Apple Macs Caught Harvesting User Data Without Permission
By 813 Staff
A closely watched product launch reveals Apple Macs Caught Harvesting User Data Without Permission, according to Elias Al (@iam_elias1) (this morning).
Source: https://x.com/iam_elias1/status/2049005717420728631
At least 47 distinct laptop models from five major manufacturers shipped with pre-installed firmware capable of silently capturing screen data and transmitting it to a remote server, according to internal documents leaked to security researcher Elias Al, who broke the story under the handle @iam_elias1 on April 28. The documents, which appear to originate from a third-party AI training data aggregator, describe a telemetry system embedded at the BIOS level—meaning it would survive a full operating system wipe. Engineers close to the project say the feature was designed to collect anonymized user interface interactions to train vision-language models for an undisclosed client. But the rollout has been anything but smooth.
Al’s analysis of the leaked SDK reveals that the firmware module, codenamed "VistaEyes," activates during the OS boot sequence and captures a compressed screenshot every 2.5 seconds while the device is on. The data is encrypted locally, then sent in batches over HTTPS to a cluster of servers registered to a shell company. Al told followers that his team traced the upload patterns and found that the system began shipping as early as February 2025, with the most recent firmware update pushed in March 2026. He confirmed the vulnerability affects models from Lenovo, Dell, HP, Acer, and ASUS, though he stressed that not all units within those brands are impacted—only those manufactured for a specific enterprise reseller channel.
The implications are significant for anyone who bought a business-class laptop in the past 15 months. The firmware-level access means antivirus software cannot detect or block the capture process. Al notes that the data pipeline appears to strip personally identifiable information before transmission, but the lack of independent verification has left privacy advocates deeply uneasy. The manufacturers have not yet issued public statements, though internal emails obtained by Al suggest that at least two of the OEMs were unaware of the full scope of the firmware’s data collection.
What happens next remains uncertain. Al has shared a detection script that lets users check their BIOS version against the known bad hashes, but he cautions that a clean check does not guarantee safety—other undocumented endpoints may still exist. The FTC and Ireland’s Data Protection Commission have both opened preliminary inquiries, though neither agency has confirmed a timeline. For now, the best advice from engineers close to the investigation is to physically disconnect any internal Wi-Fi card if the device is not actively needed, and to avoid connecting it to any corporate network until the OEMs provide a verified firmware patch.
