31

It is a known fact that your laptop camera can be hacked to spy on you. While the most often mentioned remedy is very low tech yet effective, everyone seems to omit the fact that the microphone can be used to spy on you too. I have no proof but it seems probable.

Is there any remedy to this except for the general "making sure your laptop is not hacked"?

EDIT: "reversible block" is the word I was looking for!

WhiteWinterWolf
  • 19,142
  • 4
  • 59
  • 107
daniel.sedlacek
  • 954
  • 1
  • 8
  • 15
  • Wouldn't stop problems when you actually wanted to use the device microphone, but softpatching a talk radio station in to the mic input would be quite fun, especially if you knew someone was listening. Adding a bit of gain to make the signal clip a bit too would add to the fun. – Owen Dec 19 '13 at 15:13
  • I disagree with the premise. It is a known fact that *once you have been hacked*, your webcam can be used to spy on you. But it is by no means certain that you can be hacked in the first place. – Matt Dec 21 '13 at 18:49
  • 1
    @WhiteWinterWolf That question (and the answers) are very focused on how to protect yourself from the government. I don't think "Don't bother, the government always win." is a relevant answer to this question. Maybe the other questions are better dupe targets. – Anders Jul 18 '16 at 11:43
  • @WhiteWinterWolf Yeah, this got complicated. The "reversible" part makes it even more so. Don't know what the right course of action is, so I cant say anything constructive other than I won't complain whatever you choose to do. – Anders Jul 18 '16 at 15:18
  • It is interesting first of all to know if your microphone is hacked you might need to audit access to that resource and be notified of its use SElinux can that for you. – sami Nov 01 '16 at 09:47

3 Answers3

15

This issue affect both laptops, tablets and cellphones with similar solutions, so even if only laptops were explicitly mentioned in the OP's question (with still a link to an article focusing on cellphones), I think it can be useful to address the issue as a whole.

There are several ways to counter malicious use of embedded microphones:

  • Physical destruction / removal of the microphone,
  • Using a dummy plug,
  • Relying on software isolation techniques,
  • Using specific hardware to mitigate privacy issues.

Let's see each one of them, what they are all about, and what are their strengths and weaknesses.

Physical destruction / removal

The most well-known and most effective solution is to physically destruct (drill) or remove (desolder) the microphone: no microphone anymore, no malicious way to use it. An external microphone can then be plugged whenever required (earphones for instance in the case of cellphones).

Be aware however that certain devices (in particular cellphones and tablets) may contain several microphones working together (mainly used to attenuate background noise): you must be sure to not miss any of them.

The iFixit website is usually a great place to find teardown videos, unmounting instructions and even vendor specific tools and parts for various hardware including cellphones and computing devices.

But apart from the actual microphone(s), researchers have found that mobile devices gyroscopes (which do not even require any authorization in the case of mobile apps) can also be used as low quality microphones. So, the "no microphone, no audio spying possible" adage may not be completely true.

Using a dummy plug

As recommended at the end of this article, this is most probably the easiest way to get an easily reversible deactivation of the microphone. All you have to do is simply cut the plug from some old microphone or earphone and put it into your device to disable the main microphone, just unplug it and the microphone will be back.

However, do not assume that while this requires a physical action on your side this means that the microphone will be physically disconnected. I remember old issues when running Linux on some laptops where plugin in earbuds would not deactivate the laptop's main speakers: sound would be diffused through both the earbuds and the main speakers. This means that some action had to be done at the software level in order to disable the main speaker when an earbud plugged-in event is triggered.

One cannot exclude that the same rule also goes for the microphone. Depending on the device, plugin in a dummy device may indeed physically disconnect the main microphone(s), or the main microphone(s) may still remain reachable at a low level.

Nevertheless, this should still be efficient notably against spyware relying on the device's standard audio stack and against cellphones' hidden automatic callbacks which, IMO, are the most common threats.

Low level attacks are more in the realm of targeted attacks, and if you are a high enough target to justify such investment from the adversary and it turns out that your devices are affected by low level malware (or you assume so by default, which may be wise in such circumstances), then your balance should go more toward drastic measures than convenience and physically removing microphones may seem a minimum.

Software isolation

The most documented entry point for the attackers remains at the software layer, whether by exploiting some flaw or manipulating the user into running malicious code.

Hardened desktop computing platforms (mainly Qubes OS and to a lesser measure the newcomer Subgraph OS in the FOSS realm, Polyxene in the proprietary realm, there may be other) strongly isolate software from the hardware. There is no real equivalent on mobile devices, as their low-consumption CPUs do not offer virtualization feature yet, however there are early ongoing projects integrating LXC into Android which seems to be a very promising first step.

On such systems, in order to reach the microphone a malicious software has to be able to escape the containment system and build a covert channel through it. This provides a good protection level even against targeted attacks.

However, in case of a high value target, chances are that the attacker will just try to bypass the whole operating system at once and directly reach the lowest and most privileged layers by taking advantage of:

As far as I know, there is no real solution to these threats.

  • For computers: older computers do not come with Intel Management Engine and using libreboot allows to disable it on pre-2009 computers, but there does not seem to be any solution on recent platforms except using specific hardware as discussed in the following section.

  • For cellphones:

    • The osmoconBB publishes a free implementation of the GSM stack to replace the opaque default one, but AFAIK there is no other project going any further.

    • On their Hardening Android for Security and Privacy, the Tor development team launched a call years ago for devices where the baseband hardware would be effectively isolated from the rest of the device but with no real luck.

Using specific hardware

A few projects aim to find solutions in order to provide platforms as trustworthy as possible to their users, allowing to have a real control on the hardware behavior.

For the computers:

  • The Purism company (clearly a pun on NSA's PRISM project) builds laptops and tablets with a specific focus on privacy (by the way their Librem 13 model is the first officially Qubes-certified laptop). One of their originality is to equip each one of their product with hardware switches allowing to physically disable the camera, microphone, WiFi and Bluetooth. However, they still seem to run on CPUs enforcing Intel Management Engine (an Intel Core i5 in the case of the Librem 13).

  • Crowdfunded projects like the EOMA98 (also featured in Linux Magazine) try to create the most open platform as possible. This one especially is interesting due to the care taken in choosing the components, most especially the CPU. Such project rely on low-consumption CPUs, which does not provide the same computational power and cannot run a hardened desktop OS like Qubes OS (see the "Software isolation" part above, the limitation are the same as for mobile devices)... for know, since things are moving very quickly in this area and I don't see why open hardware would not follow the same path than open software (being optimistic, I would say that bugging their own CPUs was probably the nicest present Intel and AMD could have made to their competitors).

For the cellphones:

  • There are comparable projects on cellphones side, like the Open hardware Cellphone which rely on the Adafruit Fona cellular phone module, but as stated above you remain stuck with GSM with no concrete future plan to go beyond this. Moreover, while the hardware itself is open I am not sure at all that this module's firmware is open source (?), in which case it would solve absolutely nothing regarding the network baseband module trust issue. However, such device would still give the opportunity to have a better control on the microphone (and camera whenever you add one), for instance by adding a switch like the one equipping Purism computers.

  • Mike Perry from the Tor project has written and maintains a guide on Hardening Android for Security and Privacy. In its current shape it is described more as a proof-of-concept due to usability issues, but it still provides a wealth of information. Fundamentally, due to the lack of proper isolation between the network baseband module and the rest of the cellphone, the idea is to use two devices:

    • A WiFi-only tablet with no cell network support and optionally the microphone removed (this is actually only to address a potential software exploitation now, since the microphone is effectively out of reach of the cellular network),
    • A separate cell modem device providing WiFi access for data services only,
    • Use VoIP (or whatever you like, as long it is data) on top of that to communicate.

Conclusion

Practical security is mostly a matter of balance between pure security and convenience. As always, the exact good answer heavily depends on your actual needs and threats you are really facing, but to give an idea:

  • For high-profile targets (I mean life or death issues, not a teenager downloading some warez ;) ), I would feel more comfortable with a solution relying on specific hardware whenever possible (ie. when such solution, which are still in their infancy, suits your needs), otherwise on physical modification of more common hardware by removing the microphones and putting some black electrical duct-tape on the cameras.

  • For privacy-conscious users, unless their geeky part push them to actively participate in the open-hardware move, using low-level software isolation on computers, a dummy plug in the cellphone and some black electrical duct-tape on each camera should be sufficient to quickly and easily provide a good level of privacy without really sacrificing convenience.

WhiteWinterWolf
  • 19,142
  • 4
  • 59
  • 107
12

If your laptop is "hacked" then everything you do on the laptop can be known to the attacker. Yes, the microphone can be used to listen to the environment sounds and there is no ambiguity about it; the debate on Webcams is because Webcams often come with a LED which supposedly turns on whenever the Webcam is "looking", and the question is whether it is possible to activate the Webcam without turning that LED on. Microphones never had such a LED to begin with, so there is no question about that: whatever controls the computer can "listen" at will.

The same can be said of your cell phone or of any system which runs software and physically contains a microphone (so this also applies to most "land-line phones").

Low-tech solutions have the nice side of being obviously right, meaning that you can, as a human user, check that they are in force, without having to trust that the machine was not compromised as some software level. The trouble with microphones, though, is that while deactivating them permanently is easy (if only by wrenching the microphone out with a pair of pliers), a reversible block is hard. One possibility is to physically disable the internal microphone, and plug an external microphone in the relevant plug whenever you actually want to record sound.

Apart from that, a machine compromise is already quite pervasive: if hostile entities can activate your laptop microphone without your consent, then it can be argued that you already have bigger problems, namely that all your emails, documents, network activity, passwords... are known to the attacker.

Thomas Pornin
  • 322,884
  • 58
  • 787
  • 955
  • "reversible block" is the word I was looking for! – daniel.sedlacek Dec 19 '13 at 15:21
  • 6
    I understand that when my device is hacked, everything it contains falls in the hand of the attacker. What bother me more with the microphone and camera is that the attacker also gains a potential access to *things I've never put in any computing device*. – WhiteWinterWolf Jul 18 '16 at 19:45
2

These folks claim that their hardware includes a physical kill switch for the microphone that reversibly interrupts the wire: https://puri.sm/posts/camera-microphone-hardware-kill-switch-behavior-on-librem-laptops/ . I can't seem to find any independent audits of their claim, but it raises an interesting possibility.