iSight

The fact that someone can easily access your desktop or laptop computer’s Web cam is nothing new. In fact, the FBI has been practicing the trick for years, and even knows how to do so without triggering your device’s warning light, seemingly allowing agents to secretly record targets without them knowing. A new report from The Washington Report reveals hackers are performing similar tricks on unsuspecting computer owners, crossing a huge privacy line that, if true, means it could seemingly be happening to you (or me) right this second.

From new research out of Johns Hopkins University, which focused on MacBook and iMac models released back in 2008, hackers with enough knowledge can easily tap into your device’s camera without turning on the light, allowing them to see what you’re doing at that moment. The Washington Post cites a specific case of this happening earlier this year, in which a fellow hacked into a classmate’s laptop camera and secretly snapped pictures with intentions to extort. This technique doesn’t just apply to older Apple products, either. Researchers say it can be performed on newer models “from a wide variety of vendors.”

Computers are equipped with certain security measures to ensure this doesn’t happen, but crafty hackers have found a way to circumvent these features. A 2008-era Apple product has a “hardware interlock” feature between the camera and the camera’s light, which is meant to ensure one doesn’t turn on without the other. But hackers have allegedly figured out how to reprogram the chip inside a computer’s camera in order to get past the security feature. John Hopkins computer science professor Stephen Checkoway and graduate student Matthew Brocker together figured out how to use the iSight camera and indicator LED independently, which is detailed in a paper called “iSeeYou: Disabling the MacBook Webcam Indicator LED.”

The Washington Post dives deeper into how this hack is possible, highlighting one piece of software in particular called Remote Administration Tool, which is used by IT folks. But it can obviously be used nefariously, and there’s unfortunately no way of you knowing.