Skip to main content

Malware allows attackers to silently steal webcam video from your Mac, expert says

mac webcam hacking vulnerability facetime
radub85/123rf.com
Most people might assume that they’re safe from being surreptitiously recorded as long as their webcam LED remains unlit. After all, manufacturers implement safeguards at the firmware level to ensure that if a webcam is being used to stream or record, then its light will be on. Unfortunately, that’s only half the story.

Former NSA employee Patrick Wardle is presenting data at Thursday’s Virus Bulletin conference that demonstrates it’s possible for a nefarious party to install malware on a Mac that will monitor for legitimate webcam usage and then steal the video stream for its own purposes. Doing so would provide no visual indication of the attack, and so victims would have no reason to limit their activities accordingly, as 9to5Mac reports.

Wardle is director of research at Synack, a company that describes itself as a “global team of ethical hackers,” and his conference talk will focus on techniques being developed to monitor for such “secondary” attacks. Wardle has released a free tool that lets users know when such an attack is underway, meaning that you can end that sensitive business video conference or private conversation with your significant other and save yourself some loss of privacy or financial loss.

This isn’t Wardle’s first time at bat when it comes to discovering Mac security flaws. He discovered a method by which malware could get around Apple’s Gatekeeper security feature and inject itself into a system merely by placing code in the same folder as an authorized app. He also identified a trivial workaround that an attacker could use to leverage the Rootpipe vulnerability even on Macs updated with Apple’s patch aimed at addressing the issue.

To safeguard your Mac from attackers who might be stealing your webcam video, you can download and install Wardle’s tool, called OverSight, on any Mac running MacOS 10.10 or later. The small app will monitor the mic and webcam and let users know when a piece of malware has accessed the microphone or webcam. You can then choose to allow or block the process.

Wardle cautions that like all security tools, OverSight is not immune to circumvention by dedicated attackers. Malware running at the lowest levels of a system could possibly access the microphone and webcam without being detected by a tool such as OverSight, And so, the possibility remains that an attacker could be accessing your audio and video regardless, leaving all of us to feel just a tiny bit less secure.

Editors' Recommendations

Mark Coppock
Mark has been a geek since MS-DOS gave way to Windows and the PalmPilot was a thing. He’s translated his love for…
Ranking the best (and worst) versions of macOS from the last 20 years
An Apple iMac from 2019 placed on a desk. The macOS Mojave operating system is on its display.

Apple’s macOS operating system is known for its stability and features, but it wasn’t always this way. Throughout the history of macOS (and OS X before it), there have been some real stinkers that Apple would probably rather we all forgot about. Yet there have also been some classic versions that still live fondly in the memories of Mac users new and old.

In this article, we’ve picked five of the best versions of Apple’s Mac operating system, as well as five of its worst, presented in chronological order. We’ve started with the launch of OS X 10.0 in 2001 and continued right up to the present, past the operating system’s rebranding as macOS in 2016. If Windows is your speed, we've also ranked the best Windows versions of all time. Let’s explore Apple’s greatest hits -- and some of its worst howlers.
Worst: OS X 10.0 Cheetah (2001)

Read more
This critical macOS flaw may leave your Mac defenseless
A close-up of a MacBook illuminated under neon lights.

Apple’s macOS operating system has such a strong reputation for security that many people mistakenly believe Macs simply aren’t affected by malware. Well, Microsoft has served up a reminder that that’s not true, as the company has identified a serious vulnerability that affects one of macOS’s most important lines of defense.

According to Bleeping Computer, the bug was first reported by Jonathan Bar Or, Microsoft’s principal security researcher, who named the flaw Achilles. It is now tracked as CVE-2022-42821.

Read more
Beware — even Mac open-source apps can contain malware
A pair of glasses rests on a desk in front of multiple computer monitors filled with code.

Installing apps on a Mac is generally considered to be safer than doing so on Windows and open-source software is usually benign but there are exceptions to both of these assumptions that can do untold damage to your privacy and security.

A recent discovery by Trend Micro provides a startling example of this risk. An open-source app designed to help Mac owners with iPhone and iPad app signing has been altered to include a nasty hack that steals your Apple Keychain data. The original app is called ResignTool and it’s available for free on the popular open-source site, GitHub. The app is six years old and both the code and the ready-to-run app can be downloaded from GitHub. That isn’t the problem.

Read more