School District Faces Lawsuit Over Webcam Spying Claims

The MacBook's built-in iSight camera and microphone are awfully convenient for Skype phone calls and iChat video conferencing, but a more sinister potential use came to light this week with the allegation that a suburban Philadelphia school district used iSight cameras to spy on students at home. The FBI has launched an investigation to determine whether federal laws were broken.

The investigation follows a lawsuit filed in the U.S. Eastern District of Pennsylvania alleging that the Lower Merion school district misused the MacBooks' Webcams, based on an incident where a vice principal accused a student, Blake Robbins, of illicit drug use in his home. His parents asked for evidence, to which the vice principal responded that they had pictures from Robbins's Webcam.

How exactly did the school district get access to students' Webcams? Well, Lower Merion installed security software on the Macs it issued to 2300 students, but never disclosed the possibility that they could be remotely monitored for audio and video input--which could be illegal under federal and state laws governing topics like wiretaps and computer-instrusion.

An analysis of how MacBooks could be used this way was posted by a security researcher writing under the (presumed) pseudonym of Stryde Hax. According to Hax, Lower Merion used LANRev software (recently rebranded Absolute Manage) to implement both the system lockdown and remote access on the MacBooks. LANRev includes camera, screenshot, and IP location tracking in its monitoring as an antitheft tool.

Lower Merion spokesman Doug Young claimed that this antitheft tracking was used 42 times when laptops were reported stolen, and led to the recovery of 28 of them. He said the policy of using Webcam shots only for devices reported stolen was never broken, but he couldn't comment specifically on the Robbins case.

That contradicts anecdotal evidence compiled by Hax, who searched message boards used by Lower Merion high school students, and found many reports of iSight cameras powering up, as indicated by a brief flicker of the LED light next to the camera. Some students even put tape over their iSight cameras to prevent them from operating, but most were assured by the district that the light was a "common MacBook glitch." The LANRev software apparently disabled the cameras for all other uses; students were unable to use PhotoBooth or video chat, so apparently most of them believed that the camera did not work at all.

The stock Mac OS X system does not allow the camera to be accessed remotely. The LANRev software, however, hacks the system to make this possible. While your iSight camera can be activated remotely if you allow SSH access or Screen Sharing in your Sharing system preferences, in most cases you'll see activity on screen when this occurs. In all cases, the LED light indicates when the iSight is turned on; however, there is no equivalent indicator for the audio microphone.

If the MacBooks were used--or even could have been used--as remote spying devices, the implications, ranging from privacy issues to possible child pornography, are disturbing. In addition to the FBI investigation, Lower Merion will presumably decide on its own whether community standards were broken as well.

Subscribe to the Security Watch Newsletter

Comments