Tiger + iSight security concern?
This post was published 3 years 8 months 15 days ago which may make its actuality or expire date not be valid anymore. This site is not responsible for any misunderstanding.I stumbled uping the following site while browsing through random feeds. Naturally, I open multiple links from my feed reader which are redirected to the browser behind my reader. Not paying much attention, I continue on my business while doing an assortment of things. All the while, I missed the fact that the little green light on my MacBook’s iSight had turned green. What does this mean? It means that the camera is active and streaming.
At first, I thought my MacBook was begging to be replaced. A broken iSight would surely complete the package for the longest string of bad luck possible concerning this little machine.
It was not until switching to Firefox and cycling through my reads did I notice that the iSight camera had been initiated by a website. If you’re OSX Tiger and have an iSight or comparable web cam attached, the following site (warning, do not click if you are sitting naked in front of your web cam) will initiate your camera without your control.
Paul had a great idea for site admins. What if someone set something like this up to track visitors to pages?
Derek…
Did I not tell you that the iSight is a tool to spy!
C’mon guys this is just like a graphics file. The iSight is only running in the browser, it’s not streaming over the Internet or anything.
Now if this site showed OTHER people sitting at their computer that would be a great deal more fun.
Dashboard widgets, that are basically web pages, have been doing this for a while now. Remember the famos Mirror widget, that was used to kill the whining sound on the MacBook Pro computers? Well, that one did the same exact thing.
It might be a good idea to somehow notify the user, that the webpage is going to turn the camera on, but at the same time this is not streaming anywhere yet. It is just displaying the image on that specific webpage, but on the website. Basically it is only showing in your browser.
This is not a security concern since it’s just a Quartz Composer file using the iSight as an input. Since it’s a file loaded locally on your system it’s not exactly the huge security hole you think it is. The only thing special here is that you’re seeing it in a browser, and all Quicktime objects can be embedded in a webpage, so no biggie.