How NSA hacks your web cam?
This is long waited post, I was thinking to post about this as soon as I watched Snowden movie a few years ago. And today morning as I saw this about “How a hacker can access to your web cam through apple safari” on reddit, I decided its time to write this.
This is the scene that NSA operative access a web cam of a powered-off laptop and watch live stream. I will try to explain whether its possible , if so how.
Can they really do that ?
Short and obvious answer is YES
Now lets see how they can do it. Here I will explain a possible one way of doing it in electronic design level with a simple example. I hope you have some basic understanding about logic gates.
When we design a processor, first we finalize its
- Functionality
- Input and Outputs
Then we go to, how we can generate desired output from inputs. Thats where logical operators are used. First we take one functionality and try to represent it in logical way using Karnaugh map .
Here this K-map has all possible outputs for 4-inputs (ABCD). With the help of K-map, we can reduce our logic complexity into a much simpler one. In K maps, 1 — Must happen, 0 — Must not and x — dont care.
As an example lets think we are going to design a simple Application specific processor for a day today simple example. Umbrella and Rain. When you need an umbrella. There are four possible cases for this.
- If its raining you MUST bring an umbrella. (1)
- It rains, but you can go without an umbrella. (Must not happen)(0)
- Its not raining, you can bring an umbrella. (doesn't matter)(x)
- Its not raining and you do not bring an umbrella.(doesn't matter)(x)
This processor should not let us go out without an umbrella when its raining. Thats our functionality.
Inputs for this processor are :
- Rain. (R)
- Umbrella. (U)
Lets implement this in K-map.
Here 0s outside boxes mean NO and 1 means Yes.
So here logical output is R.U = 1. Simply this is an AND gate, we need to have an AND gate to process these two outputs.
But prime purpose of K map is to reduce logic, there comes dont care conditions. They are useful to reduce logic.
With the help of dont care conditions, we can reduce our logic into U, simply means, this processor will tell user to bring an umbrella even its not raining. You may think why the hell we want a processor to tell, it should tell us to bring an umbrella only when its raining.
Lets see why we need this stupid logic reduction. Then it comes the cost factor. If we do not use logic simplification using dont care conditions, we would have to use an AND gate. But here we do not need any logic gate.
To implement an AND gate on silicon wafer we want at least two transistors.
removing a transistor means, a big saving for manufacture. They always go for such logic simplification using dont care conditions.
What is the security vulnerability here?
As you can see above, our processor says YES to bring an umbrella even its not raining. Now lets bring this sample for our original content, web cam access when PC is power off.
Rain = PC , Umbrella = Web cam
PC is power off (not raining) but bring an umbrella (turn on camera).
Blueprints of all processors designed in USA is accessible to intelligence services, so they know or they can implement their own logic in processor design. Which led them to access what ever they want in our PC,mobile anything.
Design is mostly done in USA, and then for manufacturing its sent to China. And they also add their own back-doors to chips. They did it even for NSA servers.
Why this is dangerous :
These hacks are literally untraceable for software as they run in deep in hardware level. As described above, it doesn't even need an OS to run there. Even NSA failed to detect these with their own servers.
To trace these , you need to perform tests with expensive hardware such as logic analyzers.
