Former NSA staffer showcases Mac malware that can exploit live webcam and mic streams

Patrick Wardle, security researcher and former NSA staffer, this afternoon shows a way for Mac malware to tap into live feeds from the built-in webcam and microphone. His presentation is delivered to the Virus Bulletin conference in Denver later today.

While any unauthorized access to the webcam turns on the green light – an extremely difficult firmware-level protection to circumvent – Wardle’s presentation shows how a malicious application can access the outgoing stream of an existing webcam session, such as a call. FaceTime or Skype. , where the light would already be on …

Wardle was the researcher who previously discovered a way for malware to bypass Gatekeeper protection to run unsigned applications, as well as to report a flaw in Apple‘s patch for the Rootpipe vulnerability that allowed an attacker with ” local access to a Mac to elevate its privileges to root.

The paper is titled Getting fooled: overlaying webcam feeds for clandestine recordings.

After reviewing various “ webcam compatible ” OS X malware samples, research will show a new “ attack ” that would allow this malware to stealthily monitor the system for video sessions initiated by legitimate users and then clandestinely graft onto it in order to secretly record the session. Since there is no visible indication of this malicious activity (because the LED light is already on), the malware can record both audio and video without fear of being detected.

Wardle has created an app that monitors webcam and microphone activity and will alert you when a new process accesses either. A pop-up window will alert you, state the name of the process, and ask if you want to allow or block access.

The app, called Oversight, is a Free download on Wardle’s website, objective-see.com.

Check out 9to5Mac on YouTube for more information on Apple: