How to tell if your Mac camera has been hacked
Ransomware is a particularly nasty form of malware because it seeks to exploit computer users’ fear that their privacy has been compromised. As more and more malware is reported and makes the headlines, more of us become concerned for the safety of our data, as well as our own privacy and even personal safety. Ransomware, like the “your camera is hacked” scam, plays on that by sending you a message telling you that the hackers have images taken from your webcam while you were surfing the web. Usually, the message claims you have been visiting porn sites and that the webcam took a video of you while you visited the sites.
Can my Mac’s camera be hacked?
The short answer is yes. It is possible for malware running on your Mac to turn on the iSight camera and record video or still images and audio from the microphone, and send it to a storage location on the internet. As recently as 2016, a backdoor called Backdoor.OSX.Mokes, a Mac variant of a piece of malware that had already been found on Windows and Linux computers, was discovered. According to Kaspersky labs, the backdoor could steal data, including Screenshots, Audio-/Video-Captures, Office-Documents, and Keystrokes. There have been other instances of malware that has this capability.
What can I do to stop my camera from being hacked?
While some suggest using camera covers or lids to protect your privacy, we don't recommend doing so. Closing your Mac with a cover over the camera may seriously damage the display. Lids can also cover the light sensor and prevent your Mac from automatically adjusting brightness. There are other safe methods to make sure you're not being watched. We'll explain them below.
Doesn’t a green light come on when the camera is in use?
Yes, it does. Apple assures that the camera indicator is always lit if the camera is activated. It means no one can use your camera without you knowing.
But there are additional security measures you can take to control access to your camera.
Check what apps have access to your camera
If you think that your camera might be hacked, it’s a good idea to check what programs on your Mac are allowed to access it. You can easily check the current permissions with the help of the freshly-baked feature in CleanMyMac X. It’s called “Application Permissions,” and it allows you to stay in the know of your app permissions. If you're running macOS Catalina, you can check what programs can access your camera, microphone, files, and folders in just a few clicks.
CleanMyMac X has a free trial version, so try it out and keep your data safe!
I thought you said the “your computer has been hacked” thing is a scam?
It is. While it’s possible to steal video, audio, and photos from your webcam and microphone, and malware exists that can do it, that’s not what’s happening in this case. The porn blackmail scam that sends out email messages claiming your webcam has been hacked is designed to extract money from people who believe it may be true. Even people who have never visited a porn site become concerned when they receive the email. It's easy for people who have visited porn sites to see how their fears could be exploited.
The scam works by sending spam emails in the hope of luring enough people to make it worthwhile. The email claims that you downloaded a virus while watching porn and that the virus captured video of you while you were on the site, along with screenshots of the site itself. It then threatens to send the video to everyone in your contacts app if you don’t pay a ransom of several thousand dollars in Bitcoin. As an extra twist, the email addresses are often harvested from data breaches which also exposed users’ passwords. By including the password in the email, the hacker demonstrates that they know something about the recipient. That increases the fear that the hacker has more information, including the images and video they claim to have. It’s a tried and tested social engineering trick and a very nasty one.
What to do if I receive one of these emails?
- Delete it. Don’t click on any links in the email and don’t pay the ransom. The hacker doesn’t have what they claim to have. The email is designed to blackmail porn site visitors. Even if you have visited porn sites, you can safely delete the email.
- If the email contains a password or part of a password that you’ve used online, change your password on every site where you use it. Use a unique password for every account, make sure it’s hard to guess (Safari’s password suggestion tool is a good way to do this), and don’t write it down.
- иTake the opportunity to scan your computer for malware. You can do that using one of the many antivirus tools that allow you to download them and scan your computer for free. Some may then charge you if they find anything, and you need to remove it. Alternatively, if you’re using a Mac, you can use the malware tool in CleanMyMac X. It uses CleanMyMac’s regularly updated malware database and compares what it finds on your Mac with it. If it doesn’t find anything, it will tell you your Mac has a clean bill of health. If it does, you can remove it at the press of one button.
This app can detect macOS-specific keyloggers, backdoor viruses, and worms. Download its free version here.
- Forget about it. Once you’ve deleted the email, changed passwords, and scanned your computer, try and forget about it. You won’t hear any more from the hackers.
While it is possible for webcams, like the iSight cam on iMacs and MacBooks, to be hacked and images and video stolen, it’s very unusual. Far more common are hackers who try to exploit the fears of people who are worried about privacy by claiming to have video and photos that they don’t. While taping over your webcam and microphone will prevent anything from being stolen, for most of us, it’s probably not necessary. However, you should make sure that your online accounts have secure, unique passwords and delete any accounts you no longer need or use. And it would be best if you also scan your computer for malware, perhaps using the malware utility in CleanMyMac X.