Don’t Close Your MacBook with a Webcam Cover Attached

Originally published at: https://tidbits.com/2020/07/14/dont-close-your-macbook-with-a-webcam-cover-attached/

If you use a physical webcam cover on a MacBook, Apple wants you to know that shutting the lid with the cover attached could damage your screen.

If I understand it correctly, the green light is hardware connected (in series) to the camera making it impossible to supply power to the camera without powering the light. That of course does not exclude malicious software from turning on the camera when you’re not looking.

Another thing the article states is that a camera cover can interfere with the ambient light sensor that is used for automatic brightness and true tone.

However, if you’re really unsure about someone hacking the camera and really want to cover it with one of those sliding covers, you might be able to prevent issue with the screen by putting a small rubber sticker, the same thickness as the the camera cover, on each of the two top corners of the screen. That should keep enough distance between the screen and body for the camera cover. Of course this means the screen never fully closes and I don’t know if this can cause other issues. I have not tried it myself, so be careful if you want to experiment with this idea.

1 Like

That’s my understanding, too, but never underestimate how clever hackers can be. If I were concerned enough about the webcam I’d slap a small piece of electrical tape over it. The built-in camera is junk anyway.

Well, the best camera is the one you have with you :wink:

It should work to increase the clearance. The important question will then be if the added distance will prevent the Hall effect sensor on the motherboard from detecting a lid-closure. I suspect the answer to this will vary from model to model.


Regarding the usefulness of covering the camera, I question it. Yes, a cover can keep others from seeing you if malware manages to turn the camera on, but I think that kind of “protection” is putting a plastic bandage over a gunshot wound.

In order for any of these exploits to work, your computer needs to have been previously infected with malware. If that is the case, then the malware can cause a lot more damage than just recording video from your camera. It can capture audio (where there is no in-use light). It can share your screen with third parties. It can install back-door logins. It can read/download/modify/erase/encrypt all your files. It can wipe your hard drive or change passwords to lock you out of your own account.

Given the hundreds of different ways you can be attacked once there is an active malware infection, I don’t think a sticker over the camera matters. You need to do what it takes to prevent the infection in the first place, and then a camera cover will be irrelevant.

Fortunately, normal common-sense security measures should be sufficient for most people. A quick (but not comprehensive) list includes:

  • Don’t log in to administrator accounts. Create a non-admin account for your day-to-day work. You can type in an admin user name and password to authenticate things that require admin access (e.g. installing software)
  • Keep the OS and your applications (especially those that deal with Internet content, like web browsers and e-mail clients) up to date with the latest security patches
  • Configure your web browser to deny access to hardware devices like cameras and microphones. For Firefox, you can block access to your location, camera, microphone, notifications, media autoplay and VR devices. Only permit specific web sites access - those that you know you can trust, and even then only if you actually need the feature that the page is using the device for.
  • Don’t install any applications, add-ons or plugins that you didn’t explicitly request. If some web site or document tries, always deny its permission, no matter what it claims to be. You have no way of knowing if it is legitimate or malware. If you think you need the software, go to the product’s home page (or the App Store, if applicable) and download/install it yourself, to maximize the odds of getting the real thing.
  • Don’t use plugins and browser add-ons you don’t need. For those you do need, restrict them to only those sites/documents where you really need them and make sure they are kept up to date (auto-updaters are a very good thing here).
  • Don’t ever download software from third-party sites. Only download from official distribution points. Software from other sites may or may not be infected. You have no way of knowing so don’t take a chance. This is especially critical for file sharing networks and “warez” sites - even if you think the content is legal, you still can’t trust that it is what it claims to be.
  • You might want to be equally cautious with media files. Although audio and video files rarely contain malware, there have been cases where specially-crafted media files exploit security bugs in media-player software. Stick with media from trusted sources (e.g. the iTunes store or Amazon Music) to be on the safe side.
  • Periodically scan for malware with a good tool like Malwarebytes. Whether you need active background scanning is up to you, but it pays to manually scan your system from time to time.
  • Use a firewall. The NAT capabilities built-in to home gateway routers are probably good enough to prevent unsolicited inbound connections from the Internet, but firewall software on each computer is a good idea in addition to your router. The firewall built-in to macOS, at minimum, should be used. You might want to consider a third-party package like Little Snitch for additional protection.
  • Use an ad blocker. This is even if you don’t have a problem with ads on web pages. Many malware packages attempt to spread via advertising networks. By blocking ads, you greatly reduce the chance of ever seeing malicious content, which is a lot better than receiving it and trusting that your software has already patched the security hole it is trying to exploit.
  • Be skeptical. Phishing attempts happen all the time everywhere. If some e-mail or web page claims you need to send money or download software, don’t believe it. Even if it seems to be official correspondence (e.g. from Apple, or your bank or law enforcement), don’t believe it.
    • If you really think it might be real, don’t act immediately. Hold on to it for a few days. Do some web searching. Ask about it in forums you trust. Nothing legitimate is so time-critical that you can’t afford to wait a week.
  • Keep at least some of your backup devices powered-off and disconnected when you’re not actively using them. This won’t keep you from getting infected, but it will significantly reduce the chances that an infection can corrupt your backups along with your running system.
2 Likes

Black tape (like electrical tape) will do the trick without breaking anything.

I trust Apple did the green light thing right, but I also know a good malicious actor would take very brief stills so that you’d likely miss the few ms where that green light went on.

Black tape or not, I’d be more worried about the microphone. I don’t do anything in front of my computer you couldn’t see, but I do talk about things at my computer not everybody should hear.

2 Likes

If your computer has a T2 chip, it can cut off the microphone at the hardware level!

2 Likes

I’ll say: the risk of webcam exploits on the Mac is pretty small. Damaging your screen is a much larger risk. I wouldn’t put any sort of spacer between the keyboard and lid, because that’s just asking for problems.

I’d really like a mechanical switch to actually disconnect it. A Mac’s camera (at least the one in my 2011 MacBook Air) is a USB device. It would be trivially simple to put a switch on its power line so you can make it go away completely when you’re not using it.

I’m not sure how the analog audio (microphone/headphone) is connected, but it shouldn’t be hard to switch that as well.

But that’s just so 1980’s. Can’t have that, now can we?

2 Likes

How about a thin vinyl keyboard cover? It does leave marks on the glass screen but they can be cleaned off with a good screen cleaner like Whoosh.

Of course it is possible my Mac had the bulding battery problem for a long time, which exerts pressure upwards and downwards.

By the time I took it to the shop it had bloated enough to bend the bottom of the case. The case screws were REALLY holding the bottom on against the force of the bulging batteries.

That is indeed great for when your MBP is closed. But what I was thinking about is the fact that unlike the webcam, the microphone has no green light to show it’s recording me (while the MBP is on and open).

1 Like

I don’t disagree with your advice and I myself don’t have any kind of spacer. But it is true that Apple itself puts a protective foam sheet in between lid and KB when they ship the device. So we know that a ~ 0.5 mm thick soft item can safely be put in there.

1 Like

I agree…anything like a piece of electrical tape, a post it note or a similar thickness is too thin to cause any problem IMO.

A co-worker of mine got confirmation from an Apple engineer friend that the green LED is hardwired into the camera circuit. It’s physically impossible to activate the camera without also activating that LED.

That said, @Simon’s comment about “very brief stills” is perfectly valid.

To address those concerns, have a look at Objective Development’s MicroSnitch.

This little utility monitors audio and video I/O on your Mac and summons a notification whenever one of the devices becomes active or inactive. It also logs such events, so you know if an application accessed microphones and/or cameras while you were away from your computer.

I’ve been using this software for a long time, and it works amazingly well. At $3.99, that’s not a lot of money for a lot of peace-of-mind.

1 Like

While appreciating Apple’s note, it wouldn’t take a rocket scientist to come up with that conclusion alone.
There are, however, sticky sliding covers which are very small and very thin so they fit well into the very thin bezel of the MBP16, and while still protruding above the surface of the glass, they do not add more than a quarter of a millimeter to the distance between the glass and the metal surface when the lid is closed. I have found that there is more than enough flex in the glass and cover to accommodate that.

As for the Lenovo solution of a built-in slider - there’s a catch to that: The camera is very thin as it is. Thin means poor quality. “Camera” means “room”, and that’s the distance between the lens and the image sensor. Thinner cameras means shorter distance which means poorer quality. That’s not the full scientific story behind photography but sufficient for this discussion. When you add the slider that means there is less room for the camera which means an even thinner camera and thus - poorer quality. If they make it much thinner they quality might be so bad that you won’t even need a cover anyway.

On a side note, with COVID-19 travel bans my laptop had become a desktop and I haven’t closed the lid and packed my MBP for about 5 months so the problem is self-mitigated until travel is resumed…

A post-it works perfectly for me. I just need to remove it for zooms.