I had a MacGyver moment in the past where I made a phone call with only are pair of old earbuds and a phone cord (no switches, no dial pad).
A speaker is basically the same thing as a microphone in reverse. Normally it takes an electrical signal to move a physical element that creates the sound waves. But you can also move the element and it will generate an electrical signal.
To dial you can use the old rotary trick. The old phones dialed by pulses of quickly disconnecting and reconnecting. You can do that by hand if you want but it might require a little bit of practice and dexterity. Basically if you want to dial a 5, just disconnect the wire from the headphone to the phone cord and then reconnect it 5 times in a row.
You have to both listen and speak through the ear bud. Not the best quality or easiest to do but it works.
As a DJ, I learned the trick to plugging your headphones into the Mic jack and yelling very loudly into the cans as a cheap microphone. It works in a pinch; not the best sound quality though.
You don't even need to disconnect the ear bud, just tap it. The voltage pulse from an audio signal is sufficient. Back in the days of rotary phones I used to show off how to dial numbers by simply tapping the receiver on the table.
That doesn't seem to work - I have a POTS line here, and no amount of tapping or striking the phone receiver on a surface is the equivalent of dialing (I tried the phone itself and my headset microphone). Perhaps a local VoIP ATA works that way, but my Telco does not. And I'm not surprised, there's a big difference between detecting an audio signal and detecting a local loop interruption through 18,000 feet of copper.
Perhaps so in some countries, but in the USA, pulse dialing still works (even VoIP ATA's here support it). There's lots of older automated equipment out there that depends on it (elevator call boxes, alarm systems, building front door call boxes, etc.)
My "in case of power failure" phone is an old red Bell System desk phone with rotary dial. Still works great.
Yes, except in the Swedish phones, where the numbering starts from 0. So dialing 0 would make 1 pulse, dialing 1 would make 2 pulses, and dialing 9 would make 10 pulses.
That's more like "ever since digital mobile phones came around". The number 112 is in GSM standard.
Technically, the network gives it a priority, and you can make a 112 call even without a SIM card, or even if your operator does not have coverage. The call goes through any operator that has coverage. (You can actually see this in the phone display when making a 112 call; it handles it quite differently. I have done it a few times; unfortunately, most of those times, someone has died...)
If the network is so busy that all traffic channels in GSM are occupied, and you make a 112 call, one of the existing calls is dropped and you get the emergency call.
This had some interesting side effects in China. There, prior to introduction of GSM, the number 112 was allocated to phone company technical complaints. Police was 110 and fire alarm was 119 and so on.
So, if you were making a GSM phone call to a friend, and the network was full - not that infrequent in China - you wouldn't get through. But you could call the technical complaint line at 112, and this was a priority service which dropped one of the existing calls. Once the technical complaint service was ringing, you could drop that call (to the network, an emergency call) and you'd have one free GSM time slot in your cell. And you could call your friend.
Until the next guy did the same, and your ongoing call would get mysteriously dropped.
The plot point in question was that they were encoding the phone number when leaving it as a callback number. Pulse dialing wouldn't have come into it.
I've used this before in a pinch too, speaker as a microphone in reverse. that got me wondering... would it be possible to use the same principle with another type of listening device. Focusing a laser beam on a window allows you to hear a conversation in the room. so could the same principle be applied and allow a laser beam to transmit audio?
You can use a laser to transmit audio to a LDR or a light sensitive transistor/diode, which can then be used to run a speaker (with a battery attached). Essentially fibre optics through the air.
I did it once, the quality was rather lacking, since it used amplitude modulation instead of frequency modulation.
It's not quite what you're asking, but it's probably the closest you can feasibly get. I'm fairly sure that's also the way that laser microphones work as well.
Good ole' Servodrive. I've read some threads with Tom Danley on a few message boards and he is one incredibly fascinating individual.
Wouldn't the efficiencies between input/output transducers be inverse? A servo drive transducer would use very little energy to produce a lot of acoustic output, so wouldn't it require a large amount of acoustic input to generate any signal at all?
Not a "little known" feature, it is the feature that lets you plug your head phones into any of the 6 jacks that it looks like it fits in on the back of your computer and the little pop up says "Are those headphones you just plugged in?" you say yes and that jack is retasked as as headphone jack even though it was the subwoofer output according to the legend on the computer plate.
Its a "feature" that they have sold to a lot of manufacturers as an ease of use thing for people who are frustrated because they plugged in their headphones but get no sound.
They aren't fully identical, though. On my motherboard with some Realtek 8xx chip, plugging headphones into front panel jack, green jack, black jack and everything else produces progressively worse quality. Mainly bass suffers and only when driving headphones (no problem driving amps) so either these outputs have lower power capacity on the chip or DC blocking capacitors on the motherboard are smaller.
Interesting research, but with people already plugging those headphones into a portable surveillance set, and plus them using headsets (which are already microphones as well), this seems a bit chasing the wrong target?
(Assuming that the connected computer is compromised also already implies that the attacker has a microphone at their disposal, with most modern devices like smartphones, tablets and mobile computers)
For starters, the fact that RealTek is so easily reprogrammable to turn audio output into input is very unlikely just a "bug". It's a feature left their on purpose.
"It’s no surprise that earbuds can function as microphones in a pinch [...] But the researchers took that hack a step further. Their malware [...] silently “retask” the computer’s output channel as an input channel, allowing the malware to record audio even when the headphones remain connected into an input-only jack and don’t even have a microphone channel on their plug."
Wait, if they "retask the computer’s output channel as an input channel", then why do they need for the headphones to "remain connected into an input-only jack"?
The author of the article intended to write "output-only".
But even this is not quite right: it's by definition not an input-only jack, but rather a jack capable of both input and output (which the user may think is output-only), but that RealTek has quietly switched to input mode as a result of their malware.
Really this title is alarmist. Only very specific hardware, and you'd have to not notice the sound stopped.
Most people don't play sounds all day. But this does point to a viable defense, if the headphones are always playing something they can't be used to record.
That's a good point. You would also need to leave your headphones plugged in while not playing sounds (I don't, but others might I suppose). Headphones also make a really crappy mic -- try it out by plugging them into a microphone jack (essentially what this malware emulates) and recording yourself: you'll need to hold them inches from your mouth to be intelligible.
This is an interesting idea and something that the driver software should be more vigilant about, but it's definitely not something that would lead me to conclude the headline.
> Headphones also make a really crappy mic -- try it out by plugging them into a microphone jack (essentially what this malware emulates) and recording yourself: you'll need to hold them inches from your mouth to be intelligible.
The article itself claims two orders of magnitude better reach:
> In their tests, the researchers tried the audio hack with a pair of Sennheiser headphones. They found that they could record from as far as 20 feet away—and even compress the resulting recording and send it over the internet, as a hacker would—and still distinguish the words spoken by a male voice.
One attack vector doesn't need to cover everyone. Developing many attack vectors as possible gives you the greatest chance that one of them will work against a particular target.
As an example, lets say that a particular organization has taken a number of standard precautions to prevent audio from being recorded surreptitiously. They've banned cell phones and chosen computers without internal mics. The ability to record sound via the output jack would be huge.
Besides, I bet beats would work just fine. The reason Sennheiser's worked so well is probably because they have a large speaker, whereas a ear bud has a pretty small speaker. A speaker being used to pick up audio is basically a dynamic mic, which are not very sensitive for a given size. So I'd expect something like Beats, or the cheapo AKGs I have connected to my audio jack right now to work quite well.
Why couldn't you switch between input and output fast enough that you can't hear the difference, prioritizing output, and get low fidelity but viable input?
Producing output requires vibrating the headphone elements. That vibration will completely swamp any vibration induced by the sound in the room. Cutting the output long enough to dampen those vibrations will certainly be noticeable.
The cost lies in replacing the 300$ phones where the switch breaks (earlier than expected).
Cameras are easier, blocking light is even more low-tech than closing a circuit. Unfortunately, cameras are already the limiting component in the current craze for ever thinner devices, so adding a slider on top would not be very popular. Theoretically, cameras could also be physically disabled by shifting some elements that are already there out of the optical axis. The precision requirements to reliably restore it to working condition would be insane.
And if the switch is too prominent people will whine about accidentally switching things off when they didn't mean to. So the switch would get moved out of the way, and pretty soon people would just turn it off (if it's even on by default, which it probably won't be) and leave it off, because most people can't imagine why anyone would bother to exploit such capabilities.
Unlikely. There is going to be some sort of audio amplifier in the way that won't transfer signals very well in reverse. Even if it is built in to the audio chip there would be little point in allowing that output to be an input.
It seems like something that would work for built-in speakers too. They're driven by the same audio codec chips (eg realtek), but wired directly instead of through an external socket.
I think the opposite. Speakers are driven by an amplifier that will not let the audio in reverse, even if the soundcard output was switched to act as an input.
But might there be sufficient coupling between the amplifier's output and its input, such that driving the output pins via speaking into the speaker can produce a voltage on what is usually the input line to the amplifier?
I suspect it may be possible, depending on what the firmware allows - amplifier circuitry often utilizes feedback in some form or another, which is essentially coupling the output to the input. And even if the amplifier is powered off, there's bound to be capacitive coupling between the input/output lines, but that's probably too small to be useful.
While I have seen a soundcard using two such inverting stages in series for headphone output, in laptops dedicated chips are more common which probably don't have such strong coupling. But better safe than sorry if the NSA is after you :)
The original exploit shows that you really can't trust any digital device connected to the headphones. USB doesn't provide any isolation, it can be used for input as well as output.
If it is constructed just that there is an amplifier after what is supposed to be the output channel, you would probably be fine even if it was the the RealTek chip. There isn't going to be much coupling between a signal input to the output of the amplifier going back to the input as an output.
This ought to be true in most HP amps out there but there may be exceptions and possibly (I wonder if anybody ever investigated it?) some parasitic coupling too.
Incidentally, if Wired's ad-blocking "veil" gets in the way, right click, select "Inspect Element", find the "veil" item, right click, and select "Delete Node". No more veil.
It might be possible to use multiple screens to form a sort-of synthetic lens. Also, there is such a thing as a single-pixel camera (http://dsp.rice.edu/cscamera).
This technique was just as valid 8 years ago as it is today. The only difference today is that the realtek chipsets with port reassignment are more prevalent.
There's not much in the way of direction when it comes to analog audio signals. For output, you're driving the coil with some current. For input, you're reading current from the coil. This particular chip supports both on the same wires, you just have to tell it which one you want.
Serious question: I understand the argument against the classic "why should I care if someone records my conversations? I don't do anything illegal.", being that once the government starts recording everything you say the freedom of being able to say anything negative against them goes away knowing they could be listening. That said, why should I, a boring law abiding citizen, go around disabling my hardware and covering webcams etc...? If someone were to ask my what I was doing, just the fact that it's possible to hijack desktop mics is that enough for me to start putting faraday cages around myself? Serious question. Thanks :)
Privacy allows us to be ourselves, to make mistakes, to be right or wrong without it bringing the wrath or ridicule of the general public.
Privacy is a fence. Tall fences make good neighbors, because they help define what is and is not your business. My life is not the business of the government, nor should yours be. At least not until they have enough information to get a warrant.
It's not just the government you need to worry about, it's independent malicious actors as well. Video or audio recordings from your devices could be used to blackmail you unless you're very, very careful what you do or say at all times such devices are around.
With regards to the government, while you may not be doing anything illegal now, it will be illegal when they outlaw it.
Well, his thing was a culture where everyone was guilty of something and punishment was pretty harsh. To some extent like now. I'm sure I'm not recycling all my garbage precisely legally and that cap needs to be on (or off?) the creamer and I certainly was guilty of speeding this morning like everyone else on the road.
I meant just outright fabrication. Record one conversation about my coworker being on vacation in northern Wisconsin to shoot deer and another conversation about my watching the president make a speech before I went to the boy scout troop meeting on Monday and a semi-skilled editor can cut and paste together fake audio evidence that I'm the ringleader of a military coup with all kinds of detailed elaborate plans. Now that wouldn't result in a guilty verdict, but might result in swatting or just generic harassment, or maybe end up on some .gov list.
In the United States, at least, it's pretty likely that you're committing "crimes" unknowingly with some regularity. No fabrication is likely necessary if the authorities want to put you in a position of taking a plea bargain or gambling that you'll end up in prison. (See https://www.amazon.com/Three-Felonies-Day-Target-Innocent/dp... if this interests you.)
Well, I guess the quote also means how the most innocent thing, extracted from its context, can be very damaging. There's no need to edit your audio clips, just to imply it. "Tomorrow the president is going to northern Wisconsin. Mr. VLM is on record discussing shooting opportunities and ammo sale points near this precise area on the same precise day...". As you say, nothing that would stand trial, but enough for character assassination.
It's technology that enables the problem, not the actors. Technology can advance a position on a matter well ahead of anyone else at that moment, giving the actor temporary power over others. While most won't use this for their own gain, some will and do. If we want to stop this problem, we're going to need a way to slow technology down, at least when interacting with itself.
That fact has been so inconvenient for the government that the entire system has been redesigned to thwart it. Can't prove Al Capone is a mobster? Prosecute for tax evasion.
Keep passing broad overlapping laws and they can charge anyone with something. Then they don't have to change the law, only who they decide to prosecute.
I'm saying nobody would have been looking at him for tax evasion if he wasn't a mobster, even if he was doing it.
And after Capone the mobsters started paying their taxes, so now they charge them with money laundering, which is essentially a law against paying your taxes on unexplained income.
That's nice. But if you decide to run for high office 30 years from now it will become known that drew pony porn in college and never really stopped. That's the meaning of kompromat.
Like Trump, where the worst impropriety they could come up with was that he slapped women's arses? Everyone has something they'd rather not talk about.
I think the era of amendments has passed. Very unlikely we see a new one anytime soon.
Amendment XXVI, 18-year-olds can vote, ratified in 1972. Amendment XXVII, left over from 1789, relates to Congressional pay increases, ratified in 1992.
I didn't even know about the last one (I assume I can trust Wikipedia about it)? Which means the last "real" amendment was 44 years ago. None of the currently unratified amendments seem at all close to reaching the required number of ratification votes.
Yeah, well, in the UK the government is trying to justify sweeping constitutional and case law changes based on a non-binding referendum barely passing.
"If you give me six lines written by the hand of the most honest of men, I will find something in them which will hang him."
People have a history of abusing the power they have over people. The government isn't inherently untrustworthy because it is the government, it is people that are inherently untrustworthy when handed power without oversight and checks on that power. Having total information on an individual is power over that individual.
I don't want my friends or neighbors knowing everything I say and do. I don't want my insurance company taking things I say or do out of context as an excuse to raise my rates or drop me. I don't want the local White Nationalist group to know my background or political opinions. I don't want Google, who has the ability to disable my decade old e-mail account and make my digital life difficult, to know I'm working with a competitor.
Governments are just a part of the threat; there's also nosy neighbours, thieves, ex partners...
For instance, my bank account password is not illegal, nor am I ashamed by it in any way; I don't think I'm a prude, yet I feel like I should not tell it around.
Weird example, imo. The government has all sorts of documents pertaining to me that i wouldn't "tell it around". I'm not justifying them knowing everything of course, i just don't personally agree with your example.
In a perfect world, if i had nothing to hide and i trusted my government, then actually i wouldn't mind telling my bank account to the government in the slightest. In the real world though, i'm more concerned about 3rd party malicious acts than i am with the government directly, and the holes that the government injects into our lives.
I don't want the government to have my personal conversations not because i'm afraid of them specifically, but afraid of who else will inevitably get ahold of it when the government drops the ball.
(Note: yes, i know the government could also turn against me in an unknown future)
Serious question: I understand the argument against the classic "why should I care if someone records my conversations? I don't do anything illegal."
For the same reason you have the 5th amendment. It's quite easy to make someone who is innocent look guilty.
why should I, a boring law abiding citizen
Human beings are all "give an inch, take a mile." We have to be constantly put in check, or we will reach farther. Give us enough rope, and we will often hang ourselves. This is why we have laws, social norms, and communities. This also applies to humans who run the government.
One thing to keep in mind is that your lack of security can impact others, often without them being aware. So for example, you may be a boring law abiding citizen, but your brother is an anon. Well, that conversation where he told you about his dissident views got recorded, and they got a snapshot of him off from your camera, and in 2024 when dictator X turns the totalitarian surveillance key, your brother gets sent to re-education camp or worse.
There's many more angles, but that is one I don't think people think of very often. Another quick example is this, I have had to be very clear to and friends and family who know me on facebook (even though most of my data is poisoned) that they should never tag me in a photo, and preferably should never post a photo of me in the first place.
There's probably no reason for you to go around disabling hardware etc. You're aware enough of the implications and risks, it's possible you'll get pwned but not too likely. (Honestly I'm more personally worried about the inconvenience of Google nuking my gmail for no reason than anything the NSA might be up to.) Some of my coworkers cover up their work laptop webcams by default. I don't, the realistic threat model is IT or some other company representative spying on me, and I don't really care about that. If I find out I'll quit and I'm sure there will be lawsuits anyway.
All that said, I never liked the "well one day the government will accuse you of a crime somehow or otherwise severely limit your speech" argument. To me the better counter-argument is: "Fine, you don't care at all, you don't have to care. Similarly some people are super paranoid and live in a faraday cage etc., they can do that all they want. But a lot of people care to some degree in between, and a lot of other people are uneducated or unaware of the actual risks so aren't even aware of the problem that they could decide to care/not care about. If you don't care at all, again that's fine, just get out of our way as we try to protect people by default. Mass education of every issue is infeasible."
Governments change. Many people argued the same when pre-nazi Germany decided to register peoples religion. Granted that's an extreme example (or perhaps not considering the rise of the alt-right) but what's considered legally & morally ok can change quickly, for good or for bad.
Combine with the ability to train a neural network to identify typing noises by sound, and they can also read everything you type, including passwords.
Sure you are law abiding, but that doesn't mean every person with this power is.
We changed the baity title to representative language from the article. If anyone suggests a better (more accurate and neutral) title, we can change it again.
Are there more details of the 'hack' somewhere? Does this mean that one could take advantage of an extra input channel, or possibly two? What would be sacrificed if anything, latency?
I had a MacGyver moment in the past where I made a phone call with only are pair of old earbuds and a phone cord (no switches, no dial pad).
A speaker is basically the same thing as a microphone in reverse. Normally it takes an electrical signal to move a physical element that creates the sound waves. But you can also move the element and it will generate an electrical signal.
To dial you can use the old rotary trick. The old phones dialed by pulses of quickly disconnecting and reconnecting. You can do that by hand if you want but it might require a little bit of practice and dexterity. Basically if you want to dial a 5, just disconnect the wire from the headphone to the phone cord and then reconnect it 5 times in a row.
You have to both listen and speak through the ear bud. Not the best quality or easiest to do but it works.