An open community 
of Macintosh users,
for Macintosh users.

FineTunedMac Dashboard widget now available! Download Here

Previous Thread
Next Thread
Print Thread
Protection Against CIA Hacking
#43881 03/09/17 08:56 AM
Joined: Aug 2009
Likes: 4
grelber Offline OP
OP Offline

Joined: Aug 2009
Likes: 4

Re: Protection Against CIA Hacking
grelber #43882 03/09/17 12:30 PM
Joined: Aug 2009
Likes: 7
Online

Joined: Aug 2009
Likes: 7
WikiLeaks documents show CIA struggling to crack Apple gear, little danger to everyday folk Fortunately, I'm not vulnerable to any of this. I have a dumb TV (not even connected to either the internet or cable, just to my DVD player) and a dumb phone (a $10 Samsung that only does phone calls).


Jon

macOS 11.7.10, iMac Retina 5K 27-inch, late 2014, 3.5 GHz Intel Core i5, 1 TB fusion drive, 16 GB RAM, Epson SureColor P600, Photoshop CC, Lightroom CC, MS Office 365
Re: Protection Against CIA Hacking
jchuzi #43887 03/09/17 04:35 PM
Joined: Aug 2009
Likes: 8
Offline

Joined: Aug 2009
Likes: 8
Do you have tape over the camera lens on your iMac? crazy


On a Mac since 1984.
Currently: 24" M1 iMac, M2 Pro Mac mini with 27" BenQ monitor, M2 Macbook Air, MacOS 14.x; iPhones, iPods (yes, still) and iPads.
Re: Protection Against CIA Hacking
Ira L #43888 03/09/17 05:02 PM
Joined: Aug 2009
Likes: 7
Online

Joined: Aug 2009
Likes: 7
Originally Posted By: Ira L
Do you have tape over the camera lens on your iMac? crazy
No, but I have Face Time turned off.


Jon

macOS 11.7.10, iMac Retina 5K 27-inch, late 2014, 3.5 GHz Intel Core i5, 1 TB fusion drive, 16 GB RAM, Epson SureColor P600, Photoshop CC, Lightroom CC, MS Office 365
Re: Protection Against CIA Hacking
jchuzi #43893 03/09/17 07:39 PM
Joined: Aug 2009
Likes: 15
Online

Joined: Aug 2009
Likes: 15

But I wonder how many iPhones this is going to sell despite "little danger"?


The new Great Equalizer is the SEND button.

In Memory of Harv: Those who can make you believe absurdities can make you commit atrocities. ~Voltaire
Re: Protection Against CIA Hacking
artie505 #43904 03/09/17 08:41 PM
Joined: Aug 2009
Likes: 7
Online

Joined: Aug 2009
Likes: 7


Jon

macOS 11.7.10, iMac Retina 5K 27-inch, late 2014, 3.5 GHz Intel Core i5, 1 TB fusion drive, 16 GB RAM, Epson SureColor P600, Photoshop CC, Lightroom CC, MS Office 365
Re: Protection Against CIA Hacking
jchuzi #43915 03/10/17 12:57 PM
Joined: Aug 2009
Offline

Joined: Aug 2009
I suspect that Apple is already at work developing a Safari interface that allows their servers to be used as the conduit for encrypted/VPN type surfing, e.g., no tracking, tracing, etc. But with a nominal subscription fee.

Well, at least I hoping for such. And if they do, 'tis likely another opportunity to visit a court room...


Harv
27" i7 iMac (10.13.6), iPhone Xs Max (12.1)

Those who can make you believe absurdities can make you commit atrocities. ~Voltaire
Re: Protection Against CIA Hacking
jchuzi #43920 03/10/17 05:38 PM
Joined: Aug 2009
Likes: 1
Moderator
Offline
Moderator

Joined: Aug 2009
Likes: 1
Originally Posted By: jchuzi
Originally Posted By: Ira L
Do you have tape over the camera lens on your iMac? crazy
No, but I have Face Time turned off.

If you—despite your current precautions—are interested in keeping tabs on your system’s accesses of the built-in mic and/or camera, you might want to have a look at OverSight from Patrick Wardle’s Objective-See. Find a recent 3rd party write-up of this free and handy little utility HERE.


alternaut moderator
Re: Protection Against CIA Hacking
jchuzi #43921 03/10/17 05:46 PM
Joined: Aug 2009
Likes: 8
Offline

Joined: Aug 2009
Likes: 8
Originally Posted By: jchuzi
Originally Posted By: Ira L
Do you have tape over the camera lens on your iMac? crazy
No, but I have Face Time turned off.

As pointed out in the post above, for all we know FaceTime may not be the only one to access the camera. And if there is a path to the camera there may be a way to externally access it, whether the user has it on or not.


On a Mac since 1984.
Currently: 24" M1 iMac, M2 Pro Mac mini with 27" BenQ monitor, M2 Macbook Air, MacOS 14.x; iPhones, iPods (yes, still) and iPads.
Re: Protection Against CIA Hacking
alternaut #43922 03/10/17 06:10 PM
Joined: Aug 2009
Likes: 7
Online

Joined: Aug 2009
Likes: 7
Thanks for that link. I just dl'd and installed OverSight. Nobody (at least now) is trying to access my camera or microphone. Maybe I should be insulted?... grin


Jon

macOS 11.7.10, iMac Retina 5K 27-inch, late 2014, 3.5 GHz Intel Core i5, 1 TB fusion drive, 16 GB RAM, Epson SureColor P600, Photoshop CC, Lightroom CC, MS Office 365
Re: Protection Against CIA Hacking
jchuzi #43923 03/10/17 06:26 PM
Joined: Aug 2009
Likes: 1
Moderator
Offline
Moderator

Joined: Aug 2009
Likes: 1
Originally Posted By: jchuzi
Maybe I should be insulted?... grin

You got to be kidding, or into SM. shocked wink


alternaut moderator
Re: Protection Against CIA Hacking
alternaut #43924 03/10/17 08:09 PM
Joined: Aug 2009
Likes: 4
grelber Offline OP
OP Offline

Joined: Aug 2009
Likes: 4
Originally Posted By: alternaut
Originally Posted By: jchuzi
Maybe I should be insulted?... grin

You got to be kidding, or into SM. shocked wink

Dunno ... I was just chatting with my SmartFridge who had been arguing the point with my SmartThermostat and she opined ... [bleep] ... tongue

Re: Protection Against CIA Hacking
alternaut #43926 03/10/17 09:16 PM
Joined: Aug 2009
Likes: 15
Online

Joined: Aug 2009
Likes: 15
Originally Posted By: alternaut
If you—despite your current precautions—are interested in keeping tabs on your system’s accesses of the built-in mic and/or camera, you might want to have a look at OverSight from Patrick Wardle’s Objective-See. Find a recent 3rd party write-up of this free and handy little utility HERE.

Can you explain what OverSight does that /Applications/System Preferences > Flash Player > Camera & Mic > Block all sites from using the camera and microphone doesn't do? (I didn't see any reference to Flash in your linked review.)

Edit: Is it that your camera and mic can be accessed by entities other than websites?

Last edited by artie505; 03/10/17 09:27 PM. Reason: More

The new Great Equalizer is the SEND button.

In Memory of Harv: Those who can make you believe absurdities can make you commit atrocities. ~Voltaire
Re: Protection Against CIA Hacking
artie505 #43927 03/10/17 11:31 PM
Joined: Aug 2009
Likes: 1
Offline

Joined: Aug 2009
Likes: 1
Originally Posted By: artie505

Can you explain what OverSight does that /Applications/System Preferences > Flash Player > Camera & Mic > Block all sites from using the camera and microphone doesn't do? (I didn't see any reference to Flash in your linked review.)

Edit: Is it that your camera and mic can be accessed by entities other than websites?


Yes, exactly. The Flash pref only blocks Flash from using the camera/mic (Web sites still have ways to do this without Flash!). Oversight blocks everything.


Photo gallery, all about me, and more: www.xeromag.com/franklin.html
Re: Protection Against CIA Hacking
tacit #43929 03/10/17 11:41 PM
Joined: Aug 2009
Likes: 15
Online

Joined: Aug 2009
Likes: 15
Thanks, tacit.

I've got to give OverSight some thought.

It's not like I'm in danger of being compromised (My life is so uninteresting that I've considered trying to sell it as a reality show to replace the Yule log.), and I really hate to succumb to paranoia just because it's there.

Edit: I just noticed that OverSight works via Notifications, which I've got turned off.

Last edited by artie505; 03/11/17 12:02 AM. Reason: More

The new Great Equalizer is the SEND button.

In Memory of Harv: Those who can make you believe absurdities can make you commit atrocities. ~Voltaire
Re: Protection Against CIA Hacking
artie505 #43931 03/11/17 12:24 AM
Joined: Aug 2009
Likes: 16
Moderator
Offline
Moderator

Joined: Aug 2009
Likes: 16
Since I use my iPhone and iPad almost as much as my Mac and Oversight does not, probably cannot, work on iOS I broke down and bought a set of these.

Of course the next website I went to revealed Apple had already fixed most of the vulnerabilities. Apparently the CIA isn't keeping up with the changing times.


If we knew what it was we were doing, it wouldn't be called research, would it?

— Albert Einstein
Re: Protection Against CIA Hacking
joemikeb #43934 03/11/17 01:00 AM
Joined: Aug 2009
Likes: 15
Online

Joined: Aug 2009
Likes: 15
Originally Posted By: joemikeb
Since I use my iPhone and iPad almost as much as my Mac and Oversight does not, probably cannot, work on iOS I broke down and bought a set of these.

They're awfully pricey at $7.98 for three minuscule pieces of "plastic", even if the material is unique, and despite its potentially eternal life.

Quote:
Size: 15mm by 15mm and 0.5mm thick Life Cycle: Over 250,000 uses Material: Propriety Organic Polymer which safely sticks to any electronics surface-plastics, painted plastic, glass and metal.

Paranoia isn't dealt with cheaply, is it? tongue


The new Great Equalizer is the SEND button.

In Memory of Harv: Those who can make you believe absurdities can make you commit atrocities. ~Voltaire
Re: Protection Against CIA Hacking
artie505 #43940 03/11/17 08:51 AM
Joined: Aug 2009
Likes: 14
Offline

Joined: Aug 2009
Likes: 14
Originally Posted By: artie505
Paranoia isn't dealt with cheaply, is it? tongue

It can be. I use scissors to cut off the sticky end of a Post-It note and it works great. It can stay there forever and, if you do remove it, there's no residue. I guess I have more Scottish blood than I thought.


ryck

"What Were Once Vices Are Now Habits" The Doobie Brothers

iMac (Retina 5K, 27", 2020), 3.8 GHz 8 Core Intel Core i7, 8GB RAM, 2667 MHz DDR4
OS Ventura 13.6.3
Canon Pixma TR 8520 Printer
Epson Perfection V500 Photo Scanner c/w VueScan software
TM on 1TB LaCie USB-C
Re: Protection Against CIA Hacking
ryck #43942 03/11/17 09:07 AM
Joined: Aug 2009
Likes: 15
Online

Joined: Aug 2009
Likes: 15
Originally Posted By: ryck
Originally Posted By: artie505
Paranoia isn't dealt with cheaply, is it? tongue

It can be. I use scissors to cut off the sticky end of a Post-It note and it works great. It can stay there forever and, if you do remove it, there's no residue. I guess I have more Scottish blood than I thought.

How low-tech of you! shocked


The new Great Equalizer is the SEND button.

In Memory of Harv: Those who can make you believe absurdities can make you commit atrocities. ~Voltaire
Re: Protection Against CIA Hacking
ryck #43947 03/11/17 05:18 PM
Joined: Aug 2009
Likes: 16
Moderator
Offline
Moderator

Joined: Aug 2009
Likes: 16
I tried that the sticky note solution once on my iPhone. The sticky note did not survive the first insertion into my shirt pocket, but it did survive the wash ending up a small yellow ball in the pocket seam. tongue

Last edited by joemikeb; 03/11/17 05:19 PM. Reason: Clarify reference

If we knew what it was we were doing, it wouldn't be called research, would it?

— Albert Einstein
Re: Protection Against CIA Hacking
joemikeb #43950 03/11/17 06:02 PM
Joined: Aug 2009
Likes: 1
Moderator
Offline
Moderator

Joined: Aug 2009
Likes: 1
Although the discussion has moved on, I think it’s still helpful to emphasize a few aspects of the way OverSight works. First off, it doesn’t automatically block* an attempt to eavesdrop via the built-in mic or camera, it only monitors their activation. Once it detects access or activation, it offers the option to block this via a notification that requires user input to be executed.
Second, in order to perform its monitoring, it uses APIs that may be bypassed, which in turn allows for ways to disable OverSight. In this respect OverSight’s documentation states:

As with any security tool, direct or proactive attempts to specifically bypass OverSight's protections will likely succeed. Moreover, the current version over OverSight utilizes user-mode APIs in order to monitor for audio and video events. Thus any malware that has a kernel-mode or rootkit component may be able to access the webcam and mic in an undetected manner.

In conclusion, OverSight is a useful but limited tool. The taping off of both cam and mic will help, assuming the resultant signal attenuation (especially of the audio portion) is sufficient. How to do this reliably and durably with mobile devices is another question. Here too (the blocking of) eavesdropping via audio may be the greater issue. And from a larger privacy point of view, one should not forget that users can be followed in ways that are beyond the reach of OverSight to affect.


* Monitoring results may be used to trigger events other than a simple notification, but those events are as yet not implemented.


alternaut moderator
Re: Protection Against CIA Hacking
alternaut #43972 03/14/17 05:16 PM
Joined: Aug 2009
Likes: 7
Online

Joined: Aug 2009
Likes: 7


Jon

macOS 11.7.10, iMac Retina 5K 27-inch, late 2014, 3.5 GHz Intel Core i5, 1 TB fusion drive, 16 GB RAM, Epson SureColor P600, Photoshop CC, Lightroom CC, MS Office 365
Re: Protection Against CIA Hacking
jchuzi #44110 03/23/17 06:55 PM
Joined: Aug 2009
Likes: 7
Online

Joined: Aug 2009
Likes: 7


Jon

macOS 11.7.10, iMac Retina 5K 27-inch, late 2014, 3.5 GHz Intel Core i5, 1 TB fusion drive, 16 GB RAM, Epson SureColor P600, Photoshop CC, Lightroom CC, MS Office 365
Re: Protection Against CIA Hacking
jchuzi #44127 03/27/17 06:15 AM
Joined: Aug 2009
Likes: 1
Offline

Joined: Aug 2009
Likes: 1
Interesting reading. The thing that jumped out at me is that all the described attacks require physical access; the CIA actually has to get their hands on the Apple gear to be hacked, it can't be done remotely.

I suspect the SonicScrewdriver attack has long since been closed off. EFI attacks are getting harder and harder to do as Apple becomes more aware of them.


Photo gallery, all about me, and more: www.xeromag.com/franklin.html

Moderated by  alternaut, cyn 

Link Copied to Clipboard
Powered by UBB.threads™ PHP Forum Software 7.7.4
(Release build 20200307)
Responsive Width:

PHP: 7.4.33 Page Time: 0.420s Queries: 62 (0.026s) Memory: 0.7008 MB (Peak: 0.8618 MB) Data Comp: Zlib Server Time: 2024-03-28 13:28:32 UTC
Valid HTML 5 and Valid CSS