When you turn on your MacBook, you see that something is wrong: certain files have vanished, while others have been added. You start to wonder if your computer has been watched.
So, how can you determine if someone is accessing your MacBook remotely? Check your logs to ensure that no new users have been created, that remote login, screen sharing, and remote management have been blocked, and that no spyware is installed on your machine.
What is remote access, and how does one set it up on a MacBook?
Allowing remote logins from another computer, enabling Screen Sharing, or allowing access via Remote Desktop are the three options for remote access to macOS. Both methods are legal, but if you don’t recall using any of them, you’ll need to know how to switch them on and off.Remote login to macOS
Secure Shell can be used to log in to your Mac on computers that run the macOS operating system (SSH). The following are the steps to enable remote login: Select System Preferences from the drop-down menu. You may get there by selecting the apple icon in the top bar on the left. After clicking the Apple icon, a drop-down menu will appear, from which you should select the System Preferences menu item. Double-click the Sharing folder to open it. On the left, select the Remote Login checkbox. You now have the option of granting access to all users or specific users. Users with access can use SSH to log in and read your computer’s contents after Remote Login is enabled.Access to Mac screen using Screen Sharing
You can activate Screen Sharing if you need assistance from IT to make modifications to your MacBook, or if you’re working on a project with others and want to share your screen. The following are the steps to enable:- Select System Preferences from the drop-down menu.
- Double-click the Sharing folder to open it. On the left, select the Screen Sharing checkbox.
- Allow access to either all users or a subset of users.
Remote Desktop with Remote Management
Finally, activating Remote Desktop allows you to log into a machine running macOS. The following are the steps to enable:- Select System Preferences from the drop-down menu.
- Double-click the Sharing folder to open it. On the left, select the Remote Management check box.
- Allow access to either all users or a subset of users.
- There will be many Sharing options where you may fine-tune the type of access you want to grant, such as observing, changing settings, deleting, copying, and even restarting the computer.
How To Tell If Your Mac Was Hacked
The first step in determining whether your Mac was hacked or not is to see if screen sharing or remote management was enabled and if your screen was being viewed. There are a few other locations to look, which I’ve listed below.Four Signs That Your Mac Has Been Hacked
If you’re reading this, you’ve probably noticed something strange going on with your Mac. You may have a hunch yet be unable to describe it. Most of those indicators, however, can be explained by factors other than malware or hackers. So, let’s have a look at the most important indicators.Mac suddenly became slow for no apparent reasons
Some of the reasons why a Mac can be slow are as follows:- There is a virus or other malware on your computer.
- On a Mac, there isn’t enough disc space.
- A new operating system was installed.
- Failure of the hardware
Mac is using more Internet than usual
This one is harder to notice now than before because Mac is utilising more Internet than normal. We used to be able to use only a certain amount of Internet bandwidth. Many individuals today have limitless cable data, so you may not even be aware that something is going on. If you’re on a limited plan and your data use has increased significantly (by more than 25%), it’s time to look into it. The following could be the reasons:- Hackers are using your Mac as a bot.
- There is a virus or other malware on your computer.
- Your child has grown up and now spends all day on your computer watching YouTube.
- Someone is eavesdropping on your Wi-Fi (read more below)
Programs crashing more often
Have you noticed how some apps become stuck and eventually crash? It’s usually an indicator of malware. The following are some more causes of frequent app crashes:- Memory lapses (RAM)
- Insufficient disc space
- Unstable system for a short time
- Failure of the hardware
- Browser pop-ups that are unusual
New files appear or old files disappear
Malware frequently generates new files with obscure names. Ransomware, for example, encrypts and renames your contents on your hard drive. There could, however, be more harmless answers. For example, just because you can’t find a file doesn’t indicate it was erased by malware or someone who accessed your computer remotely. Perhaps you simply cannot recall deleting the file or folder. Check Trash on Mac first in this scenario. If you’re still having trouble finding what you’re looking for, take a look at my post on how to locate any files. If the file is still on your Mac after reading my post, I guarantee you’ll be able to find it.Remove False Positives from the equation.
While you may suspect anything is wrong with your computer, it could very well be a routine occurrence. Before you start freaking out, try these things:Reboot
Software flaws might render your system’s current state unstable at times. Many issues can still be solved with a reboot. You have the option of restarting or shutting down and restarting. The result will be identical.NVRAM/PRAM reset
Many Mac peripherals require setup information, which is stored on a small memory chip in Macs. Surprisingly, this area is prone to corruption. Fortunately, resetting the NVRAM/PRAM and SMC is a straightforward remedy. Apple provides excellent instructions for doing these procedures. What they don’t tell you is that a fix will only work if you reset 2-3 times in a row. This is something I learned through the school of hard knocks so you don’t have to.Clear some space on disk
Program delay, app crashes, high CPU utilisation, and MacBook overheating can all be caused by a lack of space on your startup disc. This may cause you to believe that your Mac has been hacked. So, first, see how much space you still have. And if that isn’t enough, you may either invest money on disc cleaning software or read my post on free disc cleaning tips:New operating system
Every year, Apple releases a new version of macOS. Bugs still happen, even when they do everything they can to build high-quality software. My podcast app, for example, now freezes every time I pause after the recent iOS upgrade on my iPhone. I’m still stumped as to why this is happening because I’m too busy. In the case of the current issue, if you recently installed an OS update, take some time to see if the troubles you’re experiencing are common for the release.Look for signs of hardware failure.
Macs are quite dependable and can last for years. Any gear, though, will eventually fail. Unexpected app crashes, for example, can be caused by a failing disc. The machine will not start if the RAM fails. On the Apple website, there is a decent article about running hardware diagnostics. Try to figure out what it will say.Examine Your Mac For Keyloggers (Legal And Malware)
For a long time, I believed that recording keyboard strokes was all that keyloggers could do. Imagine my surprise when I started writing about keyloggers. Let’s say you’re still suspicious that your computer is infected with spyware. In that situation, you can use a third-party programme like Little Snitch, which monitors applications and uses advanced rules to restrict or allow them to access to connected networks. Setting up the regulations for Little Snitch, on the other hand, might be difficult. A keystroke logger, sometimes known as a keylogger, is a common spyware tool. Keyloggers used to be simple programmes that recorded the characters you typed on your keyboard, but they’ve evolved dramatically in recent years. Keyloggers, for example, can snap screenshots every 30 seconds or track your chat activities, including messages sent to you. Because keyloggers are easier to install and have more powerful functions, I feel they pose a far higher security risk. Here’s a link to an essay I wrote regarding keyloggers:Verify If New User Accounts Have Been Added
Remote login and sharing options, as we’ve seen, necessitate granting access roles to local users. If your system has been hacked, the hacker is extremely likely to have added a new user to gain access to it. Perform the following procedures on macOS to find all users:- Start the Terminal app by pressing Command and Space and typing Terminal in the pop-up box, or by heading to Applications and then the Utilities folder.
- Type dscl. list /Users | grep -v ‘_’ in the Terminal window.
Check The Logs For Possible Access Issues
Checking the system logs for any probable access concerns may be beneficial. To locate a system log, select Go from the top menu or press Shift, Command, and G at the same time. Type /var/log into the “Go to Folder” pop-up and press Enter. Now you must locate the system. Search for word sharing in the log file. I discovered the following screen sharing log entries, for example: For instance, I found the following screen sharing log entries:Mar 24 12:31:03 dev-pros-MBP com.apple.preferences.sharing.remoteservice [84412]: DEPRECATED USE in libdispatch client: dispatch source activated with no event handler set; set a breakpoint on _dispatch_bug_deprecated to debug
Mar 24 12:31:05 dev-pros-MBP com.apple.xpc.launchd1: com.apple.screensharing (lint) : The HideUntilCheckIn property is an architectural performance issue. Please transition away from it.
Mar 24 12:31:05 dev-pros-MBP com.apple.xpc.launchd1: Unknown key for string: SHAuthorizationRight
Mar 24 12:31:26 dev-pros-MBP com.apple.xpc.launchd1: Endpoint has been activated through legacy launch(3) APIs. Please switch to XPC or bootstrap_check_in(): com.apple.screensharing.server
These were log entries when someone logged in to my system remotely:
Mar 24 12:39:30 dev-pros-MBP com.apple.xpc.launchd1: Unknown key for string: SHAuthorizationRight
Mar 24 12:40:50 dev-pros-MBP com.apple.xpc.launchd1: Service exited due to SIGKILL | sent by com.apple.preferences.sharing.re[84529]
Verify Home Wi-Fi Was Not Hacked
You don’t have to be concerned about your computer alone. The data passes through the Wi-Fi router before entering the system. Furthermore, bad guys have the ability to read any internet traffic, including emails and online transactions.Check Which Programs Have Access To Camera And Mic
These are only two of the emails I received in the past month: Email 1:”A few days ago, I received an extortion email from y…[email protected] threatening to reveal webcam video’s photographs of my wife and me in our private lives.” There are a few things I can check to see whether my computer’s webcam being controlled from outside?” Email 2: “I believe my MAC (I have a Macbook Pro) has been hacked, yet all of my software is up to date.” Someone sent me an email claiming that they had recorded anything on my MacBook camera. What is the best way for me to see if this is possible?” I’m guessing you have at least two queries after reading these emails:- Is it feasible for someone to record what I’m recording on my camera?
- How can I tell whether I’ve been recorded?
lsof | grep -i "AppleCamera"
However, this command has recently stopped being functional.
Rather than reading Apple logs, use MicroSnitch to see if your camera or microphone is active.
This is a pretty useful little tool. It shows in the menu bar of your Mac once it has been started, and its icon changes if either video or audio, or both, becomes active.
The Microsnitch log file is another great function. You could check the log for previous device activity if you spotted any unusual activity.
It’s available for download on their website or in the Apple App Store.
Go to System Preferences -> Security and Privacy for another option.
Check programmes under the Camera and Microphone portions of the Privacy tab. Remove any programmes that you are unfamiliar with (you can always add them back if needed).
Finally, if you feel that someone is controlling your laptop and that they may be viewing you through the webcam, immediately cover the webcam with a cover.
Check Which Programs Run On Start
Check to see which programmes start automatically when you turn on your computer. Check one more thing while you’re in System Preferences. Select the user from the Users and Groups icon, then click the Login Items tab. Take out anything you don’t recognise.Warning: Before uninstalling an application, look it up on the internet first. You don’t want to break the apps you rely on, do you?