9to5Mac Security Bite is exclusively brought to you by Mosyle, the only Apple Unified Platform. Making Apple devices work-ready and enterprise-safe is all we do. Our unique integrated approach to management and security combines state-of-the-art Apple-specific security solutions for fully automated Hardening & Compliance, Next Generation EDR, AI-powered Zero Trust, and exclusive Privilege Management with the most powerful and modern Apple MDM on the market. The result is a totally automated Apple Unified Platform currently trusted by over 45,000 organizations to make millions of Apple devices work-ready with no effort and at an affordable cost. Request your EXTENDED TRIAL today and understand why Mosyle is everything you need to work with Apple.
The Mac’s built-in green LED privacy indicator—paired with those displayed on-screen in macOS—do a solid job of alerting users in real time when the webcam or microphone is active. When you’re actively working on your Mac, they’re hard to miss. But that protection assumes you’re actually there to see the privacy indicators light up.
What happens when you’re away from your Mac and malware triggers the camera or microphone to quietly record or eavesdrop—without you being there to notice the green light? How would you ever know?
Well, there’s an app for that.
In a previous Security Bite column, I reluctantly threw myself to the wolves explaining why plastic webcam covers on modern MacBooks are no longer nessessary ever since Apple’s 2008 decision to hardwire the camera module and LED indicator in the same circuit. This made the webcam impossible to receive power without that green light illuminating alongside it. That design change effectively killed off an entire class of stealth webcam attacks, but also created others.
In a comment to that piece, Apple security researcher, Objective-See founder, and friend of Security Bite Patrick Wardle suggested his organization’s free open-source tool OverSight as an additional layer of defense.
OverSight is capable of a lot, but the crux is in its ability to send notifications whenever your webcam or microphone is activated. That way when you return to your Mac you’ve have a log of any triggered events while you were away, including the name of the process responsible.
OverSight camera alert generated when FaceTime became active.
Historically, threats like Fruitfly, Mokes, Crisis, and others, have been observed lingering on systems for long periods, activating the camera only when users step away from their desks. If you’re out grabbing coffee or maybe even asleep, that green LED could be glowing without you ever knowing. OverSight doesn’t prevent this from happening outright, but it does log and receipt every activation event, giving you a clear record of what happened while you were gone.
OverSight is also able to detect piggybacking attacks.
... continue reading