Previous hacks of the iSight cam involved rewriting the firmware of that separate microcontroller. IIRC there was also a delay at one point, so that it was possible to take a picture really fast before the LED turned on.
Correct, since 2009 roughly, the sensor power was tied into the LED, so if the sensor had enough power to register an image, the LED would have to be on. Apple modified the circuitry specifically because of the old exploit.
