random questions

Ivan Krstić krstic at solarsail.hcs.harvard.edu
Sat Aug 18 17:01:40 EDT 2007

On Aug 18, 2007, at 9:26 AM, NoiseEHC wrote:
> As I know there are LEDs indicating the camera/microphone activity.
> Have you thought about that if a rogue program uses the camera for  
> 1/10
> second in every second then the LED will blink fast enough that the  
> user
> will see it as it glows faint?

"Care was also taken to avoid hysteresis attacks: it is not possible  
to enable capture from the microphone or camera for such a short time  
that the LEDs do not noticeably light."
  -- page 9, http://cups.cs.cmu.edu/soups/2007/proceedings/ 

Mitch and I worked out the numbers at some point and concluded it  
wasn't a compelling attack due to device start/stop and driver  
overhead. Note that as Scott points out, the only time this is even a  
possible attack vector would be when the entire OS is compromised and  
Bitfrost disabled or overridden.

Ivan Krstić <krstic at solarsail.hcs.harvard.edu> | http://radian.org

More information about the Devel mailing list