Security Bite: This app will tell you if your Mac’s webcam or microphone was activated while you were away – 9to5Mac
Exclusively brought to you by 9to5Mac Security Bite Mosyle, Apple’s only unified platform. Everything we do is to keep Apple devices working and safe for businesses. Our unique integrated approach to management and security combines state-of-the-art Apple-specific security solutions for fully automated Hardening & Compliance, Next Generation EDR, AI-powered Zero Trust and exclusive Privilege Management with the most powerful and advanced Apple MDM on the market. The result is the fully automated Apple Unified Platform, now trusted by more than 45,000 organizations, enabling millions of Apple devices to work effortlessly and affordably. Ask for EXTENDED PRACTICE TESTS today and you’ll understand why Mosyle is everything you need to work with Apple.
The Mac’s built-in green LED privacy indicator—paired with the on-screen indicators in macOS—does a good job of notifying users in real time when the webcam or microphone is active. When you’re actively working on your Mac, they’re hard to miss. But this protection assumes you’re actually there to see the lit privacy indicators.
What happens when you’re away from your Mac and malware triggers your camera or microphone to silently record or eavesdrop — without you even being there to notice the green light? How can you know?
Well, there’s an app for that.
In a previous Security Bite column, I reluctantly threw myself to the wolves, explaining why the plastic webcam covers on modern MacBooks are no longer necessary since Apple decided in 2008 to plug the camera module and LED indicator into the same circuit. This made it impossible for the webcam to receive power without a green light next to it. These design changes effectively killed an entire class of stealth webcam attacks, but also created others.
Commenting on this article, Apple security researcher, Objective-See founder and friend of Security Bite Patrick Wardle suggested his organization’s free open-source OverSight tool as an additional layer of defense.
OverSight does a lot, but the crux is its ability to send notifications whenever your webcam or microphone is activated. That way, when you return to your Mac, you’ll have a log of all the events that ran while you were gone, including the name of the responsible process.
Historically, threats like Fruitfly, Mokes, Crisis and others were observed on systems for long periods of time and only activated the camera when users left their desk. If you have a coffee or maybe even sleep, the green LED can be on without you knowing. OverSight doesn’t prevent this from happening directly, but it records and receives every trigger so you have a clear record of what happened while you were away.
OverSight is also capable of detecting mass attacks.
There have been documented cases of macOS malware waiting for you to join a legitimate video call before silently joining the same camera stream and recording your conversation. Since Zoom, FaceTime or Skype (jk, RIP) already have the camera active, there’s no new LED trigger to raise suspicions. macOS doesn’t distinguish between a single app or multiple processes accessing the camera – but OverSight does, and it will alert you when another process is running.
After running OverSight on my personal Mac for the past few weeks, I’ve honestly grown to love it. It’s one of the few security tools I recommend everyone install just for a little more peace of mind. If you’re anything like me and know exactly when the hardware was made available, not having to script your own logging or dig around inside the system is a godsend.
You can learn more about OverSight on the Objective-See Foundation website here.
Security Bite is 9to5Mac’s weekly deep dive into the world of Apple security. Every week, Arin Waichulis uncovers new threats, privacy concerns, vulnerabilities and more, shaping the ecosystem of over 2 billion devices.
Fsay Arin: Twitter/XLinkedIn, threads
FTC: We use automatic affiliate links with income. More.