How to tell if your Mac camera has been hacked

Ransomware is a particularly nasty form of malware because it seeks to exploit computer users’ fear that their privacy has been compromised. As more and more malware is reported and makes the headlines, more of us become concerned for the safety of our data, as well as our own privacy and even personal safety. Ransomware, like the “your camera is hacked” scam, plays on that by sending you a message telling you that the hackers have images taken from your webcam while you were surfing the web. Usually, the message claims you have been visiting porn sites and that the webcam took a video of you while you visited the sites.

Can my Mac’s camera be hacked?

The short answer is yes. It is possible for malware running on your Mac to turn on the iSight camera and record video or still images and audio from the microphone, and send it to a storage location on the internet. A recent camera hack reported in March, 2021 targeted 150 thousand security cameras around the world. Among the hacked devices were cameras from Tesla plants. Imagine their level of security defences!

The backdoor could steal data, including Screenshots, Audio-/Video-Captures, Office-Documents, and Keystrokes. There have been other instances of malware that has this capability. 

Security researchers estimate that 20% of all Macs are infected by PUPs — Potentially Unwanted Applications.

What can I do to stop my camera from being hacked?

While some suggest using camera covers or lids to protect your privacy, we don't recommend doing so. Closing your Mac with a cover over the camera may seriously damage the display. Lids can also cover the light sensor and prevent your Mac from automatically adjusting brightness. There are other safe methods to make sure you're not being watched. We'll explain them below.

Doesn’t a green light come on when the camera is in use?

Yes, it does. Apple assures that the camera indicator is always lit if the camera is activated. It means no one can use your camera without you knowing. 

But there are additional security measures you can take to control access to your camera.

What’s a hack?

Apps can legitimately collect data, such as your location. And suppose you knowingly give an app your location data and the app later sells it to third parties. Will it count as a hack? Many weather apps have been caught doing this, by the way.

So the first thing to do is to revoke the permissions from apps you don’t trust.

Check what apps have access to your camera

If you think that your camera might be hacked, it’s a good idea to check what programs on your Mac are allowed to access it. You can easily check the current permissions with the help of the freshly-baked feature in CleanMyMac X. It’s called “Application Permissions,” and it allows you to stay in the know of your app permissions.

CleanMyMac X - Application permissions

CleanMyMac X has a free trial version, so try it out and keep your data safe!

I thought you said the “your computer has been hacked” thing is a scam?

It is. While it’s possible to steal video, audio, and photos from your webcam and microphone, and malware exists that can do it, that’s not what’s happening in this case. The porn blackmail scam that sends out email messages claiming your webcam has been hacked is designed to extract money from people who believe it may be true. Even people who have never visited a porn site become concerned when they receive the email. It's easy for people who have visited porn sites to see how their fears could be exploited.

Email security tips

The scam works by sending spam emails in the hope of luring enough people to make it worthwhile. The email claims that you downloaded a virus while watching porn and that the virus captured video of you while you were on the site, along with screenshots of the site itself. It then threatens to send the video to everyone in your contacts app if you don’t pay a ransom of several thousand dollars in Bitcoin. As an extra twist, the email addresses are often harvested from data breaches which also exposed users’ passwords.

Tip: When a service, like Amazon, sends you an email attachment, don’t open it from your email. Go to their website directly and open the message from there.

Email accounts for 99% of all malware. — Rob Taxman, “The Internet Security Guy”

 By including the password in the ransom email, the hacker demonstrates that they know something about the recipient. That increases the fear that the hacker has more information, including the images and video they claim to have. It’s a tried and tested social engineering trick and a very nasty one.

What to do if I receive one of these emails? 

  1. Delete it. Don’t click on any links in the email and don’t pay the ransom. The hacker doesn’t have what they claim to have. The email is designed to blackmail porn site visitors. Even if you have visited porn sites, you can safely delete the email. 
  2. If the email contains a password or part of a password that you’ve used online, change your password on every site where you use it. Use a unique password for every account, make sure it’s hard to guess (Safari’s password suggestion tool is a good way to do this), and don’t write it down. 
  3. Take the opportunity to scan your computer for malware. You can do that using one of the many antivirus tools that allow you to download them and scan your computer for free. Some may then charge you if they find anything, and you need to remove it. Alternatively, if you’re using a Mac, you can use the malware tool in CleanMyMac X. It uses CleanMyMac’s regularly updated malware database and compares what it finds on your Mac with it. If it doesn’t find anything, it will tell you your Mac has a clean bill of health. If it does, you can remove it at the press of one button. 

    This app can detect macOS-specific keyloggers, backdoor viruses, and worms. Download its free version here. This program is notarized by Apple, meaning it’s safe.
  4. adware found with malware removal module of CleanMyMacX
  5. Forget about it. Once you’ve deleted the email, changed passwords, and scanned your computer, try and forget about it. You won’t hear any more from the hackers.

Dangers of remote-access software

RAT stands for Remote Access Trojan. For RAT attack to be successful it needs to obtain your Mac’s root certificate. So beware of any remove control software from tech support that is pre-installed on your device.

No admin rights, no problems

Admin rights are at the core of most malware attacks. If you use a user profile that has top admin privileges, this is the one that may get hacked, giving the hackers a green light to install any software.

Solution? Create a new Mac user profile that is not an administrative one. It's easy to do in System Preferences > Users & Groups.

While it is possible for webcams, like the iSight cam on iMacs and MacBooks, to be hacked and images and video stolen, it’s very unusual. Far more common are hackers who try to exploit the fears of people who are worried about privacy by claiming to have video and photos that they don’t. While taping over your webcam and microphone will prevent anything from being stolen, for most of us, it’s probably not necessary. However, you should make sure that your online accounts have secure, unique passwords and delete any accounts you no longer need or use. And it would be best if you also scan your computer for malware, perhaps using the easiest antimalware utility in CleanMyMac X.

Laptop with CleanMyMac
CleanMyMac X

Your Mac. As good as new.