digg

Facebook Connect Join Digg About

Scary iSight Trick

josephcrawford.com So as you might see to the left (if you have an iSight) you can see that it was turned on and can be viewed remoetly.  All i am doing is displaying it back to you but….  What could someone else do with this?  It is actually very simple to do.  If you have the [...]

Who dugg this? Made popular Nov 12, 2006

Digg DudeWhat is Digg?

Digg is a place for people to discover and share content from anywhere on the web. Digg surfaces the best stuff as submitted and voted on by the community. Take the Tour to learn more.

102 Comments

show profanity settings
expand all
  • magicmarc, on 10/12/2007, -2/+62bury. someone beat me to duggmirror link.
  • MediaShipper, on 10/12/2007, -3/+41nobody wants a picture of you
  • drbroccoli, on 10/12/2007, -1/+38But do not fear! I have a security patch!
    1. Take a piece of duct tape.
    2. Put it over your camera.
    Hehe. Patch.
  • rooskie, on 10/12/2007, -0/+37that's tantamount to putting a link to "c:" on a web page. very cool though.
  • sych0, on 10/12/2007, -3/+34clean your ***** pastes guys.

    edit: and it worked fine for me
  • inactive, on 10/12/2007, -2/+32It's viewed locally, not remotely you dolt.
  • DaffyDuck, on 10/12/2007, -0/+30"it's viewed remotely only"

    locally.
  • bakagaigin, on 10/12/2007, -3/+27Ha! We tricked you, now you will never be buried!!!!
  • scabbers, on 10/12/2007, -4/+24It might be useful in a social engineering attack. I suppose.
  • Fullmoon, on 10/12/2007, -4/+22codebowl, you are an idiot - get a clue.

    This completely unscary iSight trick does simply show you a picture of your isight input via Quicktime. It does not allow anyone to see this pictures, except for you.

    Inaccurate.
  • dumbkiwi, on 10/12/2007, -3/+21No, an i-Patch ...
  • codebowl, on 10/12/2007, -1/+17sorry about the kernel panic, it works flawlessly here and has not crashed my system. However i notice if you leave it unattended it freezes the video.
  • FluffyArmada, on 10/12/2007, -0/+17Show ugly people what they look like?
  • illicium, on 10/12/2007, -1/+18It's not an "exploit," just an iframe that displays file:///C:
  • scabbers, on 10/12/2007, -6/+22There was an IE exploit once that made it appear to the user their C: drive was displayed on the webpage, and it caused more than a few people I tried it on to FREAK OUT. Made me wonder what the hell they had on their C: drive to cause such panic ;)
  • spudicus, on 10/12/2007, -4/+20Ack. Beware. It caused a kernal panic on my Mac Book Pro. It does work though which is even more scary.
  • ObiusX, on 10/12/2007, -0/+13Not worried, my green light turns on.
  • inactive, on 10/12/2007, -0/+13Works in firefox and safari for me on my Macbook...
  • LtCarter47, on 10/12/2007, -0/+11"Is there any trick to covering the lens?"

    Use a mirror, the guy spying on you will look right back at himself! muhahahaha!!
  • JeremyBanks, on 10/12/2007, -4/+15This crashed Firefox on my PC!
  • neophenix, on 10/12/2007, -2/+11Worked for me in Firefox 2.0 on a C2D MBP
  • Electric_Sheep, on 10/12/2007, -5/+14@DaffyDuck.

    Sorry, you're right. My mistake. No idea why i wrote that. Digg up for you. :)
  • harshbarj, on 10/12/2007, -1/+9Also crashed my pc(xp) running firefox 2.0. if you have a pc don't click the link (unless you like crashing your browser).
  • noliberalbull, on 10/12/2007, -1/+9It's old (I saw this at least a year ago), and its being played locally, not through the network. It's therefor a gimmick. No Digg
  • inactive, on 10/12/2007, -1/+9Advertisers of anti-virus software (Usually the shady anti-virus software) try to prey on unsuspecting people to make them think their computer is infected, through things such as fake popups and the sort. People looking back at themselves on the screen and being told, "Anybody could be watching you! Get our anti-virus software NOW!" would freak out many, if not most, people. This _is_ a big issue.
  • ToeCheese, on 10/12/2007, -1/+7@JuyLe:

    yes you can do this by writing a simple CGI (Cocoa or Applescript) but remember that you are then leaving your machine open for others to view it.

    If you need a snapshot every few secs then use Automator.
  • livet0ski, on 08/17/2009, -4/+10already down

    http://www.duggmirror.com
  • ronaldpoi, on 10/12/2007, -0/+6Indeed... and it have no real use, except you're brushing your teeth...
  • TheQwe, on 10/12/2007, -0/+5@rhizome: The guy merely thinks it can be viewed remotely. If it can, then it's most certainly a bug, not a feature.

    For now, it's just a "neat" trick to freak people out.
  • xtr3m, on 10/12/2007, -5/+10It simply crashed my crash-prone Firefox 2.
    Not really scary, just inconvenient.
  • JuyLe, on 10/12/2007, -2/+7Wow it works ! Would there be a way to see remotly via a web-interface what's your isight is seeing (like when you are at work, see what's happening at home) ?
  • t3hX, on 10/12/2007, -0/+4The green light DOES trigger. It just blinks quickly as it is turned on and off.
  • titlesaysitall, on 10/12/2007, -1/+5All your base are belong to us?
  • raptordrew, on 10/12/2007, -2/+6....What the ***** is the description of this article saying?!?!?!?!?!
  • TheRealStyro, on 10/12/2007, -0/+4A standard business card folded twice and placed over the camera in the imac. Slides out of the way if you ever want to use the camera.
  • doctabu, on 10/12/2007, -0/+4Here's another little trick using the same idea:

    http://doctabu.com/trailer.html
  • inactive, on 10/12/2007, -2/+6Worked in Safari on my MacBook. Cool!
  • thekak, on 10/12/2007, -0/+4And it also crashes FF on PC, yay!
  • flarn2006, on 10/12/2007, -0/+4crashed mine too, again ff 2.0 on xp home
    guess its safe to say ff 2.0 on xp crashes with this page
  • dj_sea2005, on 10/12/2007, -3/+7I tried to do that with some tape, then i wondered why it didn't work.

    turns out, it helps if the tape is NOT see-through.
  • daveschroeder, on 10/12/2007, -0/+3The iSight "hijack" is nothing more than a QuickTime movie embedded in a web page that displays the locally-attached iSight on the local computer. This has nothing to do with the internet or the web just because it appears in a web page. This is a feature of the iSight, and QuickTime movies can easily be embedded in web pages. The fact that it's a QuickTime movie that displays the output of a locally attached iSight is incidental.

    To be clear, this only allows a locally-attached iSight to be viewed locally. For someone to view this content remotely, they'd have to already have compromised and have control over your machine, something that we know from experience isn't likely. (Also, even if a machine was completely compromised, there would be hurdles to viewing the content remotely, live, easily. But if the machine was completely compromised and could be controlled remotely, essentially anything could be done with it. But that's a pretty high bar: the machine still needs to be compromised and able to be remotely controlled.)

    If someone is really paranoid, iSight video digitization can be disabled completely by removing:

    /System/Library/QuickTime/QuickTimeUSBVDCDigitizer.component
    /System/Library/Extensions/Apple_iSight.kext

    Incidentally, this is a way to disable the iSight on managed machines in settings where camera use is not desired.

    However, if someone compromises your machine, which would be the only scenario in which someone could remotely view your iSight, obviously those items can simply be re-added. The point is that for this to be interesting, it requires the machine to be compromised. Otherwise, it's just displaying the local iSight to the local user.

    Regards,

    Dave Schroeder
    University of Wisconsin - Madison
    das@doit.wisc.edu
    http://das.doit.wisc.edu/
  • wqwert, on 10/12/2007, -1/+3works with FF 2.0 intel mini 10.4.8
  • ahknight, on 10/12/2007, -0/+3Nothing. It's just loopback video. There's no way to get to it remotely, or save it, or send it, etc.
  • magicmarc, on 10/12/2007, -1/+3I think that was my most dugg comment ever. Sad that.
  • jchalmer85, on 10/12/2007, -2/+4Fear mongering aside, there is a method of capturing iSight output locally and using a script to send that file to a remote server. There is a command line util. called isightcapture (google it) that allows for scripted dumps of the isight output (without triggering the green light) and would then allow that information to be passed to a server without the user knowing. This does predicate the file being placed and run on the machine with the right privileges, but aside from that, yes, there are ways to send your isight image off your local computer.
  • matt.rubin, on 10/12/2007, -0/+2it froze my firefox on a pc :b
  • monkeybutler, on 10/12/2007, -1/+3Is there any trick to covering the lens? I know you can use anything, but id pay a few bucks for something discrete.
  • FluffyArmada, on 10/12/2007, -2/+4Ahh. :) An old fashioned security patch. 
  • ZheAldo, on 10/12/2007, -0/+2Hey guys?

    That trick doesn't submit any stream or feed. There's no output at all. You can watch no iSight but yours. Nobody can stare through your cam, but yourself!

    The real threat is being sniffed while videoconferencing, but that doesn't bother anyone. Strange, isn't it?
  • stanleyfresh, on 10/12/2007, -0/+2...Every bond you break, every step you take, Jobs is watchin you.

    Seriously, this kinda thing is a bit scary.
  • Fetching more discussions...
    Show 51 - 100 of 104 discussions

  • Add a Comment

    Login or register to comment!
    Or, sign-in super fast with your Facebook account ...


© Digg Inc. 2009 — Content created and posted by Digg users is dedicated to the public domain | Terms of Use Updated | Privacy Policy
DIGG, DIGG IT, DUGG, DIGG THIS, Digg graphics, logos, designs, page headers, button icons, scripts, and other service names are the trademarks of Digg Inc.