It's not because Mac OS X is getting worse every day, but because hackers are getting smart and sophisticated these days.
The bad news for Mac users is that malware targeting webcams and microphones has now come up for Mac laptops as well.
Patrick Wardle, an ex-NSA staffer who heads up research at security intelligence firm Synack, discovered a way for Mac malware to tap into your live feeds from Mac's built-in webcam and microphone to locally record you even without detection.
Wardle is the same researcher who has discovered a number of security weaknesses in Apple products, including ways to bypass the Gatekeeper protections in OS X.
Wardle also released a free tool called RansomWhere? earlier this year that has generic detection capabilities for Mac OS X ransomware variants.
Wardle is scheduled to present his new findings at the Virus Bulletin conference in Denver later today, along with his research demonstrating how malware could easily piggyback on your legitimate webcam sessions to keep its spying activity hidden.
Yes, piggybacking legitimate webcam sessions initiated by you.
Here's How Mac Malware Works:
Since Mac's firmware-level protection lights the green LED for any unauthorized access to user's webcam, Wardle believes that attackers can use a malicious app that quietly monitors the system for any outgoing feed of an existing webcam session – like a Skype or FaceTime call – where the light indicator would already be ON.
The malware then piggybacks the victim's webcam or microphone to secretly record both audio and video session, without any visible indication of this malicious activity and any fear of detection.
In his paper presentation, titled 'Getting Duped: Piggybacking on Webcam Streams for Surreptitious Recordings,' Wardle outlines the threat along with countermeasures to detect "secondary" processes that try to access an existing video session on OS X.
How to Prevent Your WebCam and Mic from Being Hacked
Oversight is a free download from Wardle’s website.
Moreover, physically covering your webcam – like what Facebook CEO Mark Zuckerberg and FBI Director James Comey do – also offers a low-tech approach to keeping snoopers away.
Popular Deals From Our Store
Ethical Hacking Certification Training
Get Professional Ethical Hacking Certifications: CEH, CHFI, CISM, CISA, CISSP Trainings.
96% Off Get this Deal
Computer Hacking Forensic Investigation
Online Hands-on Training with Lifetime Access to Forensic Investigation Certification Classes.
98% Off Get this Deal