digg

Join DiggAbout

Discover and share the best of the web!
Learn more about Digg by taking the tour.

Scary iSight Trick

josephcrawford.com — So as you might see to the left (if you have an iSight) you can see that it was turned on and can be viewed remoetly.  All i am doing is displaying it back to you but….  What could someone else do with this?  It is actually very simple to do.  If you have the [...]

Bury
show profanity settings
expand all
  • spudicus, on 10/12/2007, -4/+20Ack. Beware. It caused a kernal panic on my Mac Book Pro. It does work though which is even more scary.
    • Sblader5, on 10/12/2007, -4/+10already down

      http://www.duggmirror.com
    • sych0, on 10/12/2007, -3/+34clean your ***** pastes guys.

      edit: and it worked fine for me
    • dotuplink, on 10/12/2007, -20/+1






    • monkeybutler, on 10/12/2007, -1/+3Is there any trick to covering the lens? I know you can use anything, but id pay a few bucks for something discrete.
    • TheBigBrother, on 10/12/2007, -0/+1Big Brother is watching you all!
    • swensnt, on 10/12/2007, -5/+2Hah! This is old hat. When I was a budding young software engineer at Motorola, we used to turn on the microphone on X-Windows workstations in conference rooms so as to "listen in" on our betters. That had to be 15 years ago.

    • JeremyBanks, on 10/12/2007, -4/+15This crashed Firefox on my PC!
    • LtCarter47, on 10/12/2007, -0/+11"Is there any trick to covering the lens?"

      Use a mirror, the guy spying on you will look right back at himself! muhahahaha!!
    • doctabu, on 10/12/2007, -0/+4Here's another little trick using the same idea:

      http://doctabu.com/trailer.html
    • f3l1x, on 10/12/2007, -1/+0Someone or the same guy did this already.. did he rip it off or what? its marked for 11/11 but the words and the procedure are someone elses/old.
    • rasterbator, on 10/12/2007, -0/+1Note to self: make .25" x .25" black sticker sheets
    • f3l1x, on 10/12/2007, -2/+0
      OLD OLD OLD

      note your effing sources.

      http://www.oreillynet.com/lpt/wlg/7409
    • f3l1x, on 10/12/2007, -0/+0look at me.. I missed your link to the original page... I was more pissed that people let this stuff become a big deal over and over again.. this has been posted here before and people go nuts every time. It gets old as ***** after a while. and everyone going hey give this guy props.... for what? repeating the repeated? Ugg.. I need sleep.
  • codebowl, on 10/12/2007, -1/+17sorry about the kernel panic, it works flawlessly here and has not crashed my system. However i notice if you leave it unattended it freezes the video.
  • rooskie, on 10/12/2007, -0/+37that's tantamount to putting a link to "c:" on a web page. very cool though.
    • scabbers, on 10/12/2007, -6/+22There was an IE exploit once that made it appear to the user their C: drive was displayed on the webpage, and it caused more than a few people I tried it on to FREAK OUT. Made me wonder what the hell they had on their C: drive to cause such panic ;)
    • illicium, on 10/12/2007, -1/+18It's not an "exploit," just an iframe that displays file:///C:
    • warragul, on 10/12/2007, -12/+2If you take a look at what Flash is doing (right-click on an advert) you'll find that your video and audio are available to anyone by default.
      Much scarier...
  • nmeadata, on 10/12/2007, -18/+5Didn't work in firefox.
    • neophenix, on 10/12/2007, -2/+11Worked for me in Firefox 2.0 on a C2D MBP
    • r0ck3tm4nn, on 10/12/2007, -0/+13Works in firefox and safari for me on my Macbook...
    • wqwert, on 10/12/2007, -1/+3works with FF 2.0 intel mini 10.4.8
    • m0laria, on 10/12/2007, -12/+3crashed my FF2.0 in xp, but I don't have an iSight or mac.
    • harshbarj, on 10/12/2007, -1/+9Also crashed my pc(xp) running firefox 2.0. if you have a pc don't click the link (unless you like crashing your browser).
    • flarn2006, on 10/12/2007, -0/+4crashed mine too, again ff 2.0 on xp home
      guess its safe to say ff 2.0 on xp crashes with this page
    • bluflame, on 10/12/2007, -0/+2Worked on my MB Core Duo with Opera9.
  • koregaonpark, on 10/12/2007, -8/+2@ codebowl: Visiting your site in Safari on Mac OS X 10.4.8 causes my browser to crash. I have tried going there multiple times. Doesn't work. I've sent a report to Apple, but I thought I should let you know too.

    Cheers, hope it starts working again soon..
  • alej744, on 10/12/2007, -18/+5Um? A black square -- that is scary.
  • 5555, on 10/12/2007, -2/+6Worked in Safari on my MacBook. Cool!
  • flamingmb, on 10/12/2007, -6/+2site is already down.
  • xshaisu, on 10/12/2007, -2/+32It's viewed locally, not remotely you dolt.
    • ronaldpoi, on 10/12/2007, -0/+6Indeed... and it have no real use, except you're brushing your teeth...
  • del4, on 10/12/2007, -10/+3 and en bee es pee semi!!!
  • Electric_Sheep, on 10/12/2007, -25/+5Yeah, it's viewed remotely only.

    And my mac book pro iSight light indicator turned to green the moment the page opened.

    Running Firefox 2.0
    • DaffyDuck, on 10/12/2007, -0/+30"it's viewed remotely only"

      locally.
    • Electric_Sheep, on 10/12/2007, -5/+14@DaffyDuck.

      Sorry, you're right. My mistake. No idea why i wrote that. Digg up for you. :)
  • JuyLe, on 10/12/2007, -2/+7Wow it works ! Would there be a way to see remotly via a web-interface what's your isight is seeing (like when you are at work, see what's happening at home) ?
    • ToeCheese, on 10/12/2007, -1/+7@JuyLe:

      yes you can do this by writing a simple CGI (Cocoa or Applescript) but remember that you are then leaving your machine open for others to view it.

      If you need a snapshot every few secs then use Automator.
  • magicmarc, on 10/12/2007, -2/+62bury. someone beat me to duggmirror link.
    • bakagaigin, on 10/12/2007, -3/+27Ha! We tricked you, now you will never be buried!!!!
    • magicmarc, on 10/12/2007, -1/+3I think that was my most dugg comment ever. Sad that.
  • sionix, on 10/12/2007, -4/+1very neat.
  • xtr3m, on 10/12/2007, -5/+10It simply crashed my crash-prone Firefox 2.
    Not really scary, just inconvenient.
  • k4st, on 10/12/2007, -4/+2The oreilly link was on digg a few months ago, cool nevertheless.
  • pinkgreenblue, on 10/12/2007, -13/+2Does this mean that someone could use that code and save a picture of me on his server/website?
    • MediaShipper, on 10/12/2007, -3/+41nobody wants a picture of you
    • nlogax, on 10/12/2007, -0/+1No. As stated repeatedly, it's only viewable locally.
      Just a fancier version of something like <img src="file:///Path/To/Local/Image.jpg" />.
  • guttertrash, on 10/12/2007, -8/+1doesnt work in [an upcoming version of osx]
    tried firefox 2 safari and camino
    • FluffyArmada, on 10/12/2007, -1/+3Umm... If you're talking about Leopard, if definitely does work. At least in Safari. I'd check in Firefox, but the site is down. 
  • ObiusX, on 10/12/2007, -0/+13Not worried, my green light turns on.
  • Fullmoon, on 10/12/2007, -4/+22codebowl, you are an idiot - get a clue.

    This completely unscary iSight trick does simply show you a picture of your isight input via Quicktime. It does not allow anyone to see this pictures, except for you.

    Inaccurate.
    • progpen, on 10/12/2007, -15/+5@Fullmoon

      You are redundant - get a clue.
    • wilsgrant, on 10/12/2007, -10/+3And you are being redundant by pointing out the fact that he is being redundant, as we all know the redundancy of his comment by this point.
      Am I being redundant? Is talking about redundancy at this point redundant?
  • jchalmer85, on 10/12/2007, -2/+4Fear mongering aside, there is a method of capturing iSight output locally and using a script to send that file to a remote server. There is a command line util. called isightcapture (google it) that allows for scripted dumps of the isight output (without triggering the green light) and would then allow that information to be passed to a server without the user knowing. This does predicate the file being placed and run on the machine with the right privileges, but aside from that, yes, there are ways to send your isight image off your local computer.
    • t3hX, on 10/12/2007, -0/+4The green light DOES trigger. It just blinks quickly as it is turned on and off.
    • haobaba1, on 10/12/2007, -1/+2There are other scripts called video chat in Skype and iChat.
  • noliberalbull, on 10/12/2007, -1/+9It's old (I saw this at least a year ago), and its being played locally, not through the network. It's therefor a gimmick. No Digg
  • thegenome, on 10/12/2007, -0/+3lol...whats wrong with this...the green light switches on whenever the iSight is connected to anyway...and if you have something like photobooth open the iSight camera cant be reached anyway...so its not that worrying at all.
    • MediaShipper, on 10/12/2007, -5/+4Cuuuuuuuz....iSight cams are built into MacBooks, you can't just pull the cable out
    • thegenome, on 10/12/2007, -3/+3I have a macbook...now read the comment again...
  • darkamster07, on 10/12/2007, -2/+3I don't have an Isight and I also don't have the right plug-ins, lol
    BTW, the description for this article is horrible
  • drbroccoli, on 10/12/2007, -1/+38But do not fear! I have a security patch!
    1. Take a piece of duct tape.
    2. Put it over your camera.
    Hehe. Patch.
    • FluffyArmada, on 10/12/2007, -2/+4Ahh. :) An old fashioned security patch. 
    • dumbkiwi, on 10/12/2007, -3/+21No, an i-Patch ...
    • dj_sea2005, on 10/12/2007, -3/+7I tried to do that with some tape, then i wondered why it didn't work.

      turns out, it helps if the tape is NOT see-through.
    • TheRealStyro, on 10/12/2007, -0/+4A standard business card folded twice and placed over the camera in the imac. Slides out of the way if you ever want to use the camera.
  • phpfreak, on 10/12/2007, -2/+3wasn't this on the front page a while back?
  • eschompthis, on 10/12/2007, -1/+2Danm thats crazy but at least you will be able to figure it out by the green light turning on.
  • kingace, on 10/12/2007, -1/+3What exactly *could* someone do with this that would be malicious?
    • FluffyArmada, on 10/12/2007, -0/+17Show ugly people what they look like?
    • ahknight, on 10/12/2007, -0/+3Nothing. It's just loopback video. There's no way to get to it remotely, or save it, or send it, etc.
    • CarbonFree, on 10/12/2007, -1/+9Advertisers of anti-virus software (Usually the shady anti-virus software) try to prey on unsuspecting people to make them think their computer is infected, through things such as fake popups and the sort. People looking back at themselves on the screen and being told, "Anybody could be watching you! Get our anti-virus software NOW!" would freak out many, if not most, people. This _is_ a big issue.
  • raptordrew, on 10/12/2007, -2/+6....What the ***** is the description of this article saying?!?!?!?!?!
    • titlesaysitall, on 10/12/2007, -1/+5All your base are belong to us?
    • davecor, on 10/12/2007, -1/+0Hard to say what the author was trying to say...

      I'm getting tired of people who start sentences with "So". What the hell does THAT mean?
      I know who is behind it... Paul Thurott. If you listen to any interviews with him, he starts almost EVERY sentence with "So..."

      Once you start really paying attention to what people say, you realize they often have no clue why they say what they do ;)

  • mercurysquad, on 10/12/2007, -1/+3Did the submitter actually bother to check the preview before submitting??
    What's up with the & nbsp's and #8139 blahblah ? What browser were you using to copy-paste the description ?
  • fusioned, on 10/12/2007, -2/+3OLD.

    Submitted MONTHS back. Originally from an O'Reilly blog. Lame.
  • BlackAdderIII, on 10/12/2007, -0/+1The functionality used in the page is an intentionally implemented feature, and does not involve any remote access to the video equipment at all.

    Inaccurate.
  • capitocapito, on 10/12/2007, -0/+1I think we have just hit every "bury" possibility in one news article.
  • Sujay, on 10/12/2007, -0/+1For a neatier environment to look at it, I set this up:

    http://www.isujay.com/temp/screencast/

    (just like the article's site, it may sometimes crash in safari, but will always work in camino)
  • matt.rubin, on 10/12/2007, -0/+2it froze my firefox on a pc :b
  • pepelemoko, on 10/12/2007, -0/+1at least the little green light that comes on
  • nutjob, on 10/12/2007, -0/+1interesting... I've been playing with my laptop's built in isight camera and the Apache install on the machine - getting it to take a new photo everytime you hit special page.
    I'm thinking of documenting the process if anyone is interested?
    It's amusing having the light come on every now and then, especially when you're picking your nose etc. but it certainly makes for a workable webcam solution.
  • thekak, on 10/12/2007, -0/+4And it also crashes FF on PC, yay!
  • macbookpromat, on 10/12/2007, -0/+1I don't see how this is scary, I thinks it's awesome!
  • ZheAldo, on 10/12/2007, -0/+2Hey guys?

    That trick doesn't submit any stream or feed. There's no output at all. You can watch no iSight but yours. Nobody can stare through your cam, but yourself!

    The real threat is being sniffed while videoconferencing, but that doesn't bother anyone. Strange, isn't it?
  • yakoff, on 10/12/2007, -2/+1Is it safe to assume that Apple is now aware of a security issue? I suspect google might already be aware of it. At some point in the video area they ask if you are willing to give them access to your camera and microphone. That would imply that they can access them - Windows and Mac.
  • Cardiakke, on 10/12/2007, -1/+1This is lame.
  • stanleyfresh, on 10/12/2007, -0/+2...Every bond you break, every step you take, Jobs is watchin you.

    Seriously, this kinda thing is a bit scary.
  • LtCarter47, on 10/12/2007, -0/+1Not too worried about this. The green light is really obvious and it's something I notice right away when I open something like an audio recording program and it's showing levels from my stand-alone isight. The MacBook is even easier since it's right there in the bezel.
  • boran, on 10/12/2007, -0/+1buried as inaccurate fearmongering.
  • SVPirate, on 10/12/2007, -0/+1Cool trick, not exactly scary tho :P

    I really like how Apple make is simple to do seemingly complex stuff like this. I would have to think hard about an application for such a function, I guess you could use it in a widget, to take quick personal portarits? Perhaps of more use to Application developers than web designers, but hey.
  • daveschroeder, on 10/12/2007, -0/+3The iSight "hijack" is nothing more than a QuickTime movie embedded in a web page that displays the locally-attached iSight on the local computer. This has nothing to do with the internet or the web just because it appears in a web page. This is a feature of the iSight, and QuickTime movies can easily be embedded in web pages. The fact that it's a QuickTime movie that displays the output of a locally attached iSight is incidental.

    To be clear, this only allows a locally-attached iSight to be viewed locally. For someone to view this content remotely, they'd have to already have compromised and have control over your machine, something that we know from experience isn't likely. (Also, even if a machine was completely compromised, there would be hurdles to viewing the content remotely, live, easily. But if the machine was completely compromised and could be controlled remotely, essentially anything could be done with it. But that's a pretty high bar: the machine still needs to be compromised and able to be remotely controlled.)

    If someone is really paranoid, iSight video digitization can be disabled completely by removing:

    /System/Library/QuickTime/QuickTimeUSBVDCDigitizer.component
    /System/Library/Extensions/Apple_iSight.kext

    Incidentally, this is a way to disable the iSight on managed machines in settings where camera use is not desired.

    However, if someone compromises your machine, which would be the only scenario in which someone could remotely view your iSight, obviously those items can simply be re-added. The point is that for this to be interesting, it requires the machine to be compromised. Otherwise, it's just displaying the local iSight to the local user.

    Regards,

    Dave Schroeder
    University of Wisconsin - Madison
    das@doit.wisc.edu
    http://das.doit.wisc.edu/
  • dimplemonkey, on 10/12/2007, -0/+1This is hilarious! I went to see if this hack worked and it actually hijacked the TV feed off of my Miglia TV card. So... potentially, I could create a makeshift "slingbox" out of my Mac and watch TV remotely?
  •  

    Login or register to add a comment

    Create a new account or login to join in the conversation on Digg. You'll also be able to Digg stories to help promote things you like.


© Digg Inc. 2008 — Content posted by Digg users is dedicated to the public domain.
DIGG, DIGG IT, DUGG, DIGG THIS, Digg graphics, logos, designs, page headers, button icons, scripts, and other service names are the trademarks of Digg Inc.