Macs are generally protected from hackers, however protection is not 100% guaranteed. Here's how to tell if your Mac has been hacked and what to do.

by Karen Haslam (translated by Sara Piquer Martí)

Mac users have long believed that their computers are immune to the kind of malware and viruses that plague Windows PCs. While there is some credence to this idea, we shouldn't be overconfident when it comes to Mac security, as there are exploits that criminals can use to hack into your Mac and leave it like a wide-open door through the Internet. which can steal your data (or worse).

In this article we look at whether Macs can be hacked, how to tell if your Mac has been hacked or someone is spying on your Mac, and what you can do if your Mac is being accessed remotely. This is what you should know and what you should do.

Can Macs be hacked?

Apple has gone to great lengths to make it harder for hackers to get into Macs. With the protections offered by Gatekeeper, the secure enclave features of the T1 or T2 chip, and Apple's built-in XProtect antivirus, hackers may find that attacking the Macs is too much effort. We cover this topic in more detail here: Mac Security Tips and Tricks.

However, from time to time security vulnerabilities are discovered that could be used by hackers to exploit Macs. These vulnerabilities are sometimes known as backdoors or zero-day vulnerabilities.

When security researchers (or friendly hackers) identify them, they often alert Apple to them in the hope that the company will quickly close the vulnerability, quickly—or within zero days—before it's exploited.

These types of vulnerabilities, while rare, could allow an attacker to gain root access to your Mac.

Apple usually fixes them quickly, but there have been instances where Apple has been criticized for being slow to respond to a threat once it has been identified.

For example, in 2019, researcher Filippo Cavallarin found a Gatekeeper vulnerability that he alerted Apple to. With no response from Apple for 90 days, he made the details of the vulnerability public.

Back in 2018, the news was filled with stories about the Meltdown and Specter bugs targeting vulnerabilities in Intel and ARM processors. The Guardian reported that Apple confirmed that "All Mac systems and iOS devices are affected, but there are no known exploits impacting customers at this time."

The risk was mitigated with updates to the operating system that closed the areas that were exposed.

Can a hacker access a Mac?

It might be weird compared to Windows, but yes, there have been cases where Macs have been accessed by hackers.

This can take various forms and there are several types of Mac malware that have been discovered 'in the wild' on Macs as you can see in our review of the various threats affecting macOS: List of viruses, malware and security flaws for Mac. Malware has even been found on the Mac M1: read about Silver Sparrow and the first case of malware for Mac M1s.

Next, we will review the types most relevant to hacking Macs:

Cryptojacking: In this case, someone uses your Mac's processor and RAM to mine cryptocurrencies. If your Mac has slowed down, this could be the culprit.

Spyware: In this case, hackers try to collect sensitive data about you, such as your login details. They can use keyloggers to record what you type and eventually have the information they need to get into your accounts. In one example, the spyware OSX/OpinionSpy stole data from infected Macs and sold it on the dark web.

Ransomware: Some criminals use ransomware to try to extort money from you. In cases like KeRanger, hackers could have encrypted files on the Macs and then demanded money to decrypt them. Fortunately, security researchers identified KeRanger before it started infecting Macs, so it was remediated before it became a serious threat.

Botnet: In this case your computer becomes a remotely operated spam machine. In the case of the Trojan Horse OSX.FlashBack botnet, more than 600,000 Mac computers.

Proof of concept: Sometimes the threat is not actually seen in the wild, but is instead a proof of concept based on a loophole or vulnerability in Apple's code. Although this is a minor threat, the concern is that if Apple does not rush to close the vulnerability, it could be used by criminals. In one example, Google's Project Zero team designed a proof of concept known as Buggy Cos, which was able to access parts of macOS thanks to a bug in the macOS memory manager.

Port Exploitation: Hacking is not always made possible by some sort of malware downloaded onto the Mac. In some cases, Macs have been hacked after something was plugged into a port. It's possible that Macs can be hacked through the USB and through the Thunderbolt port - which is a good reason to always be careful about what you plug into the Mac or leave the Mac unattended.

For example, in the checkm8 exploit it might have been possible for hackers to gain access to the T2 chip by connecting a modified USB-C cable. Similarly, in the case of Thunderspy, a serious vulnerability in the Thunderbolt port could have allowed a hacker to access a Mac.

Can the camera on a Mac be hacked?

Once a hacker has access to your Mac, there are a number of ways they could try to gain information about you or use your Mac's processing power for their own purposes.

As we have mentioned before, in the case of spyware, the hacker might try to install a keylogger so that he or she can record what he is typing and look up his password. The hacker could also try to hijack your microphone or video camera.

Before you worry too much, since the release of macOS Catalina in 2019, Apple has protected Mac users from these types of exploits by ensuring that you have to give your permission before the microphone or video camera is used, or before a screen recording can take place. And if the video camera is being used, you will always see a green light next to it.

However, there has been a camera-related vulnerability that affected Mac users of the Zoom video conferencing service. In this case, hackers could add users to video calls without their knowledge and then activate their webcams but keep the light off.

This would allow any would-be hacker (or law enforcement) to monitor your activities and you would have no idea that the camera was watching you.

Zoom patched the vulnerability, but only after it was made public, when the person who found it reported that the flaw had persisted for three months after the company had been privately informed of the risk.

Are you wondering if FaceTime is safe? Read Is Apple FaceTime safe?

How to know if your Mac has been hacked

If you think your Mac has been hacked, there are a few ways to find out. Look for the signs first: Has your Mac slowed down? Is your internet connection terribly slow? Do the ads you see seem more dubious than usual? Have you noticed something strange in your bank statements?

If you think an account may have been hacked, check the haveibeenpwned.com website and enter your email address to see if it has been featured in a data breach. If so, make sure to change your password. This does not mean that you have been hacked, but it is possible that if this information is out there you are.

Another way to tell if there is any strange activity going on would be to check Activity Monitor and look specifically at network activity.

You could also go to System Preferences > Sharing and check if someone suspicious has access to something.

The best option is to perform a system scan with some kind of security software that can check for any viruses or malware that may have entered your system. We have a roundup of the best antivirus apps for Mac, in which we recommend Intego as our preferred choice.

You can also read our guide on how to remove a virus from a Mac.

How to protect your Mac from hackers

macOS is a very secure system, so don't panic, but if you want to reduce the chances of it being compromised, there are a few things you can do.

1. The first is to try to only download software from the Mac App Store or official manufacturer websites.
2. You should also avoid clicking on links in emails, just in case they lead you to fake websites and malware.
3. Do not use USB cables, other cables or memory sticks, if you cannot be sure that they are safe.
4. When you browse the web do it in private or incognito mode.
5. If you ever receive a ransomeware solicitation or phishing email, do not respond as all it does is confirm that it exists.
6. Another is to make sure you download macOS updates as soon as they're available, as they often include security patches. In fact, you can set your Mac to automatically download such updates. Turn on automatic updates in System Preferences > Software Update and click next to Automatically keep my Mac up to date.
7. Lastly, consider using a specific security software package. You'll find our pick of the current deals on the best antivirus for Mac, plus some helpful tips on the best security settings for Mac. You should also consider using a password manager, as it will allow you to have multiple and complicated login details. on all your accounts without having to remember them.