A new research has shown that hackers are now able to eavesdrop onto private video calls, even when you think you ate the only two people talking on the phone with your recipient.
The director of research at Synack, a cybersecurity firm, Patrick Wardle managed to disclose how hackers could eavesdrop on a video call at a security event called Virus Bulletin. He named the technique done by the hackers as “piggybacking” and said that he had named it as such because of its reliance on the victim’s computer to do much of the work.
Rather than turn on the webcam secretly without consent, the malware will choose to wait until the webcam is made active and then it starts recording everything it wants.
The process of piggybacking is simple. One malware program can quietly run in the background of the computer and it will periodically check if the webcam has been made active by someone. When the webcam is eventually turned on, the malware will begun to work and start recording, alongside the Skype or FaceTime call. It will also stop recording when the call ends, before it eventually sends the recorded data to the cyberattacker.
The attack is genius in that it is very hard for other people to detect it. When the malware starts recording on the Mac laptop, it shows a green indicator light, the same thing when you are recording normally when using the laptop.
Removing the green light normally is difficult and taking apart the laptop is the only thing possible. When video chat starts, the green light is supposed to be there, therefore you can’t know if the malware is working or not, therefore it piggyback’s without alarm. It also allows the light to turn after recording, to allow the light to also turn off.
The eavesdropping technique is better for hacker than randomly recording the person. Wardle said that most people talk about their private issues when they are on a call with someone, rather than the nonsensical stuff when they do in front of their laptops.
Ware also noted that the piggybackig technique did not take advantage of any Apple flaws in the MacBooks but rather some legitimate functions which were already put into the macOS. He alerted Apple to the flaw and be recommended that the Macs should stop sending some users a notification when the program wants to start using the webcam or the microphone.