What you’re looking at (jump here to see), if you’re running OS X Tiger with an iSight camera (or any other connected Web cam) is a live image of yourself. A simple little plug-in for QuickTime and a single line of code in a Web page and there you have it. Freaky. Yes. Security hole? Not really. But maybe some hacker can dig and find a hole to exploit in QuickTime and send images of you, unsuspecting, back to hacker headquarters.

Apple generally does a great job in protecting its users, but I must admit, when I saw the built-in iSight on the MacBook Pro at Macworld, the first thing I thought of was how this would be a great tool for hackers to exploit at some point. Other companies have already thought of using iSight to their advantage such as Orbicule’s Undercover. Snapping pictures every six minutes of the user is a great idea. While we couldn’t find a stitch of information telling us if the green light comes on or not during these candid pictures on Undercover’s FAQ page, or any of the many forums we read, it must be pretty Inconspicuous enough to have such a high interval on the recover program for Orbicule to implement it.

With this little “trick” here on SvenOnTech’s site and Orbicule’s use of iSight for notebook recovery, one has to wonder if iSight really is a neat invention as many find it. Knowing there might be an exploit sitting in your laptop that could take pictures of you - or your office full of top secret information - makes the endless amount of posts about security, such as MacInTouch’s more understandable.

Until Apple can assure Mac users that iSights are safe from unauthorized use, you may want to keep that lens cover closed for you external iSight users and keep an eye on that green light for you MacBook and MacBook Pro users. You’ve been warned!

[Via O'Reilly]

[tags]mac,os x,osx,tiger,quicktime,exploit,isight,hole[/tags]