Posted on 10/06/2016 12:26:15 PM PDT by Swordmaker
Security researcher and former NSA staffer Patrick Wardle is this afternoon demonstrating a way for Mac malware to tap into live feeds from the built-in webcam and microphone. His presentation is being delivered at the Virus Bulletin conference in Denver later today.
Although any unauthorized access to the webcam will light the green LED – a firmware-level protection that is exceedingly difficult to bypass – Wardle’s presentation shows how a malicious app can tap into the outgoing feed of an existing webcam session, like a FaceTime or Skype call, where the light would already be on …
Wardle was the researcher who previously uncovered a way for malware to bypass Gatekeeper protection to run unsigned apps, as well as pointing out a flaw in Apple’s fix for the Rootpipe vulnerability that allowed an attacker with local access to a Mac to escalate their privileges to root.
The paper is entitled Getting Duped: Piggybacking on Webcam Streams for Surreptitious Recordings.
After examining various ‘webcam-aware’ OS X malware samples, the research will show a new ‘attack’ that would allow such malware to stealthily monitor the system for legitimate user-initiated video sessions, then surreptitious piggyback into this in order to covertly record the session. As there are no visible indications of this malicious activity (as the LED light is already on), the malware can record both audio and video without fear of detection.
Wardle has created an app that monitors webcam and microphone activity, and will alert you when a new process accesses either. A pop-up will alert you, advise the name of the process and ask whether you want to allow or block access.
The app, called Oversight, is a free download from Wardle’s website, objective-see.com.
This exploit works by getting a malicious app onto the Mac . . . a Trojan. . . but MacOS and OS X recognizes all known Trojans and their variations and families and will warn users when it encounters them to prevent them being downloaded, installed, or run for the first time. It takes industrial strength stupidity for any Mac user to get infected with a malicious app.
The only other way for a malicious app to get onto a Mac is for someone to have physical access to the Mac and an administrator's name and password, again, a very difficult thing to accomplish. If someone has physical access, then they can do anything, and if it's in your home or place of business, they can install cameras and microphones anywhere they want!
The latest Apple/Mac/iOS Pings can be found by searching Keyword "ApplePingList" on FreeRepublic's Search.
If you want on or off the Mac Ping List, Freepmail me
That’s what black electric tape is for.
Something here to learn, for the uneducated masses regarding computer use. Whether it be Windows, OSX, UNIX or other operating systems. A lot of people use personal computers with an admin user account. Not wise to do so for mundane activities. Create regular non-admin user accounts, and log onto those non-admin user accounts for browsing the web, for email, etc. If you need admin access, logon and use it as needed, then switch back to the user account.
If the system requires admin access, it will prompt you to enter an admin account and password. If the only account you use is an admin account, then outside bad things have an easier path to your system to wreak havoc.
Again, I'm not speaking of Macs (because they're better protected), but all operating system platforms in general. I've often helped young friends and relatives, and I'm astonished as to how many of them logon to default admin accounts with simple passwords. They haven't been shown safe computing habits. Spread the word to young newbies on computers.
James Comey and Mark Zuckerberg both put tape over their microphone and camera slot.
don’t you think you should be doing this also..?
Many of the newer Unix and Linux systems don’t even have a root account. If you are in an administrative group, you have to sudo to execute privileged operations. And on the Mac OS, there are things that even root can’t do any more.
Despite having worked decades on computer systems, I’m still nervous using root access. Too many things can go wrong. And do. We’re all human and mistakes happen. That having been said, I haven’t administered a Unix or Linux server for over 12 years (not speaking of Macs, but servers in a corporate setting). Forgot more than I learned.
“...you have to sudo to execute privileged operations.”
. . . . . . . . . .
What does this mean?
MARK 1 MOD 0 piece of tape fixes that camera crap. Actually office max or depot carries small peel and stick “dots” that do just fine if yer worried about such...
It's not a bad idea. . . but if you've never allowed your computer out of your hands, it's entirely unnecessary. BUT, if you've ever allowed your computer to be worked on by some repair shop such as the BestBuy Geek Squad, then by all means use the tape because someone other than you has had physical possession of your computer.
I don't bother with such kludges on my Macs because they have not been out of my control. . . and my office Macs that have been out for service are gone over with a fine tooth comb by me when they come back.
This actually happened to a good looking girl a few years ago. She had her Mac Laptop she bought at BestBuy in for warranty repair at the Geek Squad. The Geek who repaired it told her that it would be needing to be in a "humid environment at least once daily for best operation." He then suggested she could accomplish this by taking it into the bathroom with her when she took her daily shower. "Oh, and be sure it's on and running!"
Unknown to her, the Geek had hidden software on her Mac that allowed his computer connect to hers when ever it was on, recording what was visible, and then let him watch her through her webcam. . . and of course, what better time to watch than when she was taking a shower! She got suspicious when she noticed the light on the camera was on when she got out of the shower. Oops!
She asked a friend who was an expert Mac user about why a Mac would need to be operated daily in a humid environment. . . and then they called the police who found the tracks of the Geek on her hard drive.
Not that I am aware of. Root gets you full access to the underlying UNIX operating system. Are you perhaps thinking about Administrator level access on a mac? That's different more limited level of access than Root.
I had a friend who was a large network administrator doing a job similar to mine. Once while showing me his computer facilities, he admitted to hacking worker's PCs with a software package that allowed him to spy on workers through their cameras on their PCs. He had done it at the request of his boss to spy on staff. I raised my eyebrow and said I would never do anything like that. He became very nervous and sweated in my presence after that. That's when I started covering camera lenses with post-it notes when using PCs. The software included seeing the worker's screen, as well as viewing the worker. Was back in the 1990s, most people wouldn't suspect that back then.
The ‘sudo’ command executes the following instruction as root, it you are a member of an admin group.
For example, if you wanted to mount an NFS filesystem, you’d have to use the ‘mount’ command, which can only be executed by root. You’d be logged in with your administrative but non-root account, and type something like:
sudo mount -F nfs someserver:/export/somedirectory /mnt
...and the mount command will execute as root without you being logged in as root. It might prompt you for your regular password if you logged in more than a few minutes ago, just to make sure that some passing stranger hasn’t sat down at your terminal.
No, Apple’s direction is to get rid of certain root privileges completely. They don’t want anyone to be able to touch the core operating system, or remove crucial system files. This is not traditional Unix, but do you really want to be able to su to root, cd to /, and rm -rf *?
thank you
Yes they do. It's user 0, and the account always exists.
However, by default, the root account lacks a password. Therefore, no one can log in as root.
Of course, it's perfectly possible to assign root a password, in which case you can then login as root.
However, the recommended practice is for the machine's owner to be a member of the s
Glad to hear it was a Geek and not a Genius.
It's called System Integrity Protection. It disallows changes to /System, /sbin, and /usr (except for /usr/local), even via sudo.
To bypass it, you have to boot into Recovery Mode, enter a command to disable SIP, and reboot into Mac OS. Then you can make your changes as root. When you're done, it is recommended to repeat the above steps, this time re-enabling SIP.
Apple OS X and MacOS are not only "traditional Unix", but they are both fully functional certified POSIX® Compliant and Trademarked UNIX™!
Where did you get the idea that Apple is trying to block such access? I am running MacOS Sierra Version 10.12 and I can access ROOT right now. When I need to access ROOT, I can, if I want to create a ROOT user. . . and I can SUDO from a Terminal. I just ran a Terminal and did everything you seem to think I can't do. . . except remove things, which I did not need to test. The ROOT user is deactivated by default on Macs, but an Administrator can activate it if he or she wants to; there is nothing preventing it. I have done so, occasionally on one or two computers I own. Not on the one I am currently using to reply right now, but I can still access ROOT if need arises, and activating a ROOT user takes about two minutes effort, most of it booting into an administrator user and then into the new ROOT user.
Quit posting ignorant twaddle seemingly based on something you heard from someone equally or more ignorant.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.