Former NSA staffer demonstrates Mac malware that can tap into live webcam and mic feeds

“Security researcher and former NSA staffer Patrick Wardle is this afternoon demonstrating a way for Mac malware to tap into live feeds from the built-in webcam and microphone,” ben Lovejoy reports for 9to5Mac. “His presentation is being delivered at the Virus Bulletin conference in Denver later today.”

“Although any unauthorized access to the webcam will light the green LED – a firmware-level protection that is exceedingly difficult to bypass – Wardle’s presentation shows how a malicious app can tap into the outgoing feed of an existing webcam session, like a FaceTime or Skype call, where the light would already be on,” Lovejoy reports.

“Wardle has created an app that monitors webcam and microphone activity, and will alert you when a new process accesses either,” Lovejoy reports. “A pop-up will alert you, advise the name of the process and ask whether you want to allow or block access.”

Read more in the full article here.

MacDailyNews Take: We’ve been taping our Mac cameras for several years. Call us paranoid, but first see the related articles below. That’s why we use camJAMR iSight camera covers on our iMacs and MacBook Airs. They’re black, so they work perfectly with our iMacs and they’re removable/reusable. We’ve stuck and unstuck them hundreds of times. We just leave them on and peel them aside when we want to use the iSight camera.

Mark Zuckerberg covers his MacBook’s camera and microphone with tape – June 22, 2016
How to disable the iSight camera on your Mac – February 19, 2015
Orwellian: UK government, with aid from US NSA, intercepted webcam images from millions of users – February 27, 2014
Sextortion warning: It’s masking tape time for webcams – June 28, 2013
Research shows how Mac webcams can spy on their users without warning light – December 18, 2013
Ex-official: FBI can secretly activate an individual’s webcam without indicator light – December 9, 2013
Lower Merion report: MacBook webcams snapped 56,000 clandestine images of high schoolers – April 20, 2010


  1. “Although any unauthorized access to the webcam will light the green LED – a firmware-level protection that is exceedingly difficult to bypass”

    No need for the cover on a mac if you are sitting at the mac screen.

    Any other computer.. yeah tape it.
    Or tape the mac if you are really paranoid. Since this is pretty much the only known (currently) exploit. For a mac anyway.. pc there are others.

      1. As someone pointed out below, little snitch.

        And the hard wired green light they can’t get around. 100% of the time the camera is on…. the light is on. Light on and you are not using the camera? There’s a problem.

    1. Firmware can be changed. It can even be done remotely, as seen in Apple released firmware updates. Not saying it’s easy, but it is extremely possible.

      I would really prefer if Apple made the light indicator work with a simple circuit, that simply turns must turn on whenever the camera powered. As long as there Apple has a programmable hardware that power the light independently of the camera, people have every reason to be suspicious and even tape over their webcams.

    1. Exactly what I was thinking and certainly be the case if the malware is attempting to send data outside from the Mac.

      Presumably, such malware process would be playing ‘man-in-the-middle’, sending the video/audio stream to an unintended location outside of the computer.

  2. I wish there was a pre-mapped safe list for little snitch to get us started. And then a tutorial to get us used to what to look for.

    I guess I am a bit guilty in not doing my homework, but having Little Snitch is not enough, if you are not skilled at its use.

  3. My late 2012 iMac iSight camera is tape free. If any prying eyes were to “tune in” they would more then likely see a shirtless aging 50+ with man boobs, hairy chest and pot belly surgically scarred stomach. If that is not deterrence enough, I don’t know what is! So, enjoy you peeping Toms. If you go blind, don’t blame me. You are fore warned!

  4. I used to bother with the cover on my lens. But watching and listening to me and mine all day would entirely boring. 💤 I’d be feeding my ego to think otherwise. Someday, if I decide to go rogue, I’ll change my mind. But for now, I’m have much too much fun just being honest and direct.

  5. “. . . a malicious app. . .”

    In other words, someone must get this “malicious app” on your Mac in the first place, a difficult thing to do. MacOS and OS X recognizes all Trojans (i.e. malicious apps) and warns users not to download or install such apps. The other means of getting such a “malicious app” on a targeted Mac would be having physical access. If that were the case, then all bets are off anyway, and they could have installed micro cameras any where they want to install them apart from your computer.

    This is a nothing new news story.

Reader Feedback

This site uses Akismet to reduce spam. Learn how your comment data is processed.