It’s a long-held belief of Mac users that their computers are immune to the kind of malware and viruses that plague Windows PCs. While there is some credibility in this idea, we shouldn’t get over-confident when it comes to Mac security, as there are exploits that criminals can use to hack your Mac and leave it like a wide-open door through which they can steal your data or worse.
In this article we take a look at whether Macs can be hacked, how to tell if your Mac has been hacked or if someone is spying on your Mac, and what you can do if your Mac is being remotely accessed. Here’s what you need to know – and what you need to do.
Can Macs get hacked?
Apple has gone to great lengths to make it difficult for hackers to gain access to Macs. With the protections offered by Gatekeeper, the Secure Enclave features of the M1- and M2-series of chips and the T1 or T2 chip, and Apple’s built in anti-virus XProtect, targeting Macs may well be considered too much effort by hackers. We discuss this in more detail here: How secure is a Mac? and in Do Macs need antivirus software?
However, from time to time security vulnerabilities are detected that could be used by hackers to exploit Macs. These vulnerabilities are sometimes referred to as back doors or as a zero day vulnerability. When these are identified by security researchers (or friendly hackers) they usually alert Apple to them in the hope that the company will quickly close the vulnerability, quickly – or within zero days – before it is exploited.
Such vulnerabilities, though rare, could allow an attacker root access to your Mac.
Apple is usually quick to fix, but there have been cases where Apple has been criticised for being slow to respond to the threat once it’s been identified.
For example, in 2019 researcher Filippo Cavallarin found a Gatekeeper vulnerability which he alerted Apple to. Having had no response from Apple within 90 days he went public with details of the vulnerability.
Back in 2018, the news was filled with stories about the Meltdown and Spectre flaws that attacked vulnerabilities in Intel and ARM processors. The Guardian reported that Apple confirmed “All Mac systems and iOS devices are affected, but there are no known exploits impacting customers at this time.” The risk was mitigated by updates to the operating system which closed off the areas that were exposed.
More recently, Apple paid a student $100,000 after he discovered a dangerous vulnerability relating to Macs and reported it to Apple. The vulnerability, which could enable a hacker to gain control of a Mac user’s camera, was identified by Ryan Pickren in July 2021 and fixed by Apple in macOS Monterey 12.0.1 on October 25, 2021. More information here: Hacker ‘could take over any Apple webcam’.
Apple is kept busy patching these security flaws as and when they arise. If the company issues a macOS update with a security component it is important to install it as soon as possible. You can set your Mac to automatically download and update, to do so follow these steps:
Open System Preferences.
Click on Software Update.
Select Automatically keep my Mac up to date.
Now your Mac will check for updates, download the update, and install the update without you needing to do anything.
Do Macs get hacked?
It may be rare when compared to Windows, but yes, there have been cases where Macs have been accessed by hackers.
We’ll run through the types that are more pertinent to the hacking of Macs below:
Cryptojacking: This is where someone uses your Mac’s processor and RAM to mine cryptocurrency. If your Mac has slowed right down this could be the culprit.
Spyware: Here hackers attempt to gather sensitive data about you, such as your log in details. They might use key loggers to record what you type and eventually have the information they need to log in to your accounts. In one example, the OSX/OpinionSpy spyware was stealing data from infected Macs and selling it on the dark web.
Ransomware: Some criminals use Ransomware to try and extort money from you. In cases like KeRanger hackers could have encrypted files on Macs and then demand money to unencrypt them. Luckily Security researchers identified KeRanger before it started infecting Macs so it was addressed before it became a serious threat.
Botnet: In this case your computer becomes a remotely operated spam machine. In the case of the Trojan Horse botnet OSX.FlashBack over 600,000 Mac computers.
Proof-of-concept: Sometimes the threat isn’t actually seen in the wild, but is a proof of concept based on a loophole or vulnerability in Apple’s code. While this is less of a threat the concern is that if Apple isn’t quick enough to close the vulnerability it could be utilised by criminals. In one example Google’s Project Zero team designed a proof-of-concept know as Buggy Cos which was able to gain access to parts of macOS thanks to a bug in macOS’ memory manager.
Port exploits: It’s not always the case that the hack is made possible by some sort of malware downloaded onto the Mac. In some cases Macs have been hacked after something is plugged into a port. It is possible that Macs could be hacked via the USB and by the Thunderbolt port – which is a good reason to always be careful about what you plug into you Mac or leaving your Mac unattended. For example, in the checkm8 exploit it could have been possible for hackers to gain access to the T2 chip by plugging in a modified USB-C cable. Similarly in the case of Thunderspy a serious vulnerability with the Thunderbolt port could have granted a hacker access to a Mac.
Can a Mac camera be hacked?
Once a hacker has access to your Mac there are various ways in which they might try to gain information about you, or use the processing power of your Mac for their own purposes. As we mentioned above, in the case of spyware the hacker might attempt install a keylogger so that it can record what you are typing and look out for your password. The hacker could also attempt to highjack your mic or video camera.
Theoretically this shouldn’t be possible: since macOS Catalina launched in 2019 Apple has protected Mac users from these kind of exploits by ensuring that you have to give your permission before the mic or video camera is used, or before a screen recording can take place. And if your video camera is being used you will always see a green light next to it. However, the example we mention above, where Ryan Pickren alerted Apple to a vulnerability that could enable a hacker to gain control of a Mac user’s camera, suggests that Apple’s alert wasn’t enough to stop the camera being accessed.
There was also a camera related vulnerability that affected Mac users of the video conferencing service Zoom. In this case hackers could add users to video-calls without them knowing and then activate their webcams but keep the light turned off. This would enable any potential hackers (or law enforcement bodies) to monitor your activities and you wouldn’t have any idea that the camera was watching you. Zoom patched the vulnerability, but only after it became public knowledge when the person who found it reported that the flaw had been left in place for three months after the company had been privately informed of the risk. For more information read: How to stop your Mac webcam being hacked.
If you think your Mac has been hacked there are a few ways to find out. First of all look for the signs: Has your Mac slowed down? Is your web connection painfully slow? Do the ads you are seeing look a bit more dodgy than usual? Have you noticed anything strange on your bank statements?
If you think an account might have been hacked then check the website haveibeenpwned.com and pop in your email address to see if it’s featured in a data breach. If it has been then be sure to change your password! This doesn’t mean you have been hacked, but it’s certainly possible that if this information is out there you could be.
Another way to tell if there is some strange activity going on would be to check Activity Monitor and look specifically at network activity.
You could also go to System Preferences > Sharing and check if anyone suspicious has access to anything.
Your best bet is to run a sweep of your system with some kind of security software that can check for any viruses or malware that may have made it onto your system. We have a round up of the best Mac antivirus apps, in which we recommend Intego as our option of choice.
macOS is a very secure system, so there’s no need to panic, but if you want to reduce the chances of being compromised then there are a few things to do.
The first is to try to only download software from either the Mac App Store or the official websites of manufacturers.
You should also avoid clicking on links in emails – just in case they lead you to spoof websites and malware.
Don’t use USB cables, other cables, or memory sticks, that if you can’t be sure that they are safe.
When you are browsing the web surf in private or incognito mode.
If you ever receive a ransomware request or a phishing email do not respond as all this does is confirm that you exist.
Another is to make sure you download updates to macOS as soon as they become available as they usually include security patches. In fact you can set up your Mac to automatically download such updates. Turn on Automatic Updates in System Preferences > Software Update and click beside Automatically keep my Mac up to date.
You should also consider using a password manager, as this will allow you to have multiple, complicated login details across all your accounts without having to remember them. Here our recommendations are LastPass, 1Password, and NordPass.