iSight green LED comes on with no user input?

Question

Level 1

24 points

iSight green LED comes on with no user input?

So,pretty freaky when it looks like someone has taken over control of your perfectly sound Mac, right? I was across the room, and I say the camera light come on my MPB, and there weren't any IM apps loaded, and certainly none with auto camera on configured. Who would be crazy enough to do that? Performance artists of some description.

Any thoughts on what could be doing this, and what I might look for to find out if I'm being hacked? I could pull the net connection, but the point of having a computer is to be on the network, right? Unless all you're doing is writing, of focussed on local activities.

Freaked me out, that did.

2GHz MBPro, 2Gb RAM, 249GB HD; 2GHz MB, 1Gb RAM, 74GB HD;1TB Time Capsule, Mac OS X (10.6.4), 8Gb 3G iPhone, 800Mhz G4 iMac 512Mb RAM; WinXP SP2

Posted on May 20, 2011 11:27 PM

Reply

Answer 1

May 21, 2011 12:48 PM in response to BMcRaeC

Hi,

Nearly a yewar ago there was a report that a US School had given out Macs that had software on them that allowed the School to access the computer and the Camera.

They claimed it was so they could see who had any computer that was stolen.

I don't remember if the story actually said if any were stolen.

It did say that students got to find out and the School was in a lot of trouble for taking and storing pics, mainly of students in thier bedrooms.

I don't remember if anyone said the light came on or not.

I don't think it is going to be any sort of hacking.

Things to exclude.

Some Web Sites can access the camera via the Flash Plug-in.

This normally causes a Pop up to appear where you have to specifically Agree to Allow access. However there is also a Remember button.

It is a long time since I saw someone code a page that accessed the camera without asking (whether that is Adobe changing that feature or actual Coding I am not sure)

There is also a Google Video Chat Plug-in for Macs so they can chat via the Google Mail Web page Chat option.

I had used this very little and can't say that I can remember if it asks for Permission.

However you don't say you found a Video Chat Invite in a Google Chat

Face Time on a Intel Mac and iChat on any both do a partial Login at the Computer Start up.

In iChat's case this will start the iChat Up if someone sends you an Off Line IM (it does depend if you have reset the default Accept to be Off - normmaly by a Message from AIMSysMessage asking if you want to receive more - answering No to the IM turns it Off)

In Face Time's case any Incoming call will start up Face Time.

The Beta seems reluctant to show a Window but the camera is then Active.

I do not have the App Store version and don't know if the Preferences can be set to only accept calls when fully active.

Sticking somewhat with Web Browsers there are apps that can be set up to detect movement linked to the Screen Saver being active (or not) and loading it to a web site (on the Mac or External).

See EvoCam and SecuritySpy in the Nanny cam section of this page

Also consider everything else on that page.

iMovie, Quicktime that you already have and any of the Add-on and apps listed.

Remember the list is not exhaustive.

For instance Comic Book bundled at one time with soem Macs can access the camera for Snap Shots.

System Preferecnes > Accounts > (Any Account) > Login Pic

This can access the camera for Snap Shots if set to Change the Pic

Depending what items you have in System Preferences > Sharing and in some cases additional Access Passwords you may have a point of Access.

Screen Sharing can be accessed without an incoming password over VNC This would tend to mean that your routiung device is forwarding that port (normally 5900) to your computer - OR - you are connected directly to the internet such as a Cable modem.

Any person making use of this would have the same access to the Mac and its apps, System Folder structure that you do.

Most of the Posts that have said someone has reported similar to you (and reported back) have tended to say that a fault was found when they took it to a Store.

The Internal iSIght is a USB device.

The OS numbers the devices you have so it "knows" which one the apps and other softare are trying to contact and use.

It is know that sometimes the Mac loses track of which device is which.

The camera may have been triggered when it should have been an External Hard Drive or other device.

Restarting the computer will normally sort this.

8:47 PM Saturday; May 21, 2011

Please, if posting Logs, do not post any Log info after the line "Binary Images for iChat"

 G4/1GhzDual MDD (Leopard 10.5.8)
 MacBookPro 2Gb( 10.6.7)
 Mac OS X (10.6.7),
"Limit the Logs to the Bits above Binary Images."  No, Seriously

>

Reply

Answer 2

BMcRaeC Author

Level 1

24 points

May 21, 2011 1:03 PM in response to Ralph-Johns-UK

Ralph,

Wow. That's a pretty comprehensive, and very helpful response. Thanks. I did have the Comic Life app loaded at the time, as well as a logged in browser window to Gmail, so Google Chat may have been available, although I haven't knowingly configured it to auto-video chat.

Do you know if there would be a log trail I could research? I took a look in Console for recent entries, but didn't see anything that was obvious, although I should look again after reading your post. Regardless if I find anything or not, I'll reply to the thread and provide some details.

Thanks a lot! Great resources you've posted. These days, with Big Brother looming closer and closer, personal awareness of digital security is going to become more important for all of us, if we don't want to become pawns for big business and big government.

Reply

Answer 3

May 21, 2011 1:55 PM in response to BMcRaeC

Hi,

Console might indicate if the camera become active.

However the Flash or Google Plug-ins will become active when the Browser does and may only be listed there, if at all.

I seem to remember the only way I found out that Comic Book could do was to try.

I seem to remember that it took some working out. Apart from those few try out session you do I have not use the app since.

If you were Logged in to the Google Mail Web Page the chat option may keep a History

Of course to use Chat in the first place you have to have Enabled Talk in your Google Account Settings (that's the general settings for the Account in general not the Mail Settings).

Extra Info.

iChat Screen Sharing and the Screen Sharing app I mention earlier (Access set in System Preferences > Sharing) both use the Apple Remote Desktop Engine (Remote Management in Sharing).

iChat, if open, can use iChat Screen Sharing at the same time as Apple Remote Desktop Is is.

However Screen Sharing and Remote Management can not be set together (Although in 10.5.8 setting the Remote Management will warn you but turn Off Screen Sharing but not when setting it the other way round)

They are all forms of VNC connections.

The main point is if you have the Mac Set for Remote Management and someone has the main Apple Remote Desktop app they can access you computer, particularly if no Password is set (Remote Management is the client end of ARD and all Macs have this Installed.)

That does not exclude the use of other VNC apps that you may have.

Say for Instance Chicken of the VNC is a popular apps for Remoting in to PCs

I presume it can work the other way as well (that it will work as a client end as well as the control end).

Some attempt with this post has been made to get all the letters in the right order (at least to Britsh Spellings)

I reserve the right to blame many teachers in my past and my parents for my Genes at any point that may influnence this.

9:52 PM Saturday; May 21, 2011

Please, if posting Logs, do not post any Log info after the line "Binary Images for iChat"

 G4/1GhzDual MDD (Leopard 10.5.8)
 MacBookPro 2Gb( 10.6.7)
 Mac OS X (10.6.7),
"Limit the Logs to the Bits above Binary Images."  No, Seriously

Reply