New App Helps Detect Unauthorized Audio or Video Recording

UPDATE 01/23/17 : Skype patches privacy concern in OS X version

There’s a new app out there that Mac users would be wise to consider installing. It’s called OverSight and is designed to alert Mac users whenever their microphones or webcams are activated. The application is currently available for free download here.

Patrick Wardle, a former NSA employee, and noted security researcher developed OverSight and recently presented the technology at the Virus Bulletin conference in Denver, Colorado. Wardle’s presentation showed how it would be possible for malware to access a Mac’s microphone or webcam. He conceded that Macs have an LED indicator to let users know when the webcam is on. He also noted that this feature—built into the firmware for Macs—is difficult even for hackers to circumnavigate.

However, just because Macs will let users know when the webcam is operational, that doesn’t mean malware can’t exploit the feature. On the contrary, Wardle’s Virus Bulletin presentation showed how malware can piggyback on users’ existing video sessions—for programs like Skype or FaceTime—and use those opportunities to start spying. Since the LED indicator would already be switched on for these programs, the malware could record without the user knowing it.

Wardle designed OverSight with the goal of stopping these piggybacking maneuvers in their tracks. OverSight runs in the background of macOS and detects any instances where a program or process activates the microphone or turns on the webcam. When these instances occur, an OverSight notification will pop up to alert the user to the event. Users will then be able to “Allow” or “Block” the use of webcam or microphone. Wardle told us that he started thinking about the app after malware like Eleanor, Mokes, and Crisis starting cropping up on OS X.

“I love reversing and exploring OS X malware specimens, and noticed a few recent ones such as Mokes and Eleanor were ‘webcam’ aware, meaning they try to record the local user via the webcam,” Wardle said. “Of course this triggers the LED indicator light coming on – which I thought was lame. I have somewhat of an evil mind – so pondered how this could be improved… which led me to realize that malware could, in theory, piggyback off existing webcam sessions to record the user without detection.  

Not wanting Mac users to be left unprotected, I decided to write a free tool that could both detect and thwart this attack. Thus OverSight was born.”

While OverSight can give Mac users a leg up in the fight against intrusive surveillance, Wardle acknowledged that the program isn’t perfect. He noted that, if a hacker were to design a piece of malware specifically to “bypass OverSight’s protections,” they would likely be successful in avoiding detection. He also said that “any malware that has a kernel-mode or rootkit component” would likely be able to access a Mac’s microphone or webcam without being detected—even if OverSight was installed on the machine.

Still, OverSight is an added layer of defense for Mac users that can help diminish the possibility of intrusive monitoring. Given the positive reception toward the app, Wardle has also vowed to update and improve the program going forward.

“The app has been downloaded and installed almost 30 thousand times and I’ve received a ton of emails expressing gratitude,” Wardle said. “And also, feature requests! I’ll shortly be working on a new version. I hope to add features such as whitelisting, default actions, email alerts, and increased monitoring capabilities.”