Mac-targeted malware is evolving. It is nothing new that malware can tap into the webcam, mic and keyboard. It now aims to exploit webcams to snoop on its victims.
Patrick Wardle, an ex-NSA hacker with a penchant for finding novel Apple Mac hacks, has proposed a new way snoops might spy on people via their webcams.
Mac computers by design made their camera shareable for multiple apps at the same time. It is also known that some malicious apps ask for webcam and other permissions from your computer.
Unlike with current Mac malware strains – like Eleanor and Crisis – the app wouldn’t just start using the camera, as the LED light would turn on and alert the user.
Wardle’s concept malware works up in a way that it would patiently wait for apps to use the camera like Skype or Google Hangouts and piggyback and start recording the victim.
It is possible that there is already a malware out there that does this.
Statistically, when Mac users are using their webcams, it might be something important, interesting, or even sensitive things. This is what the malware would be targetting to profit from. They would be targetting these things.
Wardle has created a basic tool named OverSight. Its primary task is to alert Mac owners whenever a program is asking for permission to access the camera.
This gives the user the option to either reject or allow access. It also keeps logs of what permissions were granted, useful for businesses who want to check when employees allowed recordings when they shouldn’t have.
Given the facts above, Oversight the utility has limitations in this initial release : “The current version of OverSight utilizes user-mode APIs in order to monitor for audio and video events. Thus any malware that has a kernel-mode or rootkit component may be able to access the webcam and mic in an undetected manner.”
Basic precaution is to download the latest Mac OS X software and avoid downloading apps from suspicious web sites.
Earlier this week, another security problem emerged for Apple when a developer found iMessage on iOS 10 and MacOS Sierra 10.12 would expose potentially-sensitive information, including IP address and OS version, when a link was posted in a chat.
“It’s reasonable to believe that there is potential that an exploit found in Safari could be triggered without the target even browsing to the site, simply by sending them an iMessage containing that URL,” wrote Ross McKillop.
Apple is planning to update iOS 10 to stop using weak iTunes backup passwords as a security measure.