Apple’s Camera Indicator Lights

A thoughtful review of Apple’s system to alert users that the camera is on. It’s really well-designed, and important in a world where malware could surreptitiously start recording.

The reason it’s tempting to think that a dedicated camera indicator light is more secure than an on-display indicator is the fact that hardware is generally more secure than software, because it’s harder to tamper with. With hardware, a dedicated hardware indicator light can be connected to the camera hardware such that if the camera is accessed, the light must turn on, with no way for software running on the device, no matter its privileges, to change that. With an indicator light that is rendered on the display, it’s not foolish to worry that malicious software, with sufficient privileges, could draw over the pixels on the display where the camera indicator is rendered, disguising that the camera is in use.

If this were implemented simplistically, that concern would be completely valid. But Apple’s implementation of this is far from simplistic.

Tags: , ,

Posted on March 30, 2026 at 7:08 AM22 Comments

Comments

Dan Cussen March 30, 2026 8:11 AM

How about just tie the led to the camera power, no need for fancy tricks, but then things like face unlock would take longer to work.

Dmitriy March 30, 2026 8:32 AM

The argument is that the code responsible for the camera indicator light runs in the secure exclave and blits directly onto the screen hardware.

The malicios code might not be able to prevent that, but what stops it from painting over the same area of the screen immediately after, before the user can see it?

Nicholas March 30, 2026 9:27 AM

An application running full-screen (a game, perhaps) could ensure that the whole area around the indicator is green, disguising the light. This could be done cleverly (e.g. only use the camera when the area on screen top right is green). The problem isn’t that the graphic could be disabled, it’s that drawing it to the display is a form of in-band signalling that can be disguised or spoofed. In that sense nothing beats a separate LED.

Steve March 30, 2026 10:42 AM

To quote Bruce Schneier. “the worst enemy of security is complexity.” I’ll take a simpler hardware approach over a more complex one any day. Why are they going through so much trouble to do it like this anyway?

Rontea March 30, 2026 10:53 AM

The key is that the indicator is controlled at a level that malware can’t trivially bypass. While hardware lights provide an additional assurance—because they’re electrically tied to the camera—Apple’s approach is still defensible if the operating system’s integrity is maintained. The real risk comes if an attacker can compromise the OS deeply enough to disable the indicator, at which point you already have far bigger problems. Security is never absolute, but layered defenses like this make silent surveillance significantly harder.

Vesselin Bontchev March 30, 2026 11:09 AM

To those asking why not simply link the light to the camera’s power supply in the hardware – some notebooks do just that. But this Apple’s approach has the advantage that it is also applicable to the microphone, for which there is normally no hardware indicator.

Rick Auricchio March 30, 2026 11:58 AM

On handheld devices there is no physical LED, nor is there one on the Neo.

My son, an Apple software engineer since 2012, had worked on this new system from 2021-24. He just told me about it now that it’s in general release.

The system also verifies that a physical screen is connected—to ensure that it’s able to show the green dot!

lurker March 30, 2026 2:02 PM

As a hardware guy I would prefer a hardware solution, preferrably the led integrated into the camera. Apple’s solution appears to be more complex, thus increasing the attack surface.

BTW it seems that Apple may not sell to New Zealand devices with this security feature. The link @DaringFireball gave[1] is geofencing me out: all I get is the “Apple Platform Security” introduction page (en-nz) dated December 2024. Even using various search engines as referrer, I am denied access to this info …

[1] https://support.apple.com/guide/security/mac-on-screen-camera-indicator-light-sec75a2d237d/1/web/1

Ray Dillinger March 30, 2026 2:31 PM

Under the heading of “hardware is trusted more than software…”

I have a system I trust more.

There is a physical shutter with a thumb slide and it goes between the lens and the lens cover on my laptop camera. It is built into the laptop by the manufacturer.

The laptop is a Lenovo IdeaPad (Military spec, but I checked and this feature is also common on civilian versions).

When I want to use the camera, I push it open: The barrier slides out of the way and the camera is usable. This state is clearly indicated because the camera lens is then visible.

When I’m done using the camera, I push it closed: The barrier slides into the way and the camera is blocked. The state is also clearly indicated because the (red) shutter is then visible.

This is 100% mechanical, tamper-proof, 100% secure against any kind of software attack, and any failure of the system would be immediately visible. It’s just plain better than an indicator light.

I might appreciate having an LED that lets me know when something is TRYING to use the camera on my laptop. I might appreciate having an actual latch that forces the slide to move to the ‘closed’ position when I close the lid.

I appreciate the thought that went into the implementation, although I think it drastically overcomplicates what could be accomplished easily by just having an always-on LED that is connected to power when the camera gets power.

But even so, it isn’t nearly as important as reliably knowing and being able to set WHETHER the camera can be used.

The built-in OEM shutter on this IdeaPad may have cost, I dunno, a couple of cents per machine for the manufacturer to put it there if it’s platic, maybe a dime if it’s aluminum like the rest of the case?

And Apple doesn’t use one. It is announcing this new feature so that people don’t damage their machines by having an aftermarket camera cover clamped to their lid when they close it.

All I see here is Apple announcing that it doesn’t value the security of consumers’ laptop cameras enough to spend a couple of cents per machine, and that they manufacture laptops whose lids and hinges are so fragile that people can easily damage them by accident.

lurker March 30, 2026 6:25 PM

@Eitan Caspi, Ray Dillinger

Apple’s Platform Security notes smugly explain how their laptops have a switch (they don’t say if it’s a separate switch or just the main system switch) that turns the microphone off when the lid is shut. Magnetic? Hall effect? more layers of logic?

They go on to boldly claim the camera doesn’t need such a switch because when the lid is shut there’s nothing to see …

Privacy March 30, 2026 9:18 PM

Is firmware involved to turn ON the light? Firmware can be (and is) hacked and reverse engineered. Such tricks are easier now with AI. If I only had AI 30 years ago when I was (legally) hacking software (as an incidental task) as part of my job…

Clive Robinson March 31, 2026 4:32 AM

@ lurker, Eitan Caspi, Ray Dillinger,

With regards,

“They go on to boldly claim the camera doesn’t need such a switch because when the lid is shut there’s nothing to see…”

What can I say about the average IQ of their marketing droids…

Most longterm readers here will know about “pin hole cameras” of the old school type used for observing “sun spots” and the like.

For others who have not done the math a slit like the edge of a closed laptop lid can also be used to produce an image all be it of lower quality.

MikeOh Shark March 31, 2026 8:00 AM

Many years ago I bought a laptop which had a slide switch on the side which they claimed was a hardware switch for WiFi. It seemed to work reliably to cut off sending or receiving WiFi. I worked in a facility that did not want radio signals, including cell phones, in the building.

When I switched from Windows to Linux I found that regardless of switch position, I could turn on and off the WiFi.

“Trust but verify”.

lurker March 31, 2026 6:17 PM

@Clive Robinson, & ors.

Of course the camera might still see something while the lid is shut.
BUT, the immediate problem with the camera is when the lid is open,
AND, if Apple could fit a switch to turn the microphone off,
THEN it is trivial to fit a switch to turn the camera off,
AND make those switches accessible to the user.

Bypassing the switches is an exercise for the malware authors,
and I’m not convinced the subject of this thread will deter them for very long.

Anselm March 31, 2026 9:30 PM

My main computer (a Framework Laptop 16) has physical kill switches for both the camera and the microphone, right next to the camera in the top bezel of the display.

Lars Skovlund March 31, 2026 11:26 PM

An old friend of mine from Russia put opaque tape across the laptop camera. Apparently this was a common thing to do.

Clive Robinson April 1, 2026 1:42 AM

@ lurker, ALL,

With regards,

“BUT, the immediate problem with the camera is when the lid is open,”

There is the old joke / truism about alligators and swamp draining[1] to consider…

The real issue for security starts as I note from time to time, with the question,

“Do the laws of nature allow?”

Followed by a logical progression through each stage testing with that same “allow” question, or variation there of.

So, if,

1, A system can be reached in any way from outside, and…
2, A system is in any way mutable, and…
3, Software can in any way turn a device on or off, and…
4, Signals can in any way be processed, and…
5, There is desire in any way to surveil or control, then…

“There can be no reliable security”.

So the closer to the top of the list you can say,

“The laws of nature do not allow.”

The more likely you can have a secure system.

Hence the reason I spend so much time thinking/talking about “segregation” and “energy gapping” as “bed-rock / foundation” security methods.

But also I know that there are times when,

“The swamp can not be drained.”

So it’s why I thought long and hard about the historic development of “man-o-war” ships that were in effect “floating castles” that did not need “bed-rock” beneath them, and how you could transfer the historic lessons learned into a more contemporary or future security setting.

[1] Oft heard in an exasperated voice as just,

“Some times when you are upto your ass…”

https://quoteinvestigator.com/2025/04/16/alligator-drain/

blaziken April 1, 2026 2:03 AM

@MikeOh Shark

This reminds me that the physical “lock” on SD Cards simply tells the host not to write to the card, pretty please. The card memory and internals are unaware of the position of the switch.

Homer Jay April 1, 2026 1:02 PM

Just have a light that stays on all the time to remind everyone that big broski never stops watching.

Who cares if the camera is on or off while my attempt to get a weather forecast results in hardware fingerprinting, location tracking and cookies from 68 different ad services?

ChooseLinux-instead April 3, 2026 12:16 PM

I really don’t see a sensible reason to favour a theoretically secure processor exclave over a physically provable guarantee from using a common power rail for the camera module and an LED. Ordinary malware might not be able to enter the exclave, but malware which manages to get the same level of system privileges as Apple themselves have might still be able to do something, think malware which can get to the same level as pre-boot firmware. No malware can ever physically rewire a PCB to make a camera’s power supply independent of an LEDs though. I wonder if Apple here is deliberately avoiding providing the better security of an LED* because they want to keep their options open so that they can comply is a state ever comes to them and demands a way to bypass LED warnings and spy with the camera anyway. Afterall Apple has form in doing many bad things when pressured by governments, they make a good deal of noise about those government attempts which they do resist, but they silently comply with many others. Personally, trust Linux where control can be truly yours, not Apple where the company can be coerced in to compliance.

https://reclaimthenet.org/apple-removes-private-vpn-apps-from-russia-app-store

https://reclaimthenet.org/apple-uk-age-verification-chaos

https://boingboing.net/2019/10/02/profits-before-people.html

https://dailysceptic.org/2025/03/19/the-government-is-making-itself-a-laughing-stock-in-its-battle-to-end-apples-encrypted-privacy-service/

https://www.theregister.com/2024/09/26/apple_vpn_russia/

Is a company which has done all that really to be trusted not to keep their options open with any “security” feature so as to be able to turn it off if told to?

*for the really paranoid you could even have a second LED which acts as a test on the first to show if the first LED has somehow failed from old age. You’d have a photodiode monitoring the main LED, if power was applied to the rail and the main LED didn’t light (as seen by the photodiode) then the backup LED comes on to warn that the primary is broken. For the even more paranoid the camera module could be on a power rail which is subservient to the LED’s power rail, the LED’s power rail is energised first, a photodiode checks it is on, then the actual power rail where the camera is located gets enabled by setting a MOSFET from the LED’s power rail to on so that the camera gets power too. If the LED ever fails the camera can’t start, though this becomes worryingly close to planned obsolescence.

Mods: tried posting this several times, maybe you don’t like links to the big social media platform which used to be described as a bird’s dawn chorus

Leave a comment

Blog moderation policy

Login

Allowed HTML <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre> Markdown Extra syntax via https://michelf.ca/projects/php-markdown/extra/

Sidebar photo of Bruce Schneier by Joe MacInnis.