Security Bite: This app will notify you if your Mac’s webcam or microphone is triggered while you’re away.
9to5Mac Security Bite is offered exclusively by: Mosyle, the only Apple integration platform. We’re all about making Apple devices ready to use and secure for enterprise use. Our unique, integrated approach to management and security combines cutting-edge Apple-specific security solutions for fully automated enforcement and compliance, next-generation EDR, AI-powered Zero Trust, and exclusive privilege management with the most powerful and modern Apple MDM on the market. The result is the fully automated Apple Unified Platform, now trusted by more than 45,000 organizations and enabling millions of Apple devices to be effortlessly and affordably ready to use. Request an extended trial Find out why Mosyle is all about working with Apple today.
The built-in green LED privacy indicator on your Mac, combined with the on-screen privacy indicator in macOS, ensures users are alerted in real-time when their webcam or microphone is active. It’s hard to miss them when you’re actively working on your Mac. However, that protection relies on you actually being there and seeing the privacy indicator light up.
But what if you’re away from your Mac and malware triggers your camera or microphone to silently record or eavesdrop? How do you know without seeing it happen?
Well, there’s an app for that.
In a previous Security Bite column, I explained to my begrudging dismay why the plastic webcam covers on modern MacBooks were no longer needed after Apple’s 2008 decision to wire the camera module and LED indicator into the same circuit. This made it impossible to power the webcam unless the green light next to the webcam came on. This design change effectively eliminated the entire type of stealth webcam attack, but other attacks also emerged.
In a comment to this article, Apple security researcher, Objective-See founder, and friend of Security Bite Patrick Wardle suggested his organization’s free open-source tool OverSight as an additional layer of defense.
OverSight has many features, but the key one is the ability to send notifications when your webcam or microphone is activated. That way, when you return to your Mac, you’ll have a log of the events that occurred while you were away, including the name of the process that caused them.
Previously, threats such as Fruitfly, Mokes, and Crisis have been observed to remain on the system for long periods of time and only trigger the camera when the user leaves their desk. Whether you’re drinking coffee outside or even sleeping, your green LED may be flashing without you even realizing it. OverSight cannot completely prevent this from happening, but it logs and receives all activation events, so you have a clear record of what happened while you were away.
OverSight can also detect piggyback attacks.
There have been documented cases of macOS malware waiting for a user to join a legitimate video call and then silently connecting to the same camera stream to record the conversation. Zoom, FaceTime, or Skype (jk, RIP) already has the camera active, so there’s no new LED trigger to raise suspicion. macOS doesn’t differentiate between an app or multiple processes accessing the camera, but OverSight does and alerts you as soon as another process is triggered.
After running OverSight on my personal Mac for the past few weeks, I’ve really grown to love it. This is one of those rare security tools that we recommend everyone install for some peace of mind. If you’re like me, being able to know exactly when your hardware is being accessed without having to script custom logs or look inside your system is a godsend.
For more information about OverSight, visit the Objective-See Foundation website here.
Security Bite is 9to5Mac’s weekly show that takes a deep dive into the world of Apple security. Every week, Alyn Waichulis uncovers new threats, privacy concerns, vulnerabilities, and more in an ecosystem of more than 2 billion devices.
Fforget it: Twitter/XLinkedIn, Thread
