are completely valid, but at some point you will have to put your trust in what Apple or another device manufacturer claims. There are many ways that a laptop or personal device can be exploited to spy or steal personal data. Unless you are willing to develop a new software/hardware system on your own you can't be completely sure. It all comes down to what level of trust you are willing to give. I tend to believe Apple on the LED light issue, mainly because they have little reason to lie about something like this and the fallout would be huge if it turn out they did or if they were negligent. There also hasn't been research to suggest that any post-2008 MacBooks can be manipulated in a way that can circumvent the light. An exploit is probably not impossible, but if I were targeted by people who do have this capability, I think I would have much bigger issues to worry about.

If you can trust Apple, thats your ground then and I'm fine with that. For myself, I have no reason nor evidence to trust Apple anymore. There's a change at the top levels of that company now, evidenced by their lobbying and advocacy games, and the environment there is changing. Inertia, and the fact that there is still a lot of good people there, are the only reason I'm still involved with the Apple ecosystem. The way I look at it is, at some point you have to make a decision that you're either going to use something or not use it, and you're either going to give up a piece of information or not. I choose to use a few things, and give up as little about myself as I can.

As for the LED, whether Apple is concealing a potential risk, or there is a hack and they're unaware of it along with the entire tech community, I say its still smart to use a cover -its simply a matter of being certain that the thing can't grab any information without permission. It ends right there, with a little slip of paper, no trust involved.

 

[ROBB D]

I bought the MacBook Pro 16 inch at release. And within a few weeks a purchased a thin slate skin (Roxxlyn) to cover the MacBook Pro and my iPhoneX. The iPhone X skin still had the punched out camera hole pieces still in the skin...I used this VERY THIN skin to cover my camera. A few weeks later, my display developed a hairline fracture.

 

[zephonic]

It's interesting so many comments ridicule the use of laptop cam covers. A few years ago, I saw some photos from inside FB and Google offices, and EVERYBODY there had taped off their camera.

Guess they are all nuts over there.

 

[MacCheetah3]

It's interesting so many comments ridicule the use of laptop cam covers. A few years ago, I saw some photos from inside FB and Google offices, and EVERYBODY there had taped off their camera.

That could be company policy. They may not need video chats while at the workplace as well as wouldn't want employees to engage in personal video chats, etc that not only could decrease productivity but also possibly leak or show inside items the company doesn't feel the public should be aware of.

However, if we step into the personal privacy view... Employees of FB and Google must be well aware of how their companies can lack privacy and security concerns, especially FB... WHICH... Says more about the company than general computer security.

 

[q3anon]

😂

 

[zephonic]

That could be company policy. They may not need video chats while at the workplace as well as wouldn't want employees to engage in personal video chats, etc that not only could decrease productivity but also possibly leak or show inside items the company doesn't feel the public should be aware of.

Sure, could be.

However, a quick search reveals it's not hard at all to hack someone's webcam or phone, that's the uncomfortable truth. I don't think anybody has a reason to hack mine, or that I am a particularly interesting target, but if someone wants to, they can. Covering the cam is a simple solution with almost zero downsides, other than the subject of this article.

 

[Yr Blues]

BS

 

[MarvinMartian]

but as I understand it on T2-equipped MacBook models, this is not possible because the webcam is controlled from the T2.

So owners of pre-T2 devices are still rightly cautious then, correct?

There exists a certain type of person who loves the challenge implicit in the statements "Why would anyone want to do that?" and "That's impossible."

 

[jc1350]

I didn't read all 350+ posts, so sorry if this is a repeat, but I saw several calling the covering of a webcam "paranoia" and that the camera can't be activated without the light illuminating. Yes, it can. Read about Cassidy Wolf, a then-teenage girl in California in 2012/2013. She would later become Miss Teen USA, but the "sextortion" she experienced was before that.

'I wasn't aware that somebody was watching me [on my webcam],' she said. 'The light [on the camera] didn't even go on, so I had no idea.'

The laptop was infected with Blackshades (Windows malware). Do you really want to trust any computer manufacturer that they have 100% security around the light connected to a webcam? There is no excuse to not have an integrated physical cover. What concerns me more is that younger generations seem to have no idea or concerns about privacy. They put their entire private lives on twitter, facebook, etc. I don't get it.

More than 90 people nabbed in 'creepware' hacker sting

Reigning Miss Teen USA has told of the terrifying moment she opened an email that featured naked photographs of herself secretly taken via webcam from a hacker at her school.

www.dailymail.co.uk

 

[iPodClassic1]

So does Mark Zuckerberg.

And Chris Lowe from the Pet Shop Boys.

 

[JDW]

This warning would not seem to apply to the 2017 MacBook Air. Not that I care, but my daughter uses one on her 2017 Air and so far hasn't had a problem. But I think the camera is in the bezel on the 2017 Air which isn't coated with glass so it shouldn't matter.

 

[MacCheetah3]

What concerns me more is that younger generations seem to have no idea or concerns about privacy. They put their entire private lives on twitter, facebook, etc. I don't get it.

Or sexting. I hate to mock people for mistakes but, come on... Send a photo of your breasts, genitals, etc --unnecessary and a bit weird anyway IMO -- in a one-to-one, private instant message session, even with encryption, and don't think, "This might be shared." Not only in a possible revenge porn manner but via a security issue. I don't recall the name and can't find an article about the breach, but some years back there was an instant messaging app that stored attachments on AWS but unencrypted and accessible via public URL. When somebody discovered the exposure, they used a script to download the attachments, which consisted of long integers for file names, which could easily, albeit extremely time-consuming, be tried using auto-incrementation.

The point being, a person should always be cautious, though you'll never prevent everything. Therefore, it's important to apply sensible precautions and get as close to the root of the (potential) problem as possible.

 

[macman312]

If you use a webcam cover, why? Can someone explain what they think someone is going to be looking at? I work at a large corporate company. If someone is hacking into our webcams we have much bigger issues.

Everyone seems to have one. People refuse to use their bloody cameras. I’ve joined a brand new team and I still haven’t met anyone on camera. Surely that defeats the bloody purpose of using video chats and cross company collaboration...

I work in cybersecurity and I cover up my cameras as does everyone I know.

I’m genuinely interested in why mostly for the reason above...

It's interesting so many comments ridicule the use of laptop cam covers. A few years ago, I saw some photos from inside FB and Google offices, and EVERYBODY there had taped off their camera.

I work at a similarly big company. My question is, with WFH needed this year and it is probably going to make companies question the need for offices in multiple cities. Surely having people on video makes collaboration so much better. I know I don’t like just being on audio.

If it is a company policy, fair enough if you are working on a prototype in the office but if you are doing a normal teams/Webex/zoom meeting it doesn’t make sense to me.

 

[ddtmm]

"Paranoid"... former FBI Director covers up his webcam, why is that ya think? Source: https://thehill.com/policy/national-security/295933-fbi-director-cover-up-your-webcam

The article is almost 4 years old but I tend to think the same way as you. If I remember correctly well before the FBI statement, Apple used to say there was no way to turn the camera on without the green LED. Not sure if the tech has changed since then but I think I would side with the FBI in this one.
[automerge]1595080191[/automerge]

Two pieces of paper and a paperclip will crack that screen if closed upon. Evan a staple will do it!

You shouldn't be stapling paper to your screen. That's what Stickies is for.

 

[Craptastic]

Ooooo £600 repair right there.

I know because I spoke to Apple today about my antiglare coating coming off my retina MacBook Pro. They won’t fix it under warranty and wanted £575.80 to sort the manufacturing defect out.

They can’t fix something under warranty that’s not under warranty. You had 4 (FOUR) years from the original purchase date to walk into an Apple store and have your display replaced. When you bought your Apple product, you adhered to the rules, stipulations, and consumer warranty protection laws. The quality program rules are posted on the website. I see nothing wrong here

 

[evacristina]

Funny, 100% of people I know who use a camera cover due to “privacy” concerns also use Google Chrome as their primary browser. Stupid is as stupid does...

 

[TiggrToo]

The laptop was infected with Blackshades (Windows malware).

So an 8 year old incident on a totally different operating system makes you concerned now?

I assume you also cover up the cameras on your phone and block the microphones?

Don’t get people pointing to folks like Zuk or the head of the FBI and using them as a reason to do this. Folks like that are extremely high dollar value targets.

Pretty sure that no one here is worth that these days, especially as there’s significantly more value to be made against use plebs with ransomware and exfiltrating data.

 

[2979382]

I always thought the point of the little green LED next to the camera was so you could tell at a moment's notice whether or not the camera is being utilized.

That is the point, indeed, but don't forget that these laptops are often open in offices and bedrooms, while the user is not actively using it, just sitting on a desk, bed, couch, etc. You will not notice the green light coming on, I can guarantee you that.

 

[Sill]

Funny, 100% of people I know who use a camera cover due to “privacy” concerns also use Google Chrome as their primary browser. Stupid is as stupid does...

ha ha... go into the Chrome threads here and read the many posts warning people to stay away from that browser. There's always one person who posts "I bet you use Safari or Firefox because of "privacy" concerns, but you forget to cover your camera.

Hmm...


Anyway, I have every single camera on my devices covered. Even the ones that are laying unused in drawers. I have never used Chrome on my personal machines, and I refuse to use it when I'm on customers' machines. One asked me to help her with some pretty substantial system issues, and when I saw she had Chrome installed, I told her she'd need to install Firefox before I'd work on the problem. She did, and the problem went away. I didn't charge her.

I like to collect browsers just to try different user experiences but I stay away from anything Chromium-based, and/or anything with Blink, V8, etc.

So, now you know one person who covers the camera and doesn't use anything from Google.
[automerge]1595124030[/automerge]

If you use a webcam cover, why? Can someone explain what they think someone is going to be looking at? I work at a large corporate company. If someone is hacking into our webcams we have much bigger issues.

Everyone seems to have one. People refuse to use their bloody cameras. I’ve joined a brand new team and I still haven’t met anyone on camera. Surely that defeats the bloody purpose of using video chats and cross company collaboration...

I would never participate in a video conference, whether it was for the job, or just family and friends. It sounds like a lot of your coworkers feel somewhat similar. As long as the work gets done, all is well. Maybe you should accept that and get past it?

Regarding what "someone is going to be looking at", well, you're thinking too small. Just as people think "I don't care who knows what I watch on Netflix, its nothing bad and I have nothing to hide" and don't realize exactly what info is getting traded out of their lives, there's a lot more to a glance at a single frame here and there from someone's web cam than just what's going on in the background. Please refer to my post earlier in this thread: #217

It was just twenty years ago that zombie botnets became a thing. Background processes on peoples' computers were hijacked, bots were installed in root, and distributed attacks from compromised machines became commonplace while the machine owners were none the wiser. Banks were hacked, utilities were disrupted, pranks were played. Money was also wasted, as well as taken.

Now, I'm pretty sure of two things :

1). Most if not all of the affected people had absolutely no intention of participating in criminal activity, and
2). Criminal activity did occur, to the tune of billions of dollars over time.

Those same criminal types who had no trouble gaining access to private citizens' computers to plant bots, and able to generate billions of dollars in damage as well as profit in theft - what could those kind of people do with access to a camera? Plenty of still frames of peoples' faces taken over days, weeks, months, in various lighting situations. The mics? Sample those voices under a wide range of circumstances, stresses, and seasons. Put it together with criminal intent and what do you get?

The word "deepfake" comes to mind.

Do you think ransomware is bad? Thats just a bank account being held, or a business site blocked. See how it goes when your very life is held for ransom. Most people who don't care about those cameras and mics also glibly post all the details of their daily lives on social media feeds. What would prevent someone from doing a perfect deepfake of you - voice as well as face - committing a crime, along with an incredible amount of evidence that dovetails into your media posts. A malicious party could wield such a fake to take you for everything you own with no fear of retribution. Or they could simply frame you for their crimes by adjusting the evidence to fit your life and placing you deep in the middle of those criminal activities.

This doesn't even hold a candle to the potential harm that could arise from our government adopting a social credit score like China has in place, and the deep fake being used as one tool to administer it. If you think it won't happen here, sorry to tell you it already has started in the private sector. VISA has begun blacklisting people who hold outspoken conservative views as of June of this year. How long until the government does it?

So when people say to me "what do you have to hide?" I say, "My life".

 

[LillDrutten]

Tell that to Snowden.

Oh yeah, it's Apple. They're not in the government's hip pocket. We can trust them.

🙄

Snowden is a pro. He uses linux, and even if has access to its source code it is needed
to take precaution. And assuming Apple is good guys and have no security issues with the
software, intentional or not; Then they use Intel that has been proven to have backdoors. Arm
too and they were intentional from someone. It was some years a go and I dont know how much
you can trust them today. And for there new arm soc's, it is not a standard Arm so it can
have new added or Apple could have disabled the standard ones. And then there all the DSP, AI
T2 and what ever. Checkpoint published 400 security problems with Qualcomm DSP and
they probably only find the easy ones...

 

[I7guy]

Snowden is a pro. He uses linux, and even if has access to its source code it is needed
to take precaution. And assuming Apple is good guys and have no security issues with the
software, intentional or not; Then they use Intel that has been proven to have backdoors. Arm
too and they were intentional from someone. It was some years a go and I dont know how much
you can trust them today. And for there new arm soc's, it is not a standard Arm so it can
have new added or Apple could have disabled the standard ones. And then there all the DSP, AI
T2 and what ever. Checkpoint published 400 security problems with Qualcomm DSP and
they probably only find the easy ones...

The only remedy is to get off the grid.

 

[foliovision]

As I understand it, those types of hacks do not work on MacBook family models with the T2 chip. So it could impact the current iMac (non-Pro).

I’m sure there’s a way to disable the T2 flag. It’s just a computer, not a magic box, with mystical security cloak.

 

[gctwnl]

As they said in the article the camera cannot be activated without the green indicator light being turned on and macOS gives you complete control over when and where your camera and microphones are used. So what's the point in that?

Because that protection is software and software is not 'hard', it might be hacked even if the chance is ver small. A physical cover is 100% secure, no room for error (unless you forget to close the cover, that is...). No software solution is 100% secure (though the T2 solution is pretty much secure in controlling the warning led).

 

[JustLilOlMe]

Maybe just use tape instead?

I put a tiny bandaid over mine when I got it years ago, but my macbook is old and has a metal edge surrounding the glass so the bandaid wouldn't damage it anyway. I guess the new ones do not have a raised edge...