iSeeYou: Disabling the MacBook Webcam Indicator LED

https://jscholarship.library.jhu.edu/handle/1774.2/36569
Author: Brocker, Matthew; Checkoway, Stephen
Abstract: The ubiquitous webcam indicator LED is an important privacy feature which provides a visual cue that the camera is turned on. We describe how to disable the LED on a class of Apple internal iSight webcams used in some versions of MacBook laptops and iMac desktops. This enables video to be captured without any visual indication to the user and can be accomplished entirely in user space by an unprivileged (non- root) application. The same technique that allows us to disable the LED, namely reprogramming the firmware that runs on the iSight, enables a virtual machine escape whereby malware running inside a virtual machine reprograms the camera to act as a USB Human Interface Device (HID) keyboard which executes code in the host operating system. We build two proofs-of-concept: (1) an OS X application, iSeeYou, which demonstrates capturing video with the LED disabled; and (2) a virtual machine escape that launches Terminal.app and runs shell commands. To defend against these and related threats, we build an OS X kernel extension, iSightDefender, which prohibits the modification of the iSight’s firmware from user space.
Date: 2013-12-11 Series: Department of Computer Science, December 2013;
Technical Report 13-02

Harriton High School Used Apple Laptop Webcams To SPY On Students At Home

The school district acknowledged it took nearly 60,000 snapshots from student computers, without their knowledge, from September 2008 to February 2010. The district has admitted that the LANrev system it used had a program called TheftTrack that could snap webcam photos, take screenshots and record IP addresses every 15 minutes.

Obama’s Secret Attempt to Ban Cellphone Unlocking, While Claiming to Support It

By Derek Khanna
http://www.slate.com/blogs/future_tense/2013/11/18/tpp_wikileaks_white_house_claims_to_support_cellphone_unlocking_but_treaty.html
Last week, WikiLeaks made public a portion of a treaty that the White House has been secretly negotiating with other nations and 600 special interest lobbyists. The draft of the Trans-Pacific Partnership Treaty, which is on intellectual property, shows that HealthCare.gov isn’t the only tech topic on which the Obama administration has some serious explaining to do.
The White House claims that it supports copyright reform. It should be in favor of remaking the framework, because today’s copyright system is a mess: It grants protection that is too long (70 years or more), fair use is notoriously unclear and vague, and statutory damage laws create a massive deterrent to lawful creation. Economists and scholars argue that modern copyright, as opposed to constitutional copyright, greatly impedes innovation and content creation. But the TPP, which is being negotiated by 11 countries, would be a step in the completely wrong direction.
In its present state, treaty would expand copyright and effectively make real reform impossible. Worse, it would essentially disregard constitutional limitations on copyright and reject pillars like fair use, the first-sale doctrine, and having copyright be for “limited times.” The worst part: While the White House was publicly proclaiming its support of cellphone unlocking, it was secretly negotiating a treaty that would ban it.
Cellphone unlocking is the ability to take a phone and alter its settings so that it can be used on other carriers. Essentially this technology allows a consumer to bring her phone from one carrier to another when her contract expires (if technologies are compatible). In January, following appeals by AT&T/Verizon’s main trade association, the Librarian of Congress issued a ruling making unlocking a felony punishable by five years in prison and a $500,000 fine. This was a terrible idea: Economists and market participants have explained that this ruling would result in reduced competition in the industry, a decimated resale market, and restricted consumer rights. And indeed the impact has been devastating.
At the time, I spearheaded an unpaid national campaign to legalize unlocking, which included a White House “We the People” petition (I wrote a bit about our campaign here). Our petition reached 114,000 signatures, and the White House responded in favor of cellphone unlocking:
“The White House agrees with the 114,000+ of you who believe that consumers should be able to unlock their cell phones. … It’s common sense, crucial for protecting consumer choice, and important for ensuring we continue to have the vibrant, competitive wireless market that delivers innovative products and solid service to meet consumers’ needs.”
The FCC came out in favor of our petition, as did numerous outside groups such as Freedomworks, Public Knowledge, R Street and the editorial boards of the New York Times and the Washington Examiner. We were unable to find a single group, or Member of Congress, that was in favor of unlocking being a felony. But somehow, while a number of bills were introduced, none passed, and the one that had widespread support, H.R. 1892, never received a hearing or was brought up for a vote.
The leaked treaty draft shows that while the White House was championing restoring free market principles to phones, the U.S. proposed that the TPP lock in the process that allowed the Librarian of Congress to rule this technology as illegal through international law. This would make potential reforms like H.R. 1892 impossible.* It should be noted that Canada did submit an amendment proposal that could allow unlocking, but neither the United States nor any other country supported it.
But the TPP draft doesn’t stop there. It would ban numerous other technologies that have beneficial uses. In particular, the legislation would ensure that jailbreaking—which is installing a different operating system on your phone, tablet, or e-reader—is illegal. It’s already on precarious ground in the United States, but under TPP it would be illegal in all circumstances. What type of nation would arrest 23 million people for installing a different operating system on their own device?
This treaty is still being negotiated, so all of these issues could be addressed in the final text, but so far what has been made public demonstrates a massive and nearly unprecedented power grab by special interests rather than sound public policy considerations.
This treaty has long been shrouded in unprecedented secrecy. Congressional staff, press and general public weren’t allowed to read it; in many cases, even members of Congress were kept in the dark. Meanwhile, special interests were given full access. Now we know why: The White House didn’t want the public to know what was being negotiated in their name.
Correction, Nov 18, 2013: This blog post originally misstated effect of the U.S. proposal to TPP.
< — >
http://www.slate.com/blogs/future_tense/2013/11/18/tpp_wikileaks_white_house_claims_to_support_cellphone_unlocking_but_treaty.html

Another FISC judge: “NSA exceeded the scope of authorized acquisition continuously”

Judge: “NSA exceeded the scope of authorized acquisition continuously”

New declassifed documents show legal arguments over bulk metadata collection.

by Cyrus Farivar – Nov 19 2013, 1:36am EST
Yet another Foreign Intelligence Surveillance Court (FISC) judge has blasted United States government and intelligence officials for disregarding the court’s guidelines for domestic surveillance of American e-mail metadata traffic, a program that ran for around a decade before ending in 2011.
“As noted above, [National Security Agency’s] record of compliance with these rules has been poor,” wrote Judge John D. Bates, in a 117-page opinion (PDF) whose date was redacted. The opinion is one of was just one of a series of documents released and declassified late Monday evening by the Office of the Director of National Intelligence (ODNI).
“Most notably, NSA generally disregarded the special rules for disseminating United States person information outside of NSA until it was ordered to report such disseminations and certify to the FISC that the required approval had been approved. The government has provided no meaningful explanation why these violations occurred, but it seems likely that widespread ignorance of the rules was a contributing factor.”
The documents, which include annual reports from the Attorney General to Congress, memos, presentations, and training documents, were released in relation to an Electronic Frontier Foundation lawsuit. The second batch was released in September 2013, and the first in August 2013. In total, ODNI says it has now released nearly 2,000 new documents in recent months.
“Release of these documents reflects the Executive Branch’s continued commitment to making information about this intelligence collection program publicly available when appropriate and consistent with the national security of the United States,” James Clapper, the head of the ODNI, wrote on Monday.
“Additionally, they demonstrate the extent to which the Intelligence Community kept both Congress and the Foreign Intelligence Surveillance Court apprised of the status of the collection program under Section 215 [of the Patriot Act]. Some information has been redacted because these documents include discussion of matters that continue to be properly classified for national security reasons and the harm to national security would be great if disclosed.”
The Bates opinion is the second of the two most revealing documents in this new tranche. The first, written by FISC Judge Colleen Kollar-Kotelly, responds to a government request that allows the NSA to use pen register and trap and trace devices (“pen/trap devices”) as a way to access metadata on electronic communication. She granted approval for the bulk surveillance, but laid out specific guidelines.
The subsequent second FISC opinion, authored by Judge Bates, is in response to a government request that aimed to expand the metadata collection program by “11-24 times.” Bates slams the government for not adhering to its guidelines, but “reluctantly” allows them to continue, citing deference to the Executive Branch (and intelligence agencies, like the NSA, whose powers are granted through the Reagan-era Executive Order 12333). In the opinion, Judge Bates appears unwilling or unable to meaningfully punish any government officials despite clear violations of the court’s prior orders.
“I see a lot of similarities between the Bates opinion and the Walton opinion,” Mark Rumold, a staff attorney at the Electronic Frontier Foundation, told Ars. Rumold was referring to a 2009 opinion by FISC Judge Reggie Walton, who equally lambasted the government.
“It’s essentially the same thing, FISC taking NSA and [the Department of Justice] to task for violating their orders, for accessing more information than they were allowed to access under the orders and laying out under the ways that they had violated the court’s orders, [but then] letting them continue,” Rumold added. “The executive branch has pushed the judiciary so far and hopefully now we’re at that tipping point that the judiciary is comfortable with and they’ll start pushing back on executive misrepresentations.”
Not your father’s pen/trap application
The Kollar-Kotelly opinion (PDF) describes her response to a government application that “seeks authority for a much broader type of collection than other pen register/trap and trace applications,” compared to what had previously been done before.
As we’ve reported in the past, pen/trap devices are a type of legal order that has recently skyrocketed in use in the US. Originally designed to apply to telephone companies, they are now being increasingly applied to tech companies as a way to capture user metadata, too. Of the total number of American law enforcement orders that it received in six months, Google said recently that 2 percent of those were pen/trap orders.
Applied to a Google user, for example, a pen register would likely record who that user was sending e-mail to. A corresponding “trap and trace order” would likely include metadata from e-mails received, likely including date, time, IP address, and other routing information. It could also include attachments, and perhaps even—if broadly interpreted enough—anything but the actual content of an e-mail. Secure e-mail service Lavabit recently received such an order prior to its shutdown.
In the Monday night Tumblr post, the ODNI defined this program this way:
http://arstechnica.com/tech-policy/2013/11/judge-nsa-exceeded-the-scope-of-authorized-acquisition-continuously/

Seattle Police snooping with Aruba Networks mesh WiFi system

Seattle Police have deployed a Aruba Networks mesh WiFi system. What’s interesting is it may well be snorting MAC addresses from every passing device; Aruba advertises that feature.
And when asked:
The SPD declined to answer more than a dozen questions
from The Stranger, including whether the network is
operational, who has access to its data, what it might
be used for, and whether the SPD has used it (or intends
to use it) to geo-locate people’s devices via their MAC
addresses or other identifiers.
Seattle Police detective Monty Moss, one of the
leaders of the mesh-network project—one part of
a $2.7 million effort, paid for by the Department
of Homeland Security—wrote in an e-mail that the
department “is not comfortable answering policy
questions when we do not yet have a policy.”
But that didn’t stop them from deploying it without one.
“Sentence First, Verdict Later” comes to mind.
Aruba also sells a software product called “Analytics
and Location Engine 1.0.” According to a document Aruba
has created about the product, ALE “calculates the location
of associated and unassociated wifi devices… even though
a device has not associated to the network, information
about it is available. This includes the MAC address,
location, and RSSI information.”
http://www.thestranger.com/seattle/you-are-a-rogue-device/Content?oid=18143845