It would help if articles explained why software cannot interfere with the path from camera or microphone to the light. What quality of "exclave" is needed to do this, that simpler wiring and voltage checking chips can't do.
The article is definitely light on details, but my reading is that this pertains to the orange dot painted in the menu bar or notification area when the camera/microphone is being rendered, not to any physical LEDs (which I believe iPads don't have for these components).
Since this is drawn on the screen, typically you might assume system-level malware that's able to get access to window server, compositor, etc would be able to prevent the dot from being drawn, or remove it after the fact.
It sounds as if what they're implying is that there is a dedicated function in a separate hardware chip, outside of the control of the primary application CPU, and not addressable by the system software at all, that paints the dot on the screen as an overlay after the image is rendered by the software display stack, but before it is presented to the OLED/LCD. That would make it very difficult or potentially impossible for even root/kernel-level malware to hide.
That would definitely be noteworthy. And it sounds like a very Apple thing to do -- based on some of the Asahi team's notes about their current hardware, they have an affinity for novel and intricate solutions at the hardware/platform level.
It sounds impressive. One could argue for a physical LED tied to the power of the internal camera and microphone. But if I understand correctly, this exclave/dot will be work on external monitors (so the LED is not hidden just because you use one) and probably works with external cameras and microphones (which don't normally have their own LEDs). At least, it probably works with "normal" external cameras and microphones that one uses for zoom, etc.
Because it's not a separate "light", like you have on your external camera, or on a laptop — it lights up specific pixels on the "main" screen; without the CPU/GPU/mainOS knowing about it.
This is all from research done by people smarter than me; not much has been published unfortunately. A good starting point for thinking about exclaves is by looking at ARM Realms or how pKVM is designed in Android.
If the "Secure Exclave" is a privileged VM (alongside iPadOS VM) on a minimal bare-metal hypervisor, does that open the door to unprivileged Linux or other user VMs safely running alongside iPadOS on iPad Pro?
I think that’s meant to be a security feature. If it can be toggled off in software, that lessens the trust that it reliably represents the state of recording.
Maybe a black circle sticker might help? I see people do that to block the camera. Should work just as well for the LED.
Would this prevent someone swapping the physical LED out with something that would take the voltage but try to hide the light? Maybe like a IR led? Or even some circuit that can be toggled to act as a resistor? I guess an evil maid/supply side attack is much less likely than just hacking the software but still...
That’s impossible to prevent. If you have that level of hardware access and sophistication of modifying the device, you have already lost if you leave the computer alone.
The only way to prevent this in any way would be a light sensor on the other side of the case which you could use to check the Indicator when the laptop is closed. But if you can’t trust your hardware to that level, there are thousands of other attacks you can do.
Well you have a point and I was thinking about it. Only thing I can think of is eliminating the LED in favor of software (which is what they have done in some products) or putting silicon in the LED to verify it. Ugh have we now reached the point where we have to put some crypto in everything including our LEDs?
I think that’s just a too advanced threat you want to handle. If you are facing such an opponent, you shouldn’t let your hardware out of your hands at any time. You can probably replace the battery by a smaller model and put a keylogger in the remaining space. There’s just no way to prevent hardware modification without using tamper evident seals on all openings, and even that probably isn’t 100% safe.
Do you have a Macbook with that center gap in the screen? Because I notice different behavior on my 2023 Macbook Pro vs my iPhone 13 Mini.
On the iPhone if you observe closely, it is drawing a green circle on the screen area where you normally see portions of your OS or app. It starts with a tiny circle and grows until it becomes a certain size. When you close the camera app, the circle turns orange and shrinks until it disappears.
On the Macbook, it is a bright green circle that just turns on like an LED and is located in the cut off portion of the screen that has nothing software related in it. When the camera using app is close the circle just disappears like an LED turning off.
Ok, apparently I just don't use the camera very often on my Mac. It looks like an app using the camera triggers a discrete LED in the notch, but an app using only the microphone triggers an indicator in the menu bar (which becomes a green dot of pixels in the corner of the screen when in a full-screen app where the menu bar is hidden).
Seems like some products use software based indicator where it draws directly to the OLED and others use physical LED? Ive tested iPhone 13 Mini which has software light and 2023 Macbook Pro seems to have a traditional LED. They seem to operate differently as I explained in my other comment.
Well the indicator is shown on a segment of the display which is otherwise black. And since it’s OLED, you don’t break the backlight but the pixels itself. How would you notice just the pixels used for the indicator being broken? You would only notice when you expect the indicator to be shown but it isn’t, but that’s the same as in the scenario of the top comment.