Therefore, the hackers can easily access and reset MacBook data and unattach it from Apple ID account. Experts, therefore recommend a strong password on Mac. Protect your Mac – Enable a Firmware Password on Mac. Other than that, you can take the following steps to add a firmware password and protect Find My Mac. Switch off your Mac computer. My computer is hacked and keylogged. New hidden user has changes my user accounts so I can not access my files, I apparently don't have permissions. Norton Internet Security has been comprimised and corrupted and is useless at this point. A hidden user has been added and name or user ID doesn't show. A Hacker Tells You. We’re starting with the most obvious sign that you’ve been hacked, which is. Both Windows and Mac computers come with built-in ways to determine whether or not your Wi-Fi network is entertaining extra guests. Am I being hacked if my phone. 15 signs you've been hacked—and how to fight back Redirected internet searches, unexpected installs, rogue mouse pointers: Here's what to do when you've been 0wned.
You turn on your MacBook and feel that something is wrong: some files have disappeared, or new files were added. You wonder if someone has been watching your computer.
So, how to tell if someone is remotely accessing your MacBook? You need to check your logs, verify that no new users were created, make sure that remote login, screen sharing, and remote management are disabled, and no spyware is running on your computer.
What is remote access and how is it configured on MacBooks?
There are three ways to access macOS remotely: allow remote logins from another computer, enable Screen Sharing or allow access by using Remote Desktop.
Both ways are legitimate, but if you don’t remember doing any of them you need to know how to turn on and off those possibilities.
Remote login to macOS
Computers that run macOS as an operating system can log in to your Mac using Secure Shell (SSH).
Steps to enable remote login are the following:
- Go to System Preferences. You can get there by clicking on the apple icon on the left of the top bar. After you clicked on the Apple icon you will see a drop-down menu where you should click on the System Preferences menu item.
- Find the Sharing folder and double click. Click on the Remote Login checkbox on the left.
- Now you have the option to allow access either for all users or only specific users.
Once Remote Login is enabled then users with access can use SSH to log in and browse your computer’s contents.
Access to Mac screen using Screen Sharing
If you need help from IT to make changes on your MacBook, or maybe you are collaborating on a project and want to share your screen, you can enable Screen Sharing. Steps to enable as follows:
- Go to System Preferences.
- Find the Sharing folder and double click. Click on the Screen Sharing checkbox on the left.
- Allow access either for all users or only specific users.
Now on another Mac (from which you want to access your Mac), start the Screen Sharing app.
You can start it by clicking Command and Space buttons. In a popup form, type Sharing and hit Enter. Type your computer name. In my case, I had to type in “dev-pros-MacBook-Pro.local”.
A new window will pop up with the shared screen of another computer. Now you can control the screen.
Remote Desktop with Remote Management
Finally, it is possible to login to a computer with macOS by enabling Remote Desktop.
Steps to enable as follows:
- Go to System Preferences.
- Find the Sharing folder and double click. Click on the Remote Management check box on the left.
- Allow access either for all users or only specific users.
- There will be different Sharing options where you can fine-tune the type of access to allow: observe, change settings, delete, copy, and even restart the computer.
Now you can access this Mac from Apple Remote Desktop – it’s an application you can buy from Apple Store and at the time of writing its cost was $79.99.
If your Mac is being monitored, it will show this image (two rectangles) in the top right-hand corner near your computer time:
When that symbol appears, you will be able to tell if you are being monitored. You can also disconnect the viewer by clicking on the Disconnect option:
You can also click on “Open Sharing Preferences…” which will open the Sharing folder in System Preferences.
Since the question you had was if someone remotely accessing your computer then the chances are that you don’t need any of the sharing capabilities mentioned above.
In this case, check all options on the Sharing folder under System Preferences to make sure that nobody is allowed to access it and turn off (uncheck) all options.
How To Tell If Your Mac Was Hacked
Finding out if screen sharing or remote management were enabled and if your screen was being observed is the first step in knowing whether your Mac was hacked or not.
There are other places to check, and I listed them below.
Pay Attention To Four Signs Of Hacked Macs
If you are reading this post, chances are you noticed something unusual is happening on your Mac.
Sometimes you have a hunch, but you can’t explain it. However, most of those signs can be explained by reasons other than malware or hackers.
So, let’s review the major signs.
Mac suddenly became slow for no apparent reasons
Following are some of the reasons why Mac can be slow:
- There is a virus or other malware
- Not enough disk space on Mac
- New OS was installed
- Hardware failure
Mac is using more Internet than usual
This one is harder to detect now than before.
We used to have limits on how much Internet bandwidth we could use. Today, when many people have unlimited cable data, you may not even know that something is happening.
However, if you are on a limited plan and see a significant increase in data consumption (more than 25% more), it’s time to investigate.
The reasons could be the following:
- Your Mac is being used as a bot by hackers
- There is a virus or other malware
- Your little one grew up and now watching YouTube all day on your computer
- Someone is stealing your Wi-Fi (read more below)
Similar to the previous sign, problems with the Internet could be a sign pointing to a virus or adware affecting the browser.
Or it could be a new browser update. Or maybe the system became unstable.
Programs crashing more often
Did you notice that apps getting stuck and eventually crashing?
Very often, it’s a sign of malware.
Additional reasons for frequent app crashes are the following:
- Lack of memory (RAM)
- Lack of disk space
- Temporary system instability
- Hardware failure
- Unusual pop-ups in the browser
This is something we all have seen. You download an app from the Internet, and it seems like it was legit software. But little did you know a good app was bundled with bloatware.
Usually, the result is that your default search engine gets changed from Google to Yahoo, the home page changes, and there are additional icons in the browser toolbar.
But there could be other issues such as adware.
Adware is trying to redirect you to other sites not related to what you are searching for.
Their goal is to direct traffic to certain sites. More traffic, more money they get. So, they litter your screen with pop-up, hoping that you can click and open the site you don’t want.
New files appear or old files disappear
Malware often creates new files with cryptic names. For instance, ransomware encrypts the files on your disk and renames them. However, there could be more innocent explanations.
For instance, if you can’t find a file, it does not necessarily mean that it was deleted by malware or someone who logged in on your computer remotely. Maybe, you just can’t remember that you deleted the file or the folder. In this case, first, check Trash on Mac.
If you still can’t find what you need, check my post about finding any files. I guarantee, if the file is still on your Mac after reading my post, you will be able to locate it.
Eliminate False Positives From Consideration
While you are maybe suspecting something bad happening on your computer, it very well may be a normal condition.
Things to try before starting panicking:
Reboot
Sometimes glitches in software can make the current state of your system unstable. A reboot is still a remedy for many problems. You can either restart or shutdown and start again. The effect will be the same.
NVRAM/PRAM reset
Macs have a little memory chip where they store some configuration information needed for many Mac peripherals to work. Surprisingly, this area gets corrupt pretty often.
Fortunately, there is a very simple fix – reset NVRAM/PRAM and SMC.
Apple has very good instructions on how to perform these tasks.
What they don’t tell is that you have to reset at 2-3 times in a row for a fix to work. I found out this in the school of hard knocks so that you don’t need to.
Clear some space on disk
Lack of space on your startup disk may cause all kinds of issues: app slowdown, app crashes, high CPU usage, and MacBook overheating. Sometimes this may lead you to suspect that your Mac was hacked.
So, first, check how much storage you have left. And if it is not enough, you can either spend money on getting software that helps to clean your disk or read my article on free cleaning tips:
New operating system
Apple releases a new version of macOS every year. While they do everything they can to produce quality software, bugs still happen.
For instance, after the recent iOS update on my iPhone, my podcast app starts freezing every time I pause. I still didn’t find why it is happening because I am too lazy busy.
In the case of the issue on hand, if you had a recent OS update, take time to investigate if the issues you are noticing are common for the release.
Check for hardware failure
Macs are very dependable, and they can serve for many years.
However, any hardware gradually fails. For example, a failing disk causes unexplained app crashes. Failed RAM will prevent the computer from starting.
There is a good article on the Apple website about running hardware diagnostics. Try and see what it will report.
Check Mac For Keyloggers (Legal And Malware)
For a long time, I thought that all keyloggers could do to record keyboard strokes.
Imagine my shock when I started working on my post about keyloggers.
Suppose you are still suspecting that spyware is running on your machine.
In that case, you can use a third-party application like Little Snitch, which monitors applications, preventing or permitting them to connect to attached networks through advanced rules.
Setting up the rules for Little Snitch, however, could be complicated.
One of the typical spyware applications is a keystroke logger or keylogger. Keyloggers used to be apps that record the letters you type on the keyboard, but they significantly changed in the last few years.
Suffice to say that keyloggers can take screenshots every 30 seconds or even track your chat activity, including the messages sent to you.
I believe that keyloggers are a much greater security threat because they are easier to install and the powerful features they offer.
Check my article about keyloggers here:
Verify If New User Accounts Have Been Added
As we’ve seen already, remote login or sharing options require assigning access roles to the local users.
If your system was hacked, it is very likely that the hacker has added a new user to access it. To find out all users in macOS perform the following steps:
- Start Terminal app by either going to Applications and then the Utilities folder or clicking Command and Space and typing Terminal in the pop-up window.
- In the Terminal window type:
On my laptop, it listed macmyths, nobody, root, and daemon. Macmyths is my current user, and the rest are system accounts.
If you see the accounts that you do not recognize then they probably have been created by a hacker.
To find when the last time all user accounts been used, type the following command into the Terminal:
For each account, MacOS will list the times and dates of logins. If the login to any of the accounts happened at an abnormal time, it is possible that a hacker used a legitimate account to log in.
Check The Logs For Possible Access Issues
It may be useful to check the system logs for any possible access issues.
In order to find a system log, click on the Go option in the top menu or simultaneously click Shift, Command, and G. In the “Go to Folder” pop-up type: /var/log and hit Enter.
Now find the system.log file and scan for word sharing.
For instance, I found the following screen sharing log entries:
These were log entries when someone logged in to my system remotely:
Verify Home Wi-Fi Was Not Hacked
Your computer is not the only weak link you have to worry about.
Before the data flows into the system, it goes through the Wi-Fi router. And there are ways for bad guys to read all internet traffic, including emails and online transactions.
Check Which Programs Have Access To Camera And Mic
These are only two emails I received last month:
Email 1: “From a few days ago I’ve received an extortion email from y…[email protected] with threats to publish webcam video’s pictures from my wife and me in our intimate life. There are some things to verify if my computer’s webcam is under external control?”
Email 2: “I suspect my MAC has been compromised (I have a Macbook Pro) and all the software is up to date. I got an email from someone stating that they have recorded items via my MacBook camera. How can I check if this is possible?”
I guess that after reading these emails, you might have at least two questions:
- Is it possible for someone to record my camera?
- How can I know if someone recorded me?
First, it is entirely possible to record your camera remotely.
In fact, it’s very easy to do.
If a hacker has access to your Mac, all he needs is to launch a Quick Time Player (or Facetime) and start a new movie recording.
Obviously, there are other apps that can record the camera while being hidden.
If someone is recording you by using a MacBook camera, you will see a green light next to the camera.
In some cases, the green camera lights up even when there is no recording happening, only because a program got access to the device. But, it’s impossible to record without the green indicator off.
However, if you didn’t pay attention at the time of recording (were busy or not close to the computer), you will never be able to tell if you were recorded after the fact definitively.
In the older versions of the Mac operating system, you were able to use the lsof command with the Terminal, like so:
But lately, this command stopped providing anything useful.
So, instead of parsing Apple logs, get MicroSnitch to know whether your camera or microphone is engaged.
This is a very handy mini tool. When started, it appears in the menu bar on your Mac, and its icon changes if either video or audio, or both, become active.
Another cool feature is the Microsnitch log file. If you noticed any suspicious activity, you could check the log for past device activity.
If you want to use it, I suggest allowing it to run on startup. The app is very cheap – $3.99.
You can download it from their site or from Apple App Store.
Another thing to do is to go to System Preferences -> Security and Privacy.
Click on the Privacy tab and check programs under the Camera and Microphone sections. Remove the programs you don’t recognize (you can always add them back if needed).
And lastly, if you suspect that someone is controlling your laptop and if there is a chance that they are watching you thru the webcam, immediately apply a cover on the laptop’s webcam.
You can find my favorite webcam covers here.
Check Which Programs Run On Start
While you have System Preferences open, check one more thing.
Click on the Users and Groups icon, select the user, then click on the Login Items tab.
Remove items you don’t recognize.
Warning: Before removing the application, google it first. You don’t want to break the applications you need, right?
Install And Run Antimalware Program
I recently called Apple Support and complained about the slowness of my MacBook Pro.
I could’ve solved the problem myself, but I just wanted how much would it cost for Apple to perform diagnostics on a 5-year old MacBook.
Since I don’t have AppleCare for my Mac, I thought that they would charge me something.
Spoiler alert: they didn’t charge for anything.
So, when I called, the first thing the Apple advisor made me do is to install the Malwarebytes app.
While Malwarebytes is a solid recommendation for scanning, it is not the best. The same applies to the free version of Avast.
In fact, I stopped recommending it to any Mac user after the test I performed myself recently.
I tested a dozen of antimalware products, and only one detected 100% of 117 malware samples I intentionally downloaded on my MacBook.
So, if you need a recommendation on a good antivirus for Mac, check it here.
Set Up Traps Against Hackers
I found a cool and free tool that can be used to set traps if you think your computer was hacked. It’s called canary tokens.
When a potential hacker opens an email or a document with the token, it triggers an event in a remote location. And then you get an email notification.
What’s next?
Since I started this blog in 2019, I have been getting emails consistently from my readers. The interesting fact is that the majority of emails fall in two categories:
- How to protect my Mac from hackers?
- Which MacBook should I buy?
I have been answering individual emails, but since the number of emails was increasing steadily, I found myself not being able to help everyone. After all, I have a day job, and I have a family to take care of.
So, I decided to write a series of blogs about various security topics and put everything I know in one place, so everyone can find the answers to the questions they are asking.
I grouped all Mac security articles together, and the easiest way to follow them is by clicking the Next button at the bottom of each post.
It will take you some time (about 30 min), but in the end, you will know more about Mac security than most non-technical folks.
Or, you can use the following menu to jump directly to the topic of interest:
I also wrote a whole series of posts on antivirus solutions for Macs:
Every day we see news about computers being hacked and how the cybercriminals make money off people clueless about the protection of their assets.
For someone not very technical, it may sound as if hackers are so powerful, and the only way to hide is to shut down all devices and go off the grid completely.
However, the truth is that there are several simple things one can do to make sure that we are reasonably safe when browsing the internet without affecting our ability to access the information we need.
Whether or not someone can hack into the computer or phone through WiFi depends on a person’s proximity to the WiFi router. If a cybercriminal in the range of access to the WiFi router, they can connect to the local network and perform various attacks, such as Man In The Middle attack.
If the hacker is outside of the WiFi range, then the way they attack will be different.
Let’s consider various scenarios of how the computer can be hacked and ways to protect your devices.
Hacking Computer Through Local WiFi
As you probably guessed, it is much easier to hack the computer, which is in close proximity to the hacker’s device.
For instance, your neighbor can connect to your WiFi and use your internet for free. Or you may connect to the free WiFi in the cafe or hotel, but someone already hacked the network, and now everyone, including you, is a potential target.
Or maybe you are using the office WiFi, and it was also hacked.
And it doesn’t have to be a computer, such as a Mac or PC. Your smartphone, iPhone, or Android, which uses the WiFi can be hacked as well.
Let’s see what hackers can do if they are physically connected to the WiFi you are using.
Man in the middle attack
If you have the internet at home from a cable, DSL, or fiber-optic provider, you have a router. Your computer does not directly connect to the internet; it sends and receives data by directing it through the router.
In layman terms, the process is the following:
- Your computer or phone finds a WiFi router.
- After submitting the correct password, the router sends back its MAC address. MAC address is an identifier of computer components, and in theory, it should be unique across billions of devices on the planet. The network card on your computer also has a unique MAC address.
- After you get the MAC address of the router, all internet activity will be going through the router. In the pic below, there is a MAC address next to each device on the local network, and the router’s address is 11:22:33:44:55:66.
When a hacker connects to the local WiFi router, it also finds the MAC address of the router. The hacker changes his computer’s MAC address to be the same as routers one (11:22:33:44:55:66 in the pic below).
Now, all devices on the local network connect to the hacker’s machine, and then the data flows to and from the router. So the hacker becomes a man in the middle (MITM).
Once this happened, the hacker can read all outgoing requests and incoming data using various tools that collect such data.
This means every time you enter a username and password on some web site or enter your credit card number, and it gets saved on the hacker’s machine. Also, every URL you are visiting also gets saved.
There are some limitations, obviously. For instance, if the website uses the HTTPS protocol (S at the end stands for Secure), all traffic is encrypted between your computer and cybercriminals will not be able to crack it (in most cases).
However, if the web site uses HTTP, all data, including the password, is in cleartext.
So, if you want to avoid your data being stolen, always check that web site is using a secure protocol (HTTPS). In the browsers, the secure protocol is usually displayed with a padlock icon next to the URL.
Never enter passwords or financial information on web sites with HTTP!
How the router can be hacked
When it comes to your home WiFi, there are three ways for someone outside to connect to the router:
- The router is not password protected
- You tell the password. For instance, you told the guest the password, or she looked it up on the router (if you didn’t change the default one)
- If the router is using an old authentication protocol
I am going to skip the first two and instead of focus on the last one. The authentication protocol used in with WiFi router is very important.
If your router is old, it is possible that it’s still using WEP protocol, then you should know that anyone who knows a little bit about hacking can hack the router literally in less than a minute.
So, if you have it enabled on your router, then go ahead and disable as I did.
What you should have is WPA2 with AES encryption. In the pic below, the authentication strength (protection from hacking) increases from top to bottom (WPA is less secure, and WPA2-PSK with AES is the most secure).
Some hackers employ a dictionary attack to crack WPA protocol, but it takes supercomputers to hack it. So as long as you are not a celebrity or a billionaire, nobody will spend so many resources to break into your network.
Usually, you can connect to the home router settings by going to the local IP address, such as http://192.168.0.1/.
How to tell if someone hacked your router
One of the sure routers hacked signs is the existence of an unknown device connected to the local WiFi network.
As I explained above, in order to perform a man in the middle (MITM) attack, the hacker must connect to the WiFI network first. And if he’s connected, you can see him too.
One way to find out the connected devices is through the router settings. Some routers allow us to see all connected devices and kick them out if needed.
Another way is to use a network scanner app. For instance, I found a cool app called Fing. The app is available for almost all platforms: iOS, Android, macOS, and Windows.
It is free (with ads) and doesn’t even require creating an account in order to use it.
One cool feature they have is scanning for open ports.
For instance, when I scanned my MacBook Pro, I found that remote desktop and screen sharing features were enabled, and anyone could connect to my Mac remotely.
How to protect from a MITM attack
While it is possible to scan and find unknown devices on the home network, this approach will not work with public WiFi networks, such as the one in Starbucks or the hotel.
You would never know if the public network was compromised. In this case, the only way to protect your privacy is to use a VPN (a virtual private network).
When connected to VPN, your computer or phone creates a secure encrypted channel with the VPN server. After the connection is established, all requests go to the VPN server. The server makes all requests on your behalf and returns the results back to you.
From outside, it looks like the computer is sending some garbage to and back to the same computer. Even if the hacker collecting the information, he won’t be able to tell whether you’re connecting to Google.com or MacMyths.com.
When choosing a VPN software, follow these best practices:
- Do not use a free VPN. They have significant limitations, and you know that good things are never free.
- Test for speed. Some VPS are significantly faster than others.
- Check the provider’s reputation. Since all requests now go through the VPN, technically, the VPN server becomes a man in the middle. So choose only reputable providers.
Personally, I am using NordVPN: it’s the fastest on the market and very inexpensive. It is available for multiple platforms: macOS, Windows, Linux, iOS, and Android.
If you use my NordVPN affiliate link you get a pretty steep discount for three-year plan for up to 6 devices.
Hacking Computer Remotely
We discussed ways to hack the computers and phones through local WiFi, but I know the question that most people ask is whether hackers can connect to the home network when they are on the other end of the world (or more than a hundred yards or meters away).
Help My Mac Is Hacked
Fortunately, the answer is no, someone cannot get into your home network, even if they know the password if they are outside of the range (more than 300 feet).
Also, in most cases, hackers cannot get into your computer is off (link).
Is My Mac Getting Hacked
However, there are other ways to get into your system remotely. Do you remember a story of Bezos’s personal data being leaked?
My Mac Is Hacked What Do I Do
In his case, he received a message on WhatsApp with malware attachment. When the malware was installed on his phone, it started sending the personal data to the server abroad.
Similarly, we are all at the risk of having malware installed on our computers and smartphones. Some malware open access to the device, so the hackers can access it remotely.
Or, the malware could be a keylogger, and in this case, even having HTTPS or a VPN will not help. A keylogger will record the keys pressed on the keyboard, and if it happens to be a credit card number, then the hacker will have it.
So, how to protect the devices from malware? You need to install an antivirus program.
Is My Mac Hacked
There is a common myth that Macs cannot have viruses, but this is not true. I was able to inject my Mac with more than 100 malware samples when testing various antimalware solution.
You can check the results of my test and recommended antiviruses in my post: Best Malware Detection App for Mac.
Every time my friends and family ask me for a recommended antivirus, I go with Norton 360. It comes with the biggest bang for the buck and provides antimalware and other security features on all platforms. And it also has its own VPN!
Conclusion
We reviewed multiple ways how someone can hack into your phone or computer through WiFi. I also listed ways to prevent this from happening, which I wanted to reiterate.
If you worry about online security, consider investing in the following tools:
- VPN software
- Antivirus program
Be very cautious when connecting to public WiFi. I’d say if you don’t have VPN installed on a laptop or smartphone don’t use public WiFi, or at least avoid making purchases with a credit card or entering passwords.
If you are interested in the topic of security, there is a great course available on Udemy about ethical hacking. The instructor teaches how to hack computers ethically and most importantly what can you do to prevent from being targeted:
Learn Network Hacking From Scratch (WiFi & Wired)Photo credit: ©canva.com/cyano66