Every microphone in every powered device must be considered as listening if you are serious about security at all.
So what if the panel actually even disabled the mic preamp on the board? You could have a program/virus/trojan that silently re-enabled it behind your back, without you knowing. So I'd say this is nothing to be concerned about, because every device you own potentially "listens" with its microphones all the time.
The advice with plugging a jack into the line-in port is good -- if you're sure your hardware hasn't been tampered with, this should physically disconnect the microphone.
Obviously if you're really worried about your computer listening, you should rip it open and physically cut the microphone connection.
> "if you're sure your hardware hasn't been tampered with, this should physically disconnect the microphone."
Why so? Most soundcards merely detect an impedance change and flick a bit to switch from internal microphone to line-in but you can have full control of that bit by software. That's actually what the prefpane does: even with something plugged in the line in, one can switch back to the internal microphone as a source. (EDIT: apparently it goes hidden on new hardware revisions but the functionality is there, just boot into Linux and do some poking on the soundcard to see what's really available)
I believe the LED that tells you your MacBook's camera is on is hard-wired into the motherboard, for the very purpose of making it impossible to covertly enable the camera via software. A similar approach could be used for a mic.
This is not true. The software Prey (which is designed to spy on people who have computers that have been stolen) takes covert photos and sends them without activating the light.
I just installed Prey, marked my MacBook Pro as missing, waited, and the light definitely did come on - albeit for around two seconds - while taking the webcam picture.
I did this test as well when I first heard about Prey. The first couple times when I knew the picture was going to be taken I did not see the light.
The reason is because we can only focus on one thing at a time. While waiting for the picture I was casually browsing the net -- probably reading HN -- and only periodically looking up to watch the light. I assumed a light source would catch my peripheral vision. It had not. For the third test I stared at the camera with an unbroken focus. Sure enough, the light turned on as expected.
Net: I could not see the light unless /I was looking at the camera/. It's a side effect of how the mind works and processes information. It's also important to keep this fact in mind when building interfaces: don't alert users in places they aren't looking. They won't see it no matter how red or many sparkles you add. :)
Actually I don't think it is listening at all when not in use. In fact the sound card even powers itself down when not in use, which can actually be heard in some cases (with some badly shielded/grounded HP for example). It's on when the prefpane is shown for the purpose of displaying that VU meter but as soon as you quit the prefpane, the hardware turns off. And as soon as an app opens it, it turns back on.
Even then, let's assume the sound card is always on (like my old SB16):
- what would listen to it if it was on? necessarily some code, or else it just goes straight to /dev/null.
- so if it's external code injected by a malicious guy, what prevents him from setting it back to internal (and setting it back to line-in when you're looking)? Or craft all sorts of drivers hooking into or replacing AppleHDA.kext or whatever?
- but if it's not external code it has to be internal (i.e Apple provided), so what would prevent Apple to simply tell you it's off when it would not actually be?
- and since line-in disappeared but the (HDA or whatever) sound chip certainly still has this functionality, what would prevent Apple from having a second microphone plugged into that line-in, completely hidden and uncontrollable?
Now Poe's Law kicks in and I can hear headlines already "Apple removed the line-in on purpose to spy on us!"
This article is without merit. The author's logic train derails shortly after leaving the station.
Without removing the hardware there is no way to prevent someone with remote root access from recording audio from any input regardless of settings. This is true of any machine that has audio inputs and drivers loaded for those devices.
He even gets basic facts incorrect. The author assumes his Macbook Pro doesn't have a dedicated audio input. It does. Every Macbook Pro does. (The Macbook Air is the only Mac shipping without a built-in audio input).
Really, what I see is a software update that fixes a user interface bug. System Preferences no longer offers disconnected audio inputs as a selectable option, because it's just plain smarter that way. Could there any possible confusion for an average user between "Internal Microphone - Built In" and "Line In - Audio Line In" when looking at their sound input options? Seems like a design decision made in the interest of removing irrelevant choices.
The Macbook Air does not have a combo port (currently). Just a headphone jack. I used dedicated to mean "includes specific hardware to handle this use case". Sorry for the ambiguity.
The consumer product line continues to have fewer fine-grained controls than Pro products, so nothing has really changed here.
Interesting! The language on the MBP specs says "Combined headphone/line in", whereas the MBA specs say "Headphone port". But you are correct: my headphones register as an audio input on the Macbook Air. I wonder if it's a very specific exception, or just an intentionially undisclosed feature (why?).
I would read "combined headphone/line in" as meaning that it would do full stereo line-level audio if you provided it. The MBA's port only works with four-pin cell phone-style headsets, as far as I know, which do mono over an extra pin while still providing stereo output.
so despiteall that, when you are using the prefs screen and turn the input volume theway cown, it should not register any input right? Thenwhy does it? thas not nothing.
A microphone is a mechanical device, so it will always produce output regardless of what your volume settings may be.
To get technical, you are controlling the gain of the volume of the stage after the microphone. So in the real world the microphone should always show input unless physically disconnected. Computer manufacturers don't follow any standard practices it seems, so you may see it both ways.
Sounds like a bug. I can't reproduce it on my Air, and it appears other commenters have difficulty reproducing it as well. The OP/commenters experiencing the issue should probably file a Radar.
Agreed, I would also urge the author to look for more accredited sources to fuel his infosec paranoia than GQ magazine. David Kusher certainly earned his pay that month.
Even if the default input device is set to "Line-In" software would be able to get the audio data from any device on the system. The NSA precautions mentioned in the article are superstitious and would likely do nothing to deter anyone who had compromised your system that badly.
If you are really worried about this, I recommend surgery. I used to have this Windows box at work that would always make sounds for no reason, even though the sound was muted. The solution was to open it up and physically disconnect the speaker. Never made a sound again.
If you don't want your computer to be used as a listening device, first try adjusting your tinfoil hat. If you're still worried, open it up and remove the speakers and microphones. Make sure you get them all! Though I'm sure someone can figure out how to make a hard drive into a microphone, so you'd better replace that with an SSD. Also get the camera while you're in there.
There. Now you just have to worry about the bugs the Agents put all over your house.
If you're after a specific individual, a far better target than their computer would be their cell phone. Computers are complex and stationary. Cell phones are eminently more susceptible to this type of attack because the government can compel carriers to use technology that is already in place. No malware package required.
Working in telecom was enlightening for me. There's a feature called "executive barge in" that pops up from time to time when shopping for PBX systems. Executive barge in allows a user with the appropriate rights to open an audio channel to any phone connected to the switch, bypassing the alerting phase. That is to say, the phone never rings; the audio channel just opens. Most systems provide some sort of brief alert tone, but this is entirely implementation based. There's nothing implicit about opening a channel that would require a tone.
All digital phone systems have the ability to implement a feature like this. Cell phones are digital phones. With old analog (POTS) phones, when the phone was "on hook", there was a physical change in the connection of the copper pairs. In modern phone systems on-hook/off-hook is just a software state. There is no physical difference. Opening an audio channel is a distinct event, completely separate from the alerting signal [1] in common cell phone protocols.
The bottom line is that if you're really concerned that someone is listening in, you should watch the horrible movie "RED" and imitate John Malkovich's character the best you can.
I don't think frequency flooding works with the newer types of microphones used in modern analog phones (electret/dynamic). The article specificly mentions carbon mics, and that frequency flooding can be defeated with a capacitor.
Yes, those are 'POTS' phones, the old style variety as mentioned in the great grand parent.
Newer phones, basically anything with a bunch of electronics are not susceptible to this kind of trick.
When it was first revealed by the dutch hacker group 'hack-tic' (http://en.wikipedia.org/wiki/Hack-Tic) the phone company denied it could be done until there was a public demonstration.
Not to be argumentative, because I really appreciated that link :) but POTS stands for "plain old telephone service". It's still in use all over the place today.
The distinction is in the type of phone attached to the POTS line. It looks like it requires a combination of a carbon mic and an old, non-integrated-circuit switchhook. Something like you'd find in an old Western Electric 2500 [1].
A carbon mic has some pretty unique properties. Base output is very high, such that output is easily detected at a distance without amplification, and they're very low impedance. Even slightly newer telephone designs would use an electret style microphone. The most basic electret circuits require a capacitor, which is noted to defeat the frequency flooding attack.
Actually... some ceramic capacitors are piezoelectric [1] and thus could (conceivably) be used as low-fidelity audio sensors. Better rip out all the capacitors too -- just in case. ;-)
That would be one crazy covert communications channel. Wonder if there are any security papers exploring that...?
Yes, true. Pretty much any passive device can pick up sound. Two wires running next to each other is enough. A "microphone" is just a particularly well-engineered sound collection device.
Eh, you're a little to glib here. This sort of dismissive (and imo shortsighted) response is a problem.
Let's say it's 2003 and instead of being a post about laptop internal microphones, it's about SQL injection vulnerabilities in [your favorite blogging engine]. The quick & easy response is "Oh, go adjust your tinfoil hat, do you really think you're important enough for the hackers to focus on? And if they do, don't you think they could do a little more than rely on a silly SQL injection vulnerability?"
But we know the problem with SQL injection vulnerabilities usually aren't focused hacker attacks, it's fire-and-forget script kiddie exploits that most of us have to worry about. This is no different. Not too many folks are worried about "the Agents" surreptitiously monitoring their laptop's microphone, it's some bored 14-year-old with time on his hands and an easy-to-use exploit tool.
If you are really worried about this, I recommend surgery.
There might be a Kickstarter product in this. Simply devise a magnetic activation switch for the microphone. I've opened up multiple 13" Macbook Pro laptops, so I know how little space is in that corner where the microphone and magsafe socket board is, but there is enough.
Perhaps even better: a microphone that has a deactivation pin which can be pulled with a pair of tweezers. A service would solder this in place for you, and the laptop could be used with no internal microphone. Then, when it was time for you to sell the laptop, you simply open the case and pull the pin out of the back of the microphone, reactivating it. You could even construct this out of the same microphone element as used in the macbook. Just have the pin short across the mic capsule's terminals.
Well, the article reminds me of the "Webcam" short film. It is not so much about covert NSA agents taking over your computer as targeted malware... http://www.youtube.com/watch?v=i841CamEX3o
Amazing; I wonder how the webcam allowed him entry to the building and her apartment (which of course could not have happened without the webcam). I'm as tinfoily as the next guy, I have my webcam covered with a post-it, and I think the issue is serious and people should be more aware, but this video makes alarmist, overreaching leaps to conclude "use a webcam -> get raped" which is precisely what the video suggests.
If you are really worried about this, I recommend surgery.
Me too -but in a more literal way.
Sorry for the downvotable comment, but cannot resist a pun, especially when it kinda makes my actual point.
The thing is, whether the MBP is "always listening" or not is of little consequence, in an age when we know that governments look into the wires, have taps into ISPs and can listen to any and all mobile phone conversation.
Btw, my iMac 27" 2009, doesn't seem to register any sound with the internal mic set to the minimum volume. And there's also the "Audio MIDI setup" program, where you can disable it completely.
GSM uses several cryptographic algorithms for security.
The A5/1 and A5/2 stream ciphers are used for ensuring
over-the-air voice privacy. A5/1 was developed first
and is a stronger algorithm used within Europe and the
United States; A5/2 is weaker and used in other
countries. Serious weaknesses have been found in both
algorithms: it is possible to break A5/2 in real-time
with a ciphertext-only attack, and in January 2007, The
Hacker's Choice started the A5/1 cracking project with
plans to use FPGAs that allow A5/1 to be broken with a
rainbow table attack.
Even with a "mute" checkbox, it stands to reason that a hack that grants access to the mic will also at least attempt to bypass the "mute" setting. So, without a hardware solution, there's no real way to secure the mics on these macbooks.
Personally I'm not that worried, but I can see why this could be a problem for some.
Exactly. I was going to suggest using something like Soundflower to create a fake sound input device, but at the end of the day it's still a software thing that can be overridden.
If you're really paranoid, you could always remove the mic with a soldering iron... =)
Yep, my father used to work in high-security (think live nuclear sites)... the standard answer was to use a drill press to ream out any camera lenses on cell phones that needed to be on-site.
Agreed a mate who used to work for Qinetiq - he commented that buying a new phone was getting to be a problem as taking a phone with a camera onsite was strictly forbidden.
Changing your sound configuration is useless against anyone who has obtained admin rights on your operating system. Windows, Linux, Mac, or otherwise. If they have root/admin, they can override any setting you change at the most basic levels.
If you're still OCD and concerned about it, install Soundflower [1] and you can easily configure Soundflower as your default input, but not feed anything on to the Soundflower bus, thus making the default input silence. This is, in effect, the same as the author's suggestion of setting the default input to line-in and plugging in a stub; also pointless, as a line-in jack has no ability to convert acoustic wave forms to electrical signals.
I feel less-smart for even addressing this question.
Beat me to it. Though I find the tone of this article incredibly overparanoid.
I'll also link along http://roguemaobea.com. They produce a line of audio apps that can hijack and route sound in OS X for a range of actually useful purposes. They've got tools for doing timed recordings of system audio, Line in audio, or audio from specific apps, as well as a tool for broadcasting any of these audio sources to Apple's Airport Express.
I'd just like to chime in with another vote for soundflower. It's useful for any number of things, I have recently used it to pass youtube videos through VST plugins to clean up the audio, and to make Cave Story, a somewhat old game, work with my external soundcard. You can also use it as an alternative to those ripoff "record your audio output" programs.
It is made by the fine people who produced Max/MSP.
I understood is as the stub was plugged into the input to avoid having the input automatically ignored due to not having a device connected.
I don't know (no experience) if Macs' analog ports were this clever, but considering the hardware to detect presence in the port is trivial, it wouldn't surprise me so that's how I interpreted it.
I've seen a lot of Windows hardware drivers that do this. They detect when you've plugged a device in to an audio port and change the config to accommodate. OS X doesn't do this. If you configure Line In as the default input, the OS will monitor that port, regardless of its state. The only adjustment OS X makes is to remember input volumes based on plug state. So for example, if you plug in a set of headphones, the volume will be adjusted to the level that was set when headphones were last plugged in. When you unplug, the volume level is reverted to the state it was in prior to plugging in headphones.
Reducing the volume in the control panel doesn't add security. Microphone input volume is settable from user level without special permissions, so any software that was going to listen can control the volume.
When you plug a microphone device (e.g. a headphones/mic combo that comes with the iPhone) into the single audio port on a recent Macbook, it will be detected and the control panel will switch to giving you settings for "External microphone".
The internal microphone no longer shows up, suggesting it is disabled as before.
I would imagine (yes, I'm speculating) that the control panel uses a standard OS interface to enumerate audio devices, and when the internal microphone drops off the list in the dialog, that reflects the fact the OS isn't offering it anymore. So an app asking the OS to enumerate audio devices would not find the internal microphone.
It's always possible that there's a lower-level hack to get around that, but then that's always been a concern.
By the way, I forgot to mention that when I turn my input level down to zero, the little blue bars stop showing any signal. The blog post is about 10.6 (Snow Leopard), as mentioned below the Control Panel snapshot. Maybe this is all fixed in 10.7 (Lion)?
Cell phones are badly-secured always-on tracking devices with built-in microphones designed to communicate potentially sensitive data over known-insecure networks. (Start at https://en.wikipedia.org/wiki/Phone_hacking.) Why are we worrying about MacBooks again?
Like always, if you can't trust your machine, you should stop using it and reformat it. The only security comes with a controlled behavior in which software is installed in your computer, which websites you visit, etc.
Any software switch can be overriden by a silent hack. Besides, overhearing conversations is the least of your problems if your computer is compromised. I would worry more about documents and web browser data.
Even if that's the case, it's not really relevant. If the concern is that an attacker will listen your mic, the only 100% solution is to physically extricate the mic from your laptop. If an attacker is able to install software (with administrative privilege) on your computer, they can do anything you can do, including re-configure your audio devices and mic volume levels.
This behavior is not present in OS X 10.7. However, as many people have pointed out, it is foolish to trust the display shown in System Preferences if you are really paranoid about security.
Finding a single regression in a defense in depth strategy does not an exploit make. Software can select whichever input it wants, regardless of whatever settings you may have set. This is one of many things that are simply a best effort to protect the computer. Root access or even access as an Administrative user could bypass this setting easily.
Apple should put an activation indicator LED shining through micro-holes like the power light is, next to the microphone which is hardwired to a tiny relay, such that the microphone is physically disconnected unless the LED is on.
Yeah .. umm .. and there is no guarantee that your CPU isn't broadcasting every single operation to a top-secret government satellite, either. The technology is there: have you audited your CPU today?
Build it yourself and verify via hash that what is on the firmware is what would get written.
However, if you're so paranoid that you think this could be a problem, you're already outside the realm of buying preassembled computers anyways. Who knows who could have tampered with it en route?
I'll tell you what else seems to always be listening - the camera on the MacBook Pro, even when the little green light is off.
Cover the camera with your finger or shine a flashlight/mobile phone screen into it, watch the keyboard lights react. It's obviously listening for light level changes.
I just wonder how much data you could collect from the sensor without the green light turning on?
Not sure about this one. Fiddling a little bit, I'd rather say that there is a light sensor left of the camera.
Blanking only the camera does nothing, blanking the spot just left of it triggers the backlight dimming.
Yeah, this used to cause trouble for me at work. The way my office was lit, moving my hands too far over the (right?) speaker would suddenly change the kb lights and screen brightness. Turned the auto brightness after a couple hours and never re-enabled it.
Right -- I'm not sure about the MacBook, but in many cases the webcam led is software-directed, not hardware-directed. So a small change to the driver (or firmware) can make it record without enabling the led.
Paranoia much? Surely a much better approach to security would be network monitoring, anti-virus and vigilance. This sounds like blacking out the windows because you can't be bothered to close the curtains.
If your tin-hat doesn't feel like enough protection, try downloading and installing Sound Flower (Generally cool app). Basically it lets you 'patch' one audio output on the computer to an audio input, so you could record the output of your computers speakers at near full resolution (Useful for screen-casts/video game play through and probably lots of other things). Activate Sound Flower Bed and select the option along the lines of 'no input'/'no device'. Go into system preferences and select the Sound Flower device as the default input device.
All of that is, however, completely irrelevant since applications can select audio inputs external to system preferences and record the input at whatever volume they like. (E.G. Skype can use a different input to the sys default, Logic Pro can record from all you system inputs at once etc.)
Though this is a bit foil-hat for most people it can be a real privacy concern. Can your mac be used to secretly spy on you? Absolutely. Has apple done this before to their customers? 100% (and so have others) see carrier IQ: http://en.wikipedia.org/wiki/CarrierIQ
If something like this bothers you theres no reason you should be using any closed source software at all.
It's that easy. If you're concerned about your privacy and system integrity don't use any software from a source you don't personally trust and that can't be reviewed by a third party.
Newer MacBooks don't have a separate microphone hole anymore; the mic is now located under the left speaker grille. You'd either have to tape over the whole thing (it's a pretty big grille), or open up the machine to cover/detach the mic specifically.
Are you suggesting that my mac book pro is sending this data to some apple server somewhere?
Can you imagine A the traffic that would take and B the amount of useless information that would be recorded. They have millions of computers!
If its not being recorded locally or sent to an external source from a privacy point of view there is no problem. Both of these would be easy to detect by looking for sound files somewhere on the device or monitoring outbound internet traffic.
So is it battery life that you have the problem with?
still drinking my coffee, but the one odd part was that, on theprefs screen, with mic input all theway down, it was still regisrering audio. something is wrong there....all other arguments about security aside,
i tried this on my mid 2009 mbp, and dont get the same results... turing volume input all the way down should result in muted audio input. nevermind havkers... what if i just want it off for a sec while i say something i dont want someone to hear (mute buttons aside.... and are they working filly if rekying on the same api)
suggest trying on multiple units... and as others have said, those guidelines are just best practices, not guarantees. if you want guarantees, you dont have conversations near microphones... and sweep theroom for transmitters, assuming thats still possible. one would assume some agency with an unfathomable budget could probable fevelop some kind of ultra liw power ulta wideband bug we are nor goingto detect. or it will just record and theywill tell it to transmit later. or just pick it up... thelist goes on,
theoriginal question is valid though, i would like to know that, absentmalicious intent, when my mic is muted its muted, and inthe samevein, that the camera light is an absolute indicator of activity.
when i get around to buying a new mac (or something) which shoukd besoon, ill be doing someexploratory surgery n this one i think.
So what if the panel actually even disabled the mic preamp on the board? You could have a program/virus/trojan that silently re-enabled it behind your back, without you knowing. So I'd say this is nothing to be concerned about, because every device you own potentially "listens" with its microphones all the time.
The advice with plugging a jack into the line-in port is good -- if you're sure your hardware hasn't been tampered with, this should physically disconnect the microphone.
Obviously if you're really worried about your computer listening, you should rip it open and physically cut the microphone connection.