Matt OrganFeb 6

A friendly reminder to never trust manufacturers privacy protections.

I was recently attempting to get an external camera functioning, so I started polling various video devices sequentially to find out where it appeared and stumbled across a previously unknown (to me at least) camera device, right next to the regular camera that is not affected by the intentional privacy flap or "camera active" LED that comes built in.

I had always assumed this was just a light sensor and didn't think any further about it.

The bandwidth seems to drop dramatically when the other camera is activated by opening the privacy flap, causing more flickering.
This was visible IRL and wasn't just an artifact of recording it on my phone.
I deliberately put my finger over each camera one at a time to confirm the sources being projected.

A friend of mine suggested this may be related to Windows Hello functionality at a guess but still seems weird to not be affected by the privacy flap when its clearly capable of recording video.

dmidecode tells me this is a LENOVO Yoga 9 2-in-1 14ILL10 (P/N:83LC)

Command I used for anyone to replicate the finding. (I was on bog standard Kali, but I'm sure you'll figure out your device names if they change under other distros):
vlc v4l2:///dev/video0 -vv --v4l2-width=320 --v4l2-height=240 & vlc v4l2:///dev/video2 -vv --v4l2-width=320 --v4l2-height=240

#Cyber #Security #Infosec #Lenovo #Privacy #Hacking

Show threadjasegFeb 6
@Slater450413 that’s common to most modern business-y windows laptops. That’s an IR cam that windows uses for with a presence detection. It’s not supposed to be visible to applications on windows, and because of that privilege separation it makes sense to not have it covered by the shutter. Otherwise you’d have to open the regular cam that’s accessible to unprivileged applications as well every time to log in using face recognition.
Show threadjasegFeb 6
@Slater450413 covering that cam with the privacy shutter would also silently disable lock on leave (presence detection screen lock), which would open up an unintuitive security footgun when someone expects their laptop to automat lock when they go away but forgets they closed their privacy shutter.
Show threadjasegFeb 6
@Slater450413 I think the core issue here is that linuxes just don’t share the same security distinction windows uses for these cameras and that mismatch looks weird.
Show threadMatt OrganFeb 6

@jaseg I totally get they want to keep support calls down (I don't blame them for that and makes sense).

I guess I find it a little more non-negotiable that they could at least blip the activity LED when there's activity on the bus at the hardware level instead of needing consumers to read developer docs.

I'm comfortable and capable of doing the research but I until now, I didn't realise I even needed to. I had, incorrectly in hindsight, assumed privacy screen meant privacy and activity LED meant activity which is a pretty normal presumption for any regular person.

Show threadjasegFeb 6
@Slater450413 I think their design is sound, but it’s rude that they didn’t consider how it interacts with linuxes. I agree that an activity indicator, similar to how faceID is handled on apple phones, would be useful. From a security perspective, a more fail-safe design would handle the image processing inside the IR camera module and only present a binary “go/no go” sensor signal to the OS similar to how fingerprint readers work.
Show threadjaseg
@Slater450413 having the image processing done inside the camera module would solve the privacy issue on linux or other oddball OSes, but would probably compromise security on windowses since the firmware for these modules would be hard to maintain and to update.
Feb 6 at 10:25amWeb