Microsoft’s Windows operating systems have always had a reputation for being virus prone and about a secure as an open cookie jar at a weight watchers seminar. Bugs of every shape and size have found their way into the deep recesses of the platform. Some have been extremely malicious while others have just been downright humorous.
My favorite Windows viruses have always been the one that take advantage of users who have web cams attached to their machines. The best of these sneaky little bugs had the ability to activate the cams without their owners knowledge. Needless to say, many video are still circulating the interweb.
Being a Mac user, I have always been immune to issues of this nature. But I ran across a link today that has me wondering how much longer I can consider myself safe. Chris Adamson over at oreillynet.com has posted page the demonstrates a web page that has an embedded file that displays the feed from the surfer’s iSight cam. Users with iSight enabled computers can load the page and literally see the page looking back at them!
Though a little startling, this is not a bug in the Mac OS. The web page simply leverages the operating system to do something completely benign and harmless. No one else is looking at your iSight video feed. The browser is simply piping its internal video feed right back out to the users web page. What interests me is the ease with which Chris was able to add this content to his web page. If it was that easy to access OS X’s iSight subsystem, what keeps an enterprising AppleScript, shell-script, or virus from doing the same? Transmitting the feed to an off site server seems well within the realm of possibility.
To be clear, no such virus or malware exists for the Mac OS. And should some enterprising virus author decide to attempt such a malicious bug, it’s likely the OS X’s internal security mechanisms would prevent this sort of voyeurism. When Apple released the first iSight cams, the lenses were equipped with an iris mechanism that made it possible to actually close the camera lens and physically shutdown the camera. But with the release of the new portable MacBook and MacBook Pro computers, as well as the new iMacs, Apple saw fit the embed iSight cameras right into the computers display. It was a creative and powerful addition to the new machines. But this time Apple neglected to include a way to physically disable the camera lens!
Did Apple engineers have a nefarious goal in mind when they eliminated the iris on the latest generation of iSight enabled systems? I doubt it. It was simply a matter of practicality. The original iSight cams were large enough to easily include an iris mechanism to shutdown the camera. The iSights that are embedded in new computers are simply too small to include such mechanics. This just leaves me wondering how long it will be before we start seeing home videos circulating the web without their owners knowledge. The potential certainly exists, as Chris’s web page clearly illustrates.
Paranoid? Absolutely! But just because you’re paranoid, it doesn’t mean they’re not watching you! :-)