Security Alert! Your Mac is Spying on You
Sandboxed Mac apps can record your screen at any time without your knowledge.
According to security expert, Felix Krause explain in the blog. The third party apps can spy on everything that you are working on MAC. These malicious app is running in the background and there is no alert when it takes Snapshot.
Facts
Any Mac app, sandboxed or not sandboxed can:
- Take screenshots of your Mac silently without you knowing
- Access every pixel, even if the Mac app is in the background
- Use basic Optical Character Recognition (OCR) software to read the text on the screen
- Access all connected monitors
- What’s the worst that could happen?
- Read password and keys from password managers
- Detect what web services you use (e.g. email provider)
- Read all emails and messages you open on your Mac
- When a developer is targeted, this allows the attacker to potentially access sensitive source code, API keys or similar data
- Learn personal information about the user, like their bank details, salary, address, etc.
Proposal
There are lots of valid use-cases for Mac apps to record the screen, e.g. 1Password 2fA support, screen recording software or even simple screen sharing via your web browser or Skype. However there must be some kind of control:
- The App Store review process could verify the Sandbox entitlements for accessing the screen
- Put the user in charge with a permission dialog
- Additionally the user should be notified whenever an app accesses the screen.
How does it work?
A developer just needs to use CGWindowListCreateImage to generate a capture of the complete screen within an instant:
CGImageRef screenshot = CGWindowListCreateImage(
CGRectInfinite,
kCGWindowListOptionOnScreenOnly,
kCGNullWindowID,
kCGWindowImageDefault);
NSBitmapImageRep *bitmapRep = [[NSBitmapImageRep alloc] initWithCGImage:screenshot];
How to Fix?
There is no way that you block these malicious apps. Only Apple will have to be fixed the issue.