The Secure Design of the MacBook Neo’s On-Screen Camera Indicator
One might presume that the dedicated indicator lights are significantly more secure than the rendered-on-display indicators. I myself made this presumption in the initial version of my MacBook Neo review last week. This presumption is, I believe, wrong.
Later last week Apple published, and I linked to, a small update in their Platform Security Guide, which states:
MacBook Neo combines system software and dedicated silicon elements within A18 Pro to provide additional security for the camera feed. The architecture is designed to prevent any untrusted software — even with root or kernel privileges in macOS — from engaging the camera without also visibly lighting the on-screen camera indicator light.
[The] software-based camera indicator light in the MacBook Neo runs in the secure exclave part of the chip, so it is almost as secure as the hardware indicator light. What that means in practice is that even a kernel-level exploit would not be able to turn on the camera without the light appearing on screen. It runs in a privileged environment separate from the kernel and blits the light directly onto the screen hardware.
Previously:
- Apple Exclaves
- MacBook Neo
- Apple Platform Security Guide (May 2024)
- Monterey Shows Orange Microphone Dot on Video Projectors
- Don’t Close Your MacBook With a Camera Cover
- On Covering Webcams
- MacBook’s T2 Will Prevent Eavesdropping on Your Microphone
- Micro Snitch 1.0
- iSights Spying on Their Users Without Warning
5 Comments RSS · Twitter · Mastodon
That's not very surprising considering that's the technology iOS has always used. iOS devices never had a hardware indicator light.
@Sébastien iOS has always used a software indicator, but it sounds to me like until versions of iOS (and even still on older processors) it used different, less secure technology.
I wonder how this indicator will work for running a Fully Untrusted OS, such as Asahi Linux (when the support for A18 Pro becomes available, which seems to be a while away for now). Running untrusted/non-Apple OSes is something that even Apple allows, and documents extensively.
The link says the document is from December 2024 and from a quick search of the PDF I can't find anything about the indicator light.
For those who are more capable than I am of finding the actual information: Is there anything that guarantees the indicator will contrast with the background? Gruber's Photo Booth screenshot shows it as a plain green dot. If some nefarious software used a green background of the same shade, would it essentially hide the indicator?
Still though, seems to me having a hardware light that cannot be physically bypassed without bypassing the camera or physical access is more secure. Yet another software popup is not as effective as Apple and everyone else have trained users to ignore the yet another thing trying to get their attention. But people know very well what a web cam light means.
The hardware exists, I wonder how much cost savings could possible have been had by omitting this.
