Your MacBook webcam might be hacked without you knowing

Current webcam-cracking malware could get a stealthy new spin

A security expert has delivered a fresh warning about malware on the Mac, and how he believes existing malicious software could potentially be easily modified to tap into a webcam in a clever and stealthy manner, recording video chats without the user's knowledge.

Mac-targeted malware which aims to exploit the webcam is certainly nothing new – we've seen the likes of Eleanor, Crisis and most recently Mokes which are capable of compromising your webcam (and indeed in the latter case, a whole range of functions from the camera through to the mic and keyboard, recording video, audio and keystrokes).

However, the new warning, which comes from Patrick Wardle, Director of Research at security firm Synack – who specializes in Mac and mobile threats – details the potential for such malware to become much smarter in terms of covertly recording the user without them having a clue that anything dodgy is happening.

In a presentation at the Virus Bulletin conference, based on a paper entitled 'Piggybacking on Webcam Streams for Surreptitious Recordings', Wardle observes that these webcam-cracking strains of malware have a limitation – most Macs have a built-in LED light that's hardwired to indicate when the camera is in use, a clear red flag (or perhaps red light) that something's amiss if you're not actually using the webcam.

However, what if 'webcam-aware' malware, as Wardle labels it, was able to monitor the Mac looking for when the user fired up a video session – and only then did it kick into life to record footage? Of course, the user would never be aware there was any malware present, as the LED indicator would be on anyway due to the fact that they are video chatting.

Wardle does admit that you can cover up your webcam with a bit of tape or similar, which is certainly one fix, but that's not going to help if you actually ever use the thing.

Trivial addition

The good news? There is no known malware which actually pulls this off right now, but as the Register reports, Wardle observes: "I have not seen any malware using this technique at this time [but] this is something that would be trivial for malware to do, and there aren't any tools to detect this capability."

The security expert further noted that just because no malware has been spotted thus far, that doesn't mean there isn't any malicious software out there making use of this particular stealthy exploit – we just might not know about it yet.

The way to combat this? By putting in place measures to detect secondary processes trying to piggyback on a video session, and it's only fair to note that Wardle does have something of an interest in spreading this warning, because he has his own solution that does just this in the form of a security tool by the name of OverSight (although it is a free download).

At any rate, according to the program blurb: "OverSight constantly monitors a system, alerting a user whenever the internal microphone is activated, or the built-in webcam is accessed."

However, there are limitations in this initial release of the utility: "The current version of OverSight utilizes user-mode APIs in order to monitor for audio and video events. Thus any malware that has a kernel-mode or rootkit component may be able to access the webcam and mic in an undetected manner."

Wardle plans to keep working on the software and improve it down the line.

We've reached out to Apple for a comment on this matter, and will update this article as we hear more.