Security researchers have discovered a way to flip an output channel on onboard Realtec audio into an input channel, thus turning your headphones into an unpowered microphone. The ability of a speaker or headphone to be used as a microphone is not news to anyone who has played around with headphones or input jacks, but it is possible some readers had deprived childhoods and have never tried this. While you cannot mitigate this vulnerability permanently you could certainly notice it as your headphones would no longer play audio if the port is configured as input.
Drop by Slashdot a link, and if you have never tried this out before you really should find an old pair of headphones and experiment with ports as well as snipping off one side of a pair of earbuds. One supposes iPhone 7 users need not worry.
"In short, the headphones were nearly as good as an unpowered microphone at picking up audio in a room. It essentially "retasks" the RealTek audio codec chip output found in many desktop computers into an input channel. This means you can plug your headphones into a seemingly output-only jack and hackers can still listen in. This isn't a driver fix, either."
Here is some more Tech News from around the web:
- Microsoft's nerd goggles will run on a toaster @ The Register
- Microsoft is reportedly sharing Windows 10 telemetry data with third-parties @ The Inquirer
- Google Sends State-Sponsored Hack Warnings To Journalists and Professors @ Slashdot
- Samsung might flog its PC biz to Lenovo for £680m @ The Inquirer
- HTC denies rumors of selling its smartphone business @ DigiTimes
- Samsung fires $70m at quantum televisions @ The Register
- 11 Essential Black Friday Computer Parts for Gamers @ Hardware Secrets
That’s why there should be
That’s why there should be hardware switches/buttons that can be manually switched to the OFF position as in the physically breaking a connection types of OFF switches. So for Switching OFF any built-in camera, microphone, WIFI/Blue-tooth, GPS, or other built-in functionality none of this software based “OFF” stuff allowed.
How about all that nefarious ultra sonic based communication between cell phones and Laptops, or even WIFI/Blue-tooth hacking. I’m surprised that they have not hacked those haptic track-pads to turn the track pad’s force detecting/haptic feedback circuity into some form of sound pickup device based on acoustic vibrations. Those big Apple track pads probably pick up on any acoustic vibrations pretty well being so large in total surface area. So there has to be a lot of software/firmware/driver code in those track pads to filter out any background ambient acoustic or other vibrations so they do register in false input, and that software/firmware/driver code is subject to hacking and turning a track pad into a nefarious sound pickup device.
Headphones make for some good sound pick-up devices as well as that’s just reversing the process and its all software driven on PC/Laptops/other devices anyways, especially for noise canceling headphones! Just look at the sound speaker it’s a diaphragm attached to a magnetic driver and all speakers feel acoustic vibrations as well as generate acoustic vibrations, that’s intrinsic to their design.
MM.. interesting thought
MM.. interesting thought there about the touch pads…
nobody cares about hearing or
nobody cares about hearing or seeing you…. I wouldn’t worry about anyone spying on your shitty life
Except you hunnybunch, nice
Except you hunnybunch, nice to know you are still checking in on us!
That nothing new for anybody,
That nothing new for anybody, if you go nobody will care and that is the nature of life! I was just hacked and had to get a new debit card, and hacked before that on a Tax return.
Watch those new chip based ATMs the transactions are safe but those little thin cameras that they can slip in that outside the machine slot can snap your entire embossed on the ATM Card number, and all because you have to leave you card in the chip reader until your entire transaction is completed. Only use the kind of ATM that completely pulls your card into the body of the ATM, because those chip reader slots on the outside of the ATM can have little micro cameras inserted and they may not get any pin numbers but they will get the full 16 digit card number and try to use that. It’s a good thing that my online bank transaction system had the heuristic algorithms to spot the attempts at using that card/card number 1500 miles from where I live and they called me to verify.
Now all I’ll have to worry about is the crappy US postal service putting the replacement card in the wrong P.O. Box or stealing it outright! because when the send you a new card that card can be activated by anyone that has the card using a phone. Too bad my online bank does not have a feature that requires me to turn on the card by using my online banking credentials(different from the card’s) and having to log in to activate the card. So there is one more thing I have to do on black Friday if my other brick and mortar bank is open so I can get the routing numbers to transfer from my online bank to my brick and mortar bank without using an ATM card.
Always have more than one bank account across more than one different bank and make sure that at least one of those bank accounts in a passbook savings account with no online/ATM access allowed at all. That one passbook account, that you have to come in the bank to use, is that last line of defense!
I highly recommend making the
I highly recommend making the move to cash only, with a second account strictly for purchasing online what you can’t get locally. The tax revenue from your purchase will also stay local from cash purchases.
Not only will you have greater control over your life, more privacy AND more security, but you will also spend less due to having to get up and go to the bank then go buy whim purchases next time you are in town. The debt notes will leave your hand and the psychology hits that you are walking out with less than you came in with as opposed to walking out with your magic plastic that is always returned to you and it never looks different or smaller.
Personal information cards as I call them, they are evil, here is abuse in action, pet licensing should also never have been a thing but that is a different subject subject.
http://komonews.com/news/local/king-county-using-grocery-store-data-to-target-pet-owners
Old man was watching the Godfather and the FBI character writing down license plates, I snickered a bit, now they just drive an ALPR reader through any event they deem unsavory.
Its a near impossible task securing the entire country’s privacy but securing your own against the beast’s dragnet is possible, likewise with corporations and script kiddies. It requires lifestyle and habitual changes and most people aren’t capable of that. Overhead surveillance is beyond the scope of my comment but in rural areas its limited to google earth and domestic forces looking for evil plants.
Every laptop I recall having has had tape put over the webcam, its common sense, just like reformatting any computer out of the box and getting the latest drivers. Headset always goes on or by my roaring quad radiator and my ankle bracelet (cellphone) is either always under the same radiator in airplane mode or in a signal blocker box.
Battery log sometimes shows my personal spy did some funny things when the screen was off.
Really, your carrier keeps a record of every store, every home, every person you were ever with, every road you ever drove down with it. Throw the number of visits to a persons home or being in close proximity to their phone and you have a neat social network bubble of who someone knows and how well they know them, what time they visit, when they are off work, where they work.
To those that cry “paranoid” I say lose the rose glasses and get your head out of the sand, reality is ugly, but maybe you knew that already and decided ignorance is bliss. People abuse power and information IS power in our day and age, control your information.
/end rant.
I use cash when shopping but
I use cash when shopping but the checks come in electronic form so the online account is for the depositing of the electronic checks. The ATM card/debit card is only used to get money out of the at an ATM to make cash purchases. The brick and mortar banks are for backup with one bank only a passbook type of account. The online bank withdrawals are for cash only from the ATM to be deposited into the brick and mortar bank accounts in person. There is always the cash stash around the house to add even more backup along with some extra on person cash tucked inside the belt or shoe, etc!
That ATM card that was nefariously photographed will stop me from ever using any ATM with a chip only method of ID that is only in a slot/reader that is mostly outside the body of the ATM and is accessible to insert those types of spy cameras into! I will never use that type of ATM again and will instead use an ATM that pulls the card completely in to the ATM’s body through a very thin slot in the ATM that is usually only the width of an ATM card itself, so no room to insert any picture snapping hardware no matter how thin.
It looks like the ATM card will need to have some way to physically cover the number up before inserting it into the chip type readers that are not completely inside the ATM. So maybe no embossed numbers and some form of provided overlay to hide the card’s 16 bit number from the view of any spy camera snapping. Those magnetic swipe readers where great as the persons fingers where usually covering parts of the complete number up and the swipe was quick enough to escape most cameras nefariously placed near the reader. The chip type readers require that the card remain in the slot/carrier so plenty of time to be photogenic before any nefariously placed spy cameras.
All chip type ATMs should be required to be of a design that the chip reader is housed completely inside the body of the ATM with only a slot big enough to accept the ATM cards actual width/thickness and only a real hair’s width more. So the chip type ATM card needs to be pulled through the thin slot into the belly of the ATM machine and then the chip can be read more safely without having the card numbers visible to any outside nefariously placed cameras. The attempted misuse of my ATM debit card number was most likely the result of one on those ultra thin spy cameras placed in the mostly outside the body of the ATM chip card readers!
So no cash was taken, but still I think that I may cancel the replacement ATM debit card and just use online transfers to move the cash from the online bank into the one other brick and mortar bank account that is not the passbook account and forget about the online bank account having any ATM access. They really screwed up with the chip cards readers on ATMs being so outside the body of the ATM machine in such a configuration that allows for any spy camera access to snap images of the card’s full 16 digit number.
I’ve always seen taped over
I’ve always seen taped over webcams and microphones as a sign of profound technological illiteracy.
Unless you’re a celebrity like Zuckerberg, why would someone with access to your device use its resources and their own time to record, stream and watch video of you when they could be harvesting your account details, installing ransomware, mining cryptocurrencies or using it as a node in DDOS for hire/extortion all of which can be done by scripts and so does not require their direct involvement.
because if some corporation
because if some corporation or organization has tools to hack and exploit your webcam and audio, then it’s just a matter of time before those types of tools are available to the masses.
Just think, your next door neighbor hates your guts and is always doing things to get at you, annoy the shit out of you, etc. what better way to get you to go away than to hack your shit and blackmail/blackball you…?