A look at one of Lower Merion School District's evil spying laptops

Welcome Lower Merion residents!

We're glad you stopped by. Go ahead and register for a free account to get the benefits of being a member, including:
  • Access to all of our posts and comments
  • Your own profile including an avatar, buddy lists, and other social networking features
  • The ability to send private messages to other users on this site
  • The ability to chat and interact with other citizens and voters in and around Lower Merion.
Creating an account is easy. Register now!

(Don't live in Lower Merion? That's okay. We won't hold it aginst you.)
Tags:
dmuth's picture
Offline
Last seen: 6 weeks 2 days ago
Joined: 2005-09-13 :35
Posts:

An anonymous source let me use one of the Lower Merion School District laptops earlier tonight. My mission: to determine if the web cam could be turned on or off manually, or if I could access logfiles verifying whether the webcam was used or not.

I didn't bother taking any pics of the web cam itself, since the student smartly covered it with tape, and I didn't feel like getting my face on LMSD's naughty little camera.

First, let's confirm that it is in fact an LMSD laptop:
Property of Lower Merion School District The Lower Merion School District asset tag

Note that there appears to be no way to actually control the webcam from the machine itself. That means that if someone were to turn on the camera itself, it could not be turned off by the student. That's scary. (Anybody know of another way to control the camera? Let me know!)

No way to turn on/off the web cam No way to turn on/off the web cam

No way to turn on/off the web cam No way to turn on/off the web cam

On a related note, there is a microphone in the laptop. This can be turned all the way down:

The microphone could be controlled, though

However, if the machine can be accessed remotely by the school district, since the microphone is controlled by software, there is no guarantee that it could not be turned back on. And unlike the web cam, there is no LED that goes on when the microphone is in use. Also scary.

My next task was to try and view the log files on that machine. Unfortunately, the application for viewing them was locked down:

No way to view logfiles in /var/log

The "Terminal" application was also locked down. My source indicated to me that it used to be accessible, until students figured out how to use the command line to get around the restrictions. (anyone with UNIX knowledge would not be surprised by this)

My final attempt was to try and boot the machine from a DVD so I could mount the filesystem and the hard disk and view the logs that way. Unfortunately, it looks like LMSD was using Extensible Firmware Interface or a similar product had an Open Firmware Password in place, as any attempt to bring up the boot device selection men by holding down the option key at startup asked for a password:

No way to boot from a CD/DVD

In conclusion, there is no way to turn off the webcam, nor any way to be certain that the microphone is not recording. This is a serious privacy risk and I cannot recommend the use of the laptops at this time.

For a future article, if I can get my hands on an LMSD laptop for several hours or more, I intend to fire up a packet sniffer and see just what hosts the laptop talks to, and create some nullroutes for those hosts that can be set up on any Linksys or Cisco router. Stay tuned!

Doug works as a software engineer for hire by day, and does system administration for a hobby, including that of the SAC website. Visit him on LinkedIn at http://www.linkedin.com/in/dmuth.

[Edit: Fixed remark about Extensible Firmware Interface. Thanks, Jeff!]

4.68
Average: 4.7 (25 votes)
Your rating: None

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.
ardmorekim's picture
Offline
Last seen: 1 year 36 weeks ago
Joined: 2007-06-19 :28
Posts:

Great investigation, Doug, on a frankly shocking subject. I can't wait to read more.

5
Average: 5 (6 votes)
Your rating: None
carla's picture
Offline
Last seen: 6 weeks 3 days ago
Joined: 2008-01-03 :36
Posts:

Doug IS the best, isn't he?
____________________________________________________________
L'homme est né libre, et partout il est dans les fers/Man is born free, yet he is everywhere in chains.–Jean Jacques Rosseau. The Social Contract, 1762

5
Average: 5 (7 votes)
Your rating: None

"Well behaved women rarely make history" - Laurel Thatcher Ulrich

john Haines's picture
Offline
Last seen: 1 week 1 day ago
Joined: 2009-07-15 :31
Posts:

I'll second that -- Doug IS THE BEST! Nice feedback. Thanks.

5
Average: 5 (6 votes)
Your rating: None
bobguzzardi's picture
Offline
Last seen: 1 year 3 weeks ago
Joined: 2006-01-13 :07
Posts:

Yup Doug is the Best

5
Average: 5 (1 vote)
Your rating: None
Ardmore's picture
Offline
Last seen: 1 year 31 weeks ago
Joined: 2006-10-24 :56
Posts:

Doug - nice work - you seemed to try all the options and more that I would have thought of. That being said, I was shocked by your conclusion:

"This is a serious privacy risk and I cannot recommend the use of the laptops at this time."

OK - just saying that this is school property and should be used for school work... but IF you are going to do anything illegal, wouldn't you not recommend using school property to do it? I mean, I assume that is what you are saying - that because you cannot be sure that you aren't being monitored, you shouldn't use the compuer, when you are doing illegal things?

If my daughter is on the computer, she is doing school or school-related work. No AIM, Facebook, etc. We have our own computers for that. I also have a rule that my children can't break the law and commit crimes - other families in lower merion, the lawsuit family included, don't share that philosophy, but I do what I can.

I think this comes back to why giving kids laptops was a stupid plan by the school district, but let's not mix-up what the argument is about.

2.5
Average: 2.5 (8 votes)
Your rating: None
dmuth's picture
Offline
Last seen: 6 weeks 2 days ago
Joined: 2005-09-13 :35
Posts:

OK - just saying that this is school property and should be used for school work... but IF you are going to do anything illegal, wouldn't you not recommend using school property to do it?

Not quite what I'm saying there. The desire for privacy != wanting to do illegal things.

A relevant example was given in an email that I was CCed on, wherein one parent mentioned that their daughter would undress while the laptop was on her desk. Definitely not illegal, but I'd say she has a right to privacy there.

And that's part of the problem. If whatever software the school had installed would be taking screen captures, that's one thing. But by taking pictures of the user, that's entirely different. It's pretty difficult to determine if the legitimate user of a computer is doing something inappropriate just by looking through the web cam.

I touched on it before, but I'll make it clear: The only reason the school district should have ever accessed the webcam remotely is in the event of a laptop being reported lost of stolen. And in that case, there had better be paper trail clearly documenting who reported it lost/stolen and when, and who accessed the remote web cam, when they accessed it, and what pictures were taken. If LMSD doesn't have that kind of documentation, they're sunk.

5
Average: 5 (3 votes)
Your rating: None
bobguzzardi's picture
Offline
Last seen: 1 year 3 weeks ago
Joined: 2006-01-13 :07
Posts:

If you have your own computers (plural), why did school district have to buy you another one?

If a person did not have a computer because you could not afford it , and the government buys one because you can't afford it, does that person have less need for personal use than you.

And what is harm in personal use for the student. I thought the stated School District purpose of spying was for "inappropriate" use and to track lost or stolen computers. Nothing prohibits user, as I read the comments, from personal, appropriate use like surfing web, Facebook, instant messaging, etc.

5
Average: 5 (1 vote)
Your rating: None
LexoTime5's picture
Offline
Last seen: 1 year 6 weeks ago
Joined: 2009-04-01 :31
Posts:

Students are required to accept a government-issued laptop, complete with remote activated camera and microphone, and bring it into their homes. That's just incredible. Every time I think about that I am in disbelief.

Consider, though, that it would be equally bad if it was only issued to families who could not afford their own laptop. Those people also should not have to accept a government camera and microphone into their private homes.

I hope the FBI are doing a thorough forensic check on the computer systems to see all the images ever captured by the school district. Not just the 42 confessed activations of the "security feature" but also the numerous reported instances that students report of their green camera light blinking on unexplained, inside the classroom and out.

Also consider the incredible damage that could have been done if any prank-minded individuals had chosen to stage a compromising scene for the school district's camera to capture. That would have been the end of our school district, the end of our good schools, and the "property values" -- that some say is the school board's primary charge for maintaining -- would be flushed down the toilet.

5
Average: 5 (2 votes)
Your rating: None
politeia's picture
Offline
Last seen: 4 weeks 6 days ago
Joined: 2008-07-30 :00
Posts:

I have a feeling this will harm propery values as is. Home buyers who are parents really look into school districts, and there is no doubt in my mind this will push Lower Merion Township down the pecking order of choices of parents who are moving into this area.

=================

Brotherhood of Thieves

~ As we must account for every idle word, so must we account for every idle silence.

5
Average: 5 (2 votes)
Your rating: None

 

 

LexoTime5's picture
Offline
Last seen: 1 year 6 weeks ago
Joined: 2009-04-01 :31
Posts:

Yeah, Lower Merion is finally world famous. Whenever you tell someone that you're from Lower Merion they're immediately going to say "Oh that place where the schools peep into the kids' houses."

5
Average: 5 (1 vote)
Your rating: None
politeia's picture
Offline
Last seen: 4 weeks 6 days ago
Joined: 2008-07-30 :00
Posts:

Awesome work Doug.

Every parent of a Lower Merion student should be aware of this post.

I sure many parents probably feel this is being blown out of proportion, but this technical analyses indicates children can be spied on at anytime.

Parents should not be returning laptops as requested to LMSD, but rather getting a computer expert to check logs to see if the computers their children use have had the webcam used to spy on them at any time, let alone moments one would expect absolute privacy.

And then send LMSD the bill for having a computer expert examine the computer.

=================

Brotherhood of Thieves

~ As we must account for every idle word, so must we account for every idle silence.

5
Average: 5 (7 votes)
Your rating: None

 

 

LexoTime5's picture
Offline
Last seen: 1 year 6 weeks ago
Joined: 2009-04-01 :31
Posts:

There are a few apps that make use of the mounted Mac camera, most notably Photobooth. It comes standard with the OS nowadays. Do you suspect that there is actually no local control over the camera in the LM issued laptops whatsoever? Could it be that the camera can only be switched on remotely?

5
Average: 5 (1 vote)
Your rating: None
chips's picture
Offline
Last seen: 1 year 43 weeks ago
Joined: 2009-02-20 :45
Posts:

LexoTime5 ~ You are correct that Photobooth could have been turned on accidentally by the students but it can also be accessed remotely by whoever controls the system password.

I have read several reports of owners of stolen Macbooks helping the police catch the thieves by taking Photobooth pictures of them and by tracking their WiFi location. Here is one from the NY Times:

“Back to My Mac” is part of an online service that costs $99 per year and allows users to gain access to their personal computer from any connected Macintosh computer with the operating system Leopard. The software that Ms. Duplaga used to take a picture of the thief, called PhotoBooth, is standard on all newer Apple laptop models, perhaps an unintended new frontier in crime-fighting.

5
Average: 5 (4 votes)
Your rating: None
dmuth's picture
Offline
Last seen: 6 weeks 2 days ago
Joined: 2005-09-13 :35
Posts:

I was unaware of that app when I was using the Macbook, so I have no idea.

Speaking of which, this comes from a friend of mine regarding her boyfriend's laptop:

He's been putting dark tape and sticky notes over the cam for a while anyway because he saw the "on" light come on when he wasn't using the cam...pretty darn creepy!!!

Yeah, that's creepy alright.

Parents are talking about contacting the DA's office to file criminal complaints now. Here is their contact info:

General Information
By Mail:
Office of the District Attorney
Court House 4th floor
P.O. Box 311
Norristown PA 19404-0311

By Phone:
Legal Division - (610) 278-3090
Detective Bureau - (610) 278-3368
(after 5:00 pm call (610) 275-1222)

By Fax:
(610) 278-3095

5
Average: 5 (2 votes)
Your rating: None
outtathere's picture
Offline
Last seen: 2 years 3 weeks ago
Joined: 2009-12-31 :04
Posts:

Great news! I hope these parents proceed with this ASAP. The District Attorney needs to dispatch detectives on this before the School District has a chance to destroy evidence. Time is of the essence.

5
Average: 5 (1 vote)
Your rating: None

"The Revolution Will Not Be Televised.":Gil Scott-Heron 1970 http://www.youtube.com/watch?v=rGaRtqrlGy8

carla's picture
Offline
Last seen: 6 weeks 3 days ago
Joined: 2008-01-03 :36
Posts:

Karen & Savanna were terrific on the CBS Morning Show

k3
_____________________________________________________________
L'homme est né libre, et partout il est dans les fers/Man is born free, yet he is everywhere in chains.–Jean Jacques Rosseau. The Social Contract, 1762

5
Average: 5 (1 vote)
Your rating: None

"Well behaved women rarely make history" - Laurel Thatcher Ulrich

bobguzzardi's picture
Offline
Last seen: 1 year 3 weeks ago
Joined: 2006-01-13 :07
Posts:

Good for Karen taking this national. The Spying Laptop story is on Drudge and on www.grassrootspa.com

Who is "Savanna". good work.

The insulated arrogance of the Lower Merion School District, and the School Board, has reached new levels.

5
Average: 5 (3 votes)
Your rating: None
carla's picture
Offline
Last seen: 6 weeks 3 days ago
Joined: 2008-01-03 :36
Posts:

Savanna is Karen's daughter, who attends Harriton. Look for more national coverage this week on TV I think.
_____________________________________________________________
L'homme est né libre, et partout il est dans les fers/Man is born free, yet he is everywhere in chains.–Jean Jacques Rosseau. The Social Contract, 1762

5
Average: 5 (2 votes)
Your rating: None

"Well behaved women rarely make history" - Laurel Thatcher Ulrich

Kokomo Joe's picture
Offline
Last seen: 1 year 18 weeks ago
Joined: 2010-01-06 :07
Posts:

dmuth, does/can someone with the ability to activate the camera also have access to other files on the hard drive? Could they see picture galleries, personal information etc? Could the 'incriminating' image have been taken by the webcam, then stored on his computer, and later found by someone who remotely roots through students' computers from the comfort of a dark room?

I'm also intrigued by the LMSD response. It declares, in the face of these accusations, that the 'security feature' has only been used in cases of lost, stolen or missing laptops. Is this statement a subtle indictment of the plaintiff? Or, is it damage control in the event that it is later discovered that a rogue administrator(Drunk were in fact using the webcams for 'spying' purposes? In other words, "We didn't know somebody was doing this."

5
Average: 5 (2 votes)
Your rating: None
outtathere's picture
Offline
Last seen: 2 years 3 weeks ago
Joined: 2009-12-31 :04
Posts:

Kokomo Joe,

Also bear in mind that the District claims that it 'deactivated' the 'security' feature yesterday. If their other claim were true, that they only 'activated' it to track a lost or stolen computer, there would be nothing to DE-activate yesterday. The default state of the program would already be 'de-activated'. Their story doesn't add up in it's totality. It is nothing but damage control and a lousy job of it, at that.

5
Average: 5 (2 votes)
Your rating: None

"The Revolution Will Not Be Televised.":Gil Scott-Heron 1970 http://www.youtube.com/watch?v=rGaRtqrlGy8

dmuth's picture
Offline
Last seen: 6 weeks 2 days ago
Joined: 2005-09-13 :35
Posts:

dmuth, does/can someone with the ability to activate the camera also have access to other files on the hard drive?

That would depend on the software that is installed. If the person can get a shell prompt (aka the terminal), then there's a lot they can get to. And if they can get root access, it's game over.

Could the 'incriminating' image have been taken by the webcam, then stored on his computer, and later found by someone who remotely roots through students' computers from the comfort of a dark room?

This is entirely possible, yes. At this point, I am still unaware of a way to turn on/off the webcam from the keyboard.

5
Average: 5 (1 vote)
Your rating: None
outtathere's picture
Offline
Last seen: 2 years 3 weeks ago
Joined: 2009-12-31 :04
Posts:

I think that the school does, under the Terms of Use, maintain the right to search the hardrives of the computers loaned to the students. I don't have a big problem with that so long as the students AND their parents are made aware of it.

That is a far different issue than using the webcam in real time to spy on a student.

3.666665
Average: 3.7 (3 votes)
Your rating: None

"The Revolution Will Not Be Televised.":Gil Scott-Heron 1970 http://www.youtube.com/watch?v=rGaRtqrlGy8

chips's picture
Offline
Last seen: 1 year 43 weeks ago
Joined: 2009-02-20 :45
Posts:

does/can someone with the ability to activate the camera also have access to other files on the hard drive?

Yes. You have full remote access to your Mac using the “Back to My Mac” service. You can change passwords, transfer files and track the computer's location if it's connected to WiFi. It's a nice service if you control the system password.

The fact is that you can gain remote access from any Mac anywhere using the “Back to My Mac” service and the proper system password — the implications of that are huge if LMSD's passwords have been compromised or abused.

5
Average: 5 (3 votes)
Your rating: None
caphector's picture
Offline
Last seen: 4 years 35 weeks ago
Joined: 2010-02-22 :27
Posts:

This is partly incorrect: Back to My Mac can be used to access a computer remotely, but only if both machines are signed into the same MobileMe account AND enabled for Back to my Mac.

It is not correct that you can get into ANY Mac ANYWHERE with Back to My Mac. In any case, I don't think this applies here, since the district was not using Back to My Mac.

5
Average: 5 (1 vote)
Your rating: None
adp113's picture
Offline
Last seen: 4 years 35 weeks ago
Joined: 2010-02-19 :13
Posts:

The easiest and safest method for dealing with out of control peeping school administrators is to return the laptops to the superintendent's office with a no thanks note.

There is no such thing as a free lunch or laptop

Take back your privacy and give back the laptops

3
Average: 3 (4 votes)
Your rating: None
carla's picture
Offline
Last seen: 6 weeks 3 days ago
Joined: 2008-01-03 :36
Posts:

piZap.com free online photo editor, fun photo effects

5
Average: 5 (2 votes)
Your rating: None

"Well behaved women rarely make history" - Laurel Thatcher Ulrich

concernerd's picture
Offline
Last seen: 4 years 9 weeks ago
Joined: 2010-02-20 :33
Posts:

I have been reading a lot about this situation and have a few points:

First, dmuth, please pull the hard drive of the laptop and take a look at it with a different computer, it should show a lot of logs.

Second, there are 2 types of software which are being talked about here. The first is a 'LoJack' type of software which the school says has only been activated 42 times (funny number) in case of theft. This is the software that they say has been "deactivated".

The second type of software is Apple's Remote Desktop (ARD) which can be very useful in a classroom environment. This software can view the entire screen of a remote computer with or without the user's knowledge. I would suppose that MANY teachers have this permission and can probably see all of the students. Each teacher could then create a group to only include specific students within a class. One could also create a group of "unruly" students, and could watch this group throughout the day!

The true terror here is if (a) IT has created a VPN link which always wants to connect to the school network, and (b) Bonjour is configured to traverse this link. Then ANY Teacher with ARD permissions can see any desktops they wish, at any time, whenever the laptop has a network/internet connection. They could ALSO activate the Webcam or any other software via stealth mode (with the exception of the green light on the webcam).

5
Average: 5 (6 votes)
Your rating: None
outtathere's picture
Offline
Last seen: 2 years 3 weeks ago
Joined: 2009-12-31 :04
Posts:

I have been reading a lot about this situation and have a few points:

First, dmuth, please pull the hard drive of the laptop and take a look at it with a different computer, it should show a lot of logs.

It's a mystery to me why you have '6 points' for this post. You seem to be 'concerned' to the point where you've taken leave of your senses. You're advising 'dmuth' to pull the hard drive of a laptop which is School District property ?? Are you for real???? If dmuth were to pursue this course of action, not only he, but the borrower of the laptop as well, would be subject to action by the District and probably guilty of a crime or crimes as well. What are you thinking?

3.666665
Average: 3.7 (3 votes)
Your rating: None

"The Revolution Will Not Be Televised.":Gil Scott-Heron 1970 http://www.youtube.com/watch?v=rGaRtqrlGy8

concernerd's picture
Offline
Last seen: 4 years 9 weeks ago
Joined: 2010-02-20 :33
Posts:

OK, you may not wish to tamper with school district property. I, on the other hand believe it is my right and oblibation to inspect anything which comes into my home or is issued to my child. I would create an image (bit copy) of the hard drive and investigate that, so no actual harm would be done to 'school district property'. If the school district does not want people to investigate their equipment then perhaps they should not allow it to leave school property.

When they issue a computer to my child, and my child brings this computer into my home then their computer is on my network, and thus it needs to behave. If the school issued my child an automobile, I would look it over. If I received reports of something unsafe with the vehicle, then I would check it out or have a professional check it out. I do this with both my and my wife's company issued laptops as well as my company issued automobile.

I was really focusing on the ARD aspects of this issue. What if Johnny and Suzie were having a video chat or typing back and forth to each other? The ARD could see their screens and what they were seeing. There is no need to activate the camera since it is already on! The other implication is the number of people (teachers) who may have access to this and the ability to 'watch' a huge number of students. This would not be the case of 2 IT guys getting 42 specific requests, it would be a whole lot more.

Please take a look at the PBS Focus video mentioned on a different thread, then go to Apple's web site and look at the documentation about ARD.

5
Average: 5 (1 vote)
Your rating: None
gruselcabinet's picture
Offline
Last seen: 4 years 35 weeks ago
Joined: 2010-02-22 :50
Posts:

Try to do a bitcopy with dd and then run it on a Virtual Machine (VM). Then you can debug the processes that are running and this remote cam software is still active, but the client (from the school's side) not running ("deactivated", lol, good name for not running a software).

I think some guys from the Chaos Computer Club would be very interested to get a HDD copy.

The argumentation of the school to "track down stolen laptops" is sick. Do they really expect a thief holding the open laptop against a street sign so they could read the location? The only way to track down stolen things is an integrated GPS locator.

5
Average: 5 (1 vote)
Your rating: None
Kokomo Joe's picture
Offline
Last seen: 1 year 18 weeks ago
Joined: 2010-01-06 :07
Posts:

So, how come apple, Pennsylvania, the laptop distributor and others are not also named in this lawsuit? Why is it only Lower Merion? Somebody sold LMSD on the idea of this remote camera's abilities to find missing computers. If it were so illegal, I would think apple would have something to say about it.

And, did anyone (kid, parents) ever see this 'image' of the kid misbehaving taken by the camera, or just hear about it? I'm not making excuses for anyone. I don't like the idea of schools' using this technology. It could too easily be abused by the wrong person or people.

3
Average: 3 (2 votes)
Your rating: None
politeia's picture
Offline
Last seen: 4 weeks 6 days ago
Joined: 2008-07-30 :00
Posts:

LMSD never stated to the students they gave these laptops to or to the parents (in writing or verbally) that they would use the webcam to track down lost or stolen laptops.

For all we know, LMSD just made this up to cover its tracks - assuming the allegation in the lawsuit are true.

Only time, law enforcement investigation and discovery in the civil lawsuit will tell.

=================

Brotherhood of Thieves

~ As we must account for every idle word, so must we account for every idle silence.

5
Average: 5 (2 votes)
Your rating: None

 

 

LexoTime5's picture
Offline
Last seen: 1 year 6 weeks ago
Joined: 2009-04-01 :31
Posts:

I don't know the answer to the "why only Lower Merion" question, but it could well have something to do with the wiretapping laws of the commonwealth, which are quite unique in the country. So where else in Pennsylvania does one find full coverage of mandatory government-issued laptops? Possibly nowhere. We could simply be unlucky enough to be the first.

5
Average: 5 (1 vote)
Your rating: None
Kokomo Joe's picture
Offline
Last seen: 1 year 18 weeks ago
Joined: 2010-01-06 :07
Posts:

I'm not so sure wiretapping applies, in this case. To my understanding, wiretapping is illegal interception of communications. While snapping a pic of someone in their bedroom may be an invasion of privacy, unless they were reading this person's email and IMs, I don't think it's a wiretap. Of course, we will see.

3.666665
Average: 3.7 (3 votes)
Your rating: None
nottelling's picture
Offline
Last seen: 4 years 34 weeks ago
Joined: 2010-02-23 :39
Posts:

To remove the Firmware Password, take the battery off the MacBook, unscrew the three screws which grant access to the RAM slots, and take out one of the two sticks of RAM. Then, screw it back together, put the battery back in and start it up. As it's starting up, type Command + Option + P + R to remove the Firmware Password. It will effectively be gone and you can add new accounts until the cows come home.

Now that's done, it'll stay off. You can go back and take the battery back off and add the second RAM stick to speed the computer back up, but the Firmware Password won't return until it's manually re-added (requiring physical access to the machine).

Please do so in order to provide more information on the software available.

5
Average: 5 (3 votes)
Your rating: None
pulaa's picture
Offline
Last seen: 4 years 27 weeks ago
Joined: 2010-04-19 :33
Posts:

Great job Doug!Keep up the good work!

5
Average: 5 (1 vote)
Your rating: None

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.