Skip to main content

Malware allows attackers to silently steal webcam video from your Mac, expert says

mac webcam hacking vulnerability facetime
radub85/123rf.com
Most people might assume that they’re safe from being surreptitiously recorded as long as their webcam LED remains unlit. After all, manufacturers implement safeguards at the firmware level to ensure that if a webcam is being used to stream or record, then its light will be on. Unfortunately, that’s only half the story.

Former NSA employee Patrick Wardle is presenting data at Thursday’s Virus Bulletin conference that demonstrates it’s possible for a nefarious party to install malware on a Mac that will monitor for legitimate webcam usage and then steal the video stream for its own purposes. Doing so would provide no visual indication of the attack, and so victims would have no reason to limit their activities accordingly, as 9to5Mac reports.

Related Videos

Wardle is director of research at Synack, a company that describes itself as a “global team of ethical hackers,” and his conference talk will focus on techniques being developed to monitor for such “secondary” attacks. Wardle has released a free tool that lets users know when such an attack is underway, meaning that you can end that sensitive business video conference or private conversation with your significant other and save yourself some loss of privacy or financial loss.

This isn’t Wardle’s first time at bat when it comes to discovering Mac security flaws. He discovered a method by which malware could get around Apple’s Gatekeeper security feature and inject itself into a system merely by placing code in the same folder as an authorized app. He also identified a trivial workaround that an attacker could use to leverage the Rootpipe vulnerability even on Macs updated with Apple’s patch aimed at addressing the issue.

To safeguard your Mac from attackers who might be stealing your webcam video, you can download and install Wardle’s tool, called OverSight, on any Mac running MacOS 10.10 or later. The small app will monitor the mic and webcam and let users know when a piece of malware has accessed the microphone or webcam. You can then choose to allow or block the process.

Wardle cautions that like all security tools, OverSight is not immune to circumvention by dedicated attackers. Malware running at the lowest levels of a system could possibly access the microphone and webcam without being detected by a tool such as OverSight, And so, the possibility remains that an attacker could be accessing your audio and video regardless, leaving all of us to feel just a tiny bit less secure.

Editors' Recommendations

Update your Mac now to patch this crucial security flaw
The MacBook Air on a table in front of a window.

Apple just released another critical security update with the zero-day fixes appearing in MacOS Monterey 12.6 and Big Sur 11.7. The vulnerability even affects the iPhone and iPad, requiring an update to iOS 15.7 and iPadOS 15.7 to protect these devices.

This is the eighth zero-day this year, putting Apple on track to beat last year's unfortunate record of 12 zero-day flaws.

Read more
Developers help older Macs do something Apple won’t allow
Apple's Craig Federighi using an iPhone as a webcam with Continuinty Camera in macOS Ventura.

They said your Mac was too old for the latest and greatest Mac OS upgrade. They told you to buy a new Mac instead. Apple can be a harsh companion. But I'm here to tell you there is another way, the way of MacOS Ventura on older Macs.

The team of developers behind the OpenCore Legacy Patcher, a free software tool that allows unsupported Macs to run Big Sur and Monterey, is working on bringing Ventura into the fold. No longer can Big Apple tell you what you do with your Mac.

Read more
This vulnerability allowed hackers to access every aspect of your Mac
The MacBook Air on a table in front of a window.

Apple just released an update for your Mac and MacBook that includes two important security fixes. The vulnerability is in MacOS Monterey and you need to have version 12.5.1 to keep your Mac safe from active exploits.

An active exploit is a computer security term that means this security flaw has already been found and used by hackers. While the full details of the vulnerabilities are being withheld to give people a chance to download the update, Apple did share some information about the issues.

Read more