Our reporting on Apple’s warning against closing a MacBook with a webcam cover installed (see “Don’t Close Your MacBook with a Webcam Cover Attached,” 14 July 2020) sparked an interesting TidBITS Talk discussion about Mac webcam security.
In theory, malware can’t activate your Mac’s webcam without your knowledge, because the indicator light is wired in series to the webcam. That means the webcam cannot receive power without turning on the light. An earlier webcam implementation in pre-2008 Apple laptops was vulnerable to a firmware exploit, but a lengthy treatise by John Gruber of Daring Fireball quotes an unnamed Apple engineer as saying that this exploit is now impossible, because the connection is direct. No malware can bypass basic electrical connections.
Or so we think. The problem with any sort of “unbreakable” security scheme is that there are a lot of bad guys out there, and security breaches have real monetary value to organized crime and government surveillance agencies. One TidBITS Talk reader pointed out that a clever attacker could use the webcam to take quick still images, flashing the indicator light so quickly that you might not even notice it.
Even if Apple’s webcam security is foolproof, what about third-party webcams? Built-in Mac webcams aren’t very high-quality (see “The 2020 MacBook Air’s FaceTime HD Camera Is Still Lousy,” 8 April 2020), so many people who rely on videoconferencing (a number that has skyrocketed during the COVID-19 pandemic) have a third-party camera attached.
The reality is that you probably don’t have much to fear from your webcam, because even years ago it would have taken a targeted attack to access it. But there’s something about having an electronic eye pointed at you all day long that can make you feel like you’re being watched…
Micro Snitch to the Rescue
If you’d like a little extra peace of mind, consider installing Micro Snitch from Objective Development, makers of LaunchBar and the famous Little Snitch network monitoring utility. Micro Snitch costs $3.99 either directly from Objective Development or in the Mac App Store, and Objective Development makes a free trial available.
Micro Snitch lives in your Mac’s menu bar. Whenever an app accesses your webcam or microphone, a large, square icon of a hat and glasses appears in the center of your screen and then moves to the lower-right corner. You also receive a notification. The hat and glasses icon doesn’t go away until you close it or the activity stops.
Afraid that you somehow missed the little spy guy? Choose Open Activity Log from Micro Snitch’s menu bar icon to see a log of every time either the camera or the microphone has been accessed.
The only downside I can find is that Micro Snitch can’t monitor some of the odd software devices I have installed, like Soundflower (which lets me reroute audio on my Mac) and the EpocCam driver that promised to let me use my iPhone as a webcam—I was planning a review, but recent security changes to Zoom and Skype prevented it from working. I recommend being careful about installing such drivers, and I’ve now uninstalled EpocCam. Soundflower, on the other hand, is now open source.
If your webcam causes you any anxiety, $3.99 for Micro Snitch is a small investment for additional peace of mind. Give it a try, and let us know if it reveals any unexpected behavior on your Mac!