Security researcher and former NSA staffer Patrick Wardle has demonstrated a way for Mac malware to tap into the live feeds of a Mac’s built-in webcam and microphone. His presentation was delivered at the Virus Bulletin conference in Denver, earlier this week.
While any access to the webcam will cause the cam’s green LED to light up, alerting Mac users that the webcam is on, Wardel’s demonstration showed how malware can access the outgoing feed of an existing video session, such as that during a Skype or FaceTime call, where the light would already be lit.
His paper is: Getting Duped: Piggybacking on Webcam Streams for Surreptitious Recordings.
After examining various ‘webcam-aware’ OS X malware samples, the research will show a new ‘attack’ that would allow such malware to stealthily monitor the system for legitimate user-initiated video sessions, then surreptitious piggyback into this in order to covertly record the session. As there are no visible indications of this malicious activity (as the LED light is already on), the malware can record both audio and video without fear of detection.
Wardel has created an app that will monitor the mac’s webcam and microphone, alerting you when a new process accesses either device. The app is called Oversight, and is a free download from Wardle’s website.
Other webcam and microphone monitoring apps are also available for the Mac, including Camera Guard Professional 2016, which allows customized monitoring of your Mac’s camera and mic. MacTrast is giving away 5 free copies. The deadline to enter is this afternoon, Frida, Oct. 7, at 3:00PM Central time. We’ll announced the 5 lucky winners, soon after the deadline. Enter to win here.