Feeling Paranoid? Micro Snitch Tells You If Your Mac Is Spying on You
Our reporting on Apple’s warning against closing a MacBook with a webcam cover installed (see “Don’t Close Your MacBook with a Webcam Cover Attached,” 14 July 2020) sparked an interesting TidBITS Talk discussion about Mac webcam security.
In theory, malware can’t activate your Mac’s webcam without your knowledge, because the indicator light is wired in series to the webcam. That means the webcam cannot receive power without turning on the light. An earlier webcam implementation in pre-2008 Apple laptops was vulnerable to a firmware exploit, but a lengthy treatise by John Gruber of Daring Fireball quotes an unnamed Apple engineer as saying that this exploit is now impossible, because the connection is direct. No malware can bypass basic electrical connections.
Or so we think. The problem with any sort of “unbreakable” security scheme is that there are a lot of bad guys out there, and security breaches have real monetary value to organized crime and government surveillance agencies. One TidBITS Talk reader pointed out that a clever attacker could use the webcam to take quick still images, flashing the indicator light so quickly that you might not even notice it.
Even if Apple’s webcam security is foolproof, what about third-party webcams? Built-in Mac webcams aren’t very high-quality (see “The 2020 MacBook Air’s FaceTime HD Camera Is Still Lousy,” 8 April 2020), so many people who rely on videoconferencing (a number that has skyrocketed during the COVID-19 pandemic) have a third-party camera attached.
The reality is that you probably don’t have much to fear from your webcam, because even years ago it would have taken a targeted attack to access it. But there’s something about having an electronic eye pointed at you all day long that can make you feel like you’re being watched…
Micro Snitch to the Rescue
If you’d like a little extra peace of mind, consider installing Micro Snitch from Objective Development, makers of LaunchBar and the famous Little Snitch network monitoring utility. Micro Snitch costs $3.99 either directly from Objective Development or in the Mac App Store, and Objective Development makes a free trial available.
Micro Snitch lives in your Mac’s menu bar. Whenever an app accesses your webcam or microphone, a large, square icon of a hat and glasses appears in the center of your screen and then moves to the lower-right corner. You also receive a notification. The hat and glasses icon doesn’t go away until you close it or the activity stops.
Afraid that you somehow missed the little spy guy? Choose Open Activity Log from Micro Snitch’s menu bar icon to see a log of every time either the camera or the microphone has been accessed.
The only downside I can find is that Micro Snitch can’t monitor some of the odd software devices I have installed, like Soundflower (which lets me reroute audio on my Mac) and the EpocCam driver that promised to let me use my iPhone as a webcam—I was planning a review, but recent security changes to Zoom and Skype prevented it from working. I recommend being careful about installing such drivers, and I’ve now uninstalled EpocCam. Soundflower, on the other hand, is now open source.
If your webcam causes you any anxiety, $3.99 for Micro Snitch is a small investment for additional peace of mind. Give it a try, and let us know if it reveals any unexpected behavior on your Mac!
I’ve installed the latest version of Zoom and Epocam is running fine with it.
Patrick Wardle at Objective-See has a similar utility called OverSight.
Patrick specifically mentions MicroSnitch when he lists 5 reasons why Oversight is unique among such webcam security utilities. Besides the fact that Oversight is free (I have been so impressed with various Objective-See products that I made a one-time donation via Patreon) the last item in the list caught my eye:
OverSight can detect secondary ‘consumer’ processes that may be piggy-backing off a legitimate webcam session in order to stealthily record the user without detection. (See: “Getting Duped: Piggybacking on Webcam Streams for Surreptitious Recordings” for details on this novel attack).
I did not read anything regarding this particular exploit in the TB article or at the MicroSnitch developer Objective Development website, so I want to mention it in case anyone has something to add about it or other differences between the two utilities.
Did you have to use Kinoni’s unsigner app to unsign Zoom? I think that’s what I ran into when I tested it recently, and I was leery to recommend such a thing.
No, I’m running the current versions of Zoom and Apple OS’s on my devices and didn’t need to modify Zoom in any way. What did cause some problems was trying to run the camera (via WiFi) on my laptop after running on my desktop when both were connected to my home network. I needed to take the desktop offline in order for it to be seen by the laptop. Even quitting the drivers (via Activity Monitor), force-quitting the app on my iPhone and then starting up on the laptop didn’t move it. The only thing that worked was taking the desktop offline.
Epoccam needs to add a switch to the phone app to select which device it should be paired with on a network.
Came here to mention OverSight (which runs fine on my iMac), only to see that @mojo had already beat me to it.
Reason why I comment nevertheless is just that I want to “ditto” for using this fine little free app
exactly why I don’t wear clothes at the computer.
thanks for the oversight reference. one frustration with micro snitch is it has no mechanism for listing benign apps. thus every time i open sound source (a brilliant app, btw), micro snitch snitches on it. that gets annoying.
I just want to mention that while Patrick’s utilities are provided gratis, he has a Patreon account for those who want to support his continuing development of current and future programs.
I now use 5 of his utilities and they have served me so well I made a one-time donation. (There are instructions for a workaround vs. the subscription model on the Patreon website.) I’ve been feeling a little guilty that I didn’t pledge more, so I’m going to do another donation.
(I’m a happy supporter)
We’ve been using Micro Snitch religiously for a long time, it’s a little gem and has posed no problem whatsoever with everything we’ve used it with so far.
Join the discussion in the TidBITS Discourse forum