The ex-NSA hacker Patrick Wardle has suggested that a new way snoops might spy on PC users via their webcams.
Due to the fact that Macs make their camera sharable to multiple applications at the same time for legitimate reasons, it’s possible to create a malicious app which asks to use the webcam.
The new app wouldn’t just start using the camera, as the LED light would turn on and alert the user. Instead, Wardle’s malware would wait until another app – like Skype or Google Hangouts – ran so the spyware could piggyback on the process and start recording the victim.
“No known malware does this, even if it’s a simple feature to add,” said Wardle. “It’s conceivable that there is malware out there already that is doing this,” continued Wardle who heads the research department at Synack now.
When Mac users are using their webcams they are usually discussing interesting or sensitive things. And this is what the malware would likely want to record anyways,” Wardle noted.
“If you infected my Mac and recorded me all the time, you’d see me sitting at my desk, picking my nose, petting my dog, and occasionally swearing at my computer. However, when I jump on a Google Hangout to discuss a new zero-day vulnerability with a vendor – that’s when things get interesting.”
Considering the above-mentioned, Wardle has developed a basic tool, called OverSight, in order to alert Mac owners whenever a program is asking for permission to access the camera. After that, the user can reject or allow the access. Additionally, it keeps logs of what permissions were granted, useful for businesses who want to check when employees allowed recordings when they shouldn’t have.
The other basic protections, such as downloading the latest Mac OS X software and avoiding installing apps from suspicious websites, will help prevent malware getting on the PC.
This week, Apple registered another security problem. This time a developer discovered that iMessage on iOS 10 and MacOS Sierra 10.12 would expose potentially-sensitive information, including IP address and OS version, when a link was posted in the chat.
“It’s reasonable to believe that there is potential that an exploit found in Safari could be triggered without the target even browsing to the site, simply by sending them an iMessage containing that URL,” Ross McKillop stated.
Until now, Apple has not commented on that issue. However, the company is planning to update iOS 10 to stop using weak iTunes backup passwords which are less secure now.
