Apple's MacOS is known to be one of the more secure operating systems out there. However, due to its increasing popularity and expanding user base, hackers and cybercriminals are starting to victimize iMacs and MacBooks more and more.
One particular worrisome attack is webcam hijacking and spying. These kinds of exploits allow hackers to secretly record video and audio from a compromised computer.
We've warned you about recent Mac malware like Eleanor and the cross-platform threat Mokes that purport to take over webcams, but unauthorized activity from these infections is easy to spot. The Mac's built-in iSight video camera has firmware-level protection that turns on the embedded camera's LED light whenever it's in use, even by malware.
This makes it harder for hackers to access the Mac's camera undetected since the light indicator always alerts the user whenever the camera is being used. If your webcam light turns on without your consent, then that's a sure sign that someone is accessing it remotely.
But what if the malware activates when you are using your Mac's camera on purpose?
Piggybacking on legitimate apps
In a security demonstration this week, ex-NSA and NASA employee Patrick Wardle, wrote a malware sample that showed how hackers can spy and record audio and video within a Mac webcam stream by hiding within legitimate apps like Skype, Google Hangouts or FaceTime.
Since the victim expects the webcam light to be on during these video sessions, the malware could pilfer the video and audio stream without being detected. These recordings could then be sent and filed to a remote server for whatever purpose a hacker will use them for.
This false sense of security implies an even graver consequence. What if you are in an intimate FaceTime session or discussing confidential business matters with your boss via Skype? If this malware is deployed successfully, a hacker could record these private conversations without detection.
To help combat these kinds of potential webcam attacks on Macs, Wardle released a free monitoring tool called Oversight.
According to Oversight's notes, the tool can detect if a secondary process accesses the camera while it's already in use. It will then identify the name of the process via a system notification and it will give the user the option to terminate and block the process.
To download this free tool, just head on over to Objective-See's Oversight page. This download page contains download and installation instructions and detailed descriptions of this free application.
To learn more about how hackers are attacking webcams, listen to this free Komando On Demand Podcast: