[jrockway]

If you are really worried about this, I recommend surgery. I used to have this Windows box at work that would always make sounds for no reason, even though the sound was muted. The solution was to open it up and physically disconnect the speaker. Never made a sound again.

If you don't want your computer to be used as a listening device, first try adjusting your tinfoil hat. If you're still worried, open it up and remove the speakers and microphones. Make sure you get them all! Though I'm sure someone can figure out how to make a hard drive into a microphone, so you'd better replace that with an SSD. Also get the camera while you're in there.

There. Now you just have to worry about the bugs the Agents put all over your house.

[finnw]

> There. Now you just have to worry about the bugs the Agents put all over your house.

Physical bugs are expensive. Malware is cheap.

[bradleyland]

If you're after a specific individual, a far better target than their computer would be their cell phone. Computers are complex and stationary. Cell phones are eminently more susceptible to this type of attack because the government can compel carriers to use technology that is already in place. No malware package required.

Working in telecom was enlightening for me. There's a feature called "executive barge in" that pops up from time to time when shopping for PBX systems. Executive barge in allows a user with the appropriate rights to open an audio channel to any phone connected to the switch, bypassing the alerting phase. That is to say, the phone never rings; the audio channel just opens. Most systems provide some sort of brief alert tone, but this is entirely implementation based. There's nothing implicit about opening a channel that would require a tone.

All digital phone systems have the ability to implement a feature like this. Cell phones are digital phones. With old analog (POTS) phones, when the phone was "on hook", there was a physical change in the connection of the copper pairs. In modern phone systems on-hook/off-hook is just a software state. There is no physical difference. Opening an audio channel is a distinct event, completely separate from the alerting signal [1] in common cell phone protocols.

The bottom line is that if you're really concerned that someone is listening in, you should watch the horrible movie "RED" and imitate John Malkovich's character the best you can.

http://www.scribd.com/doc/54495209/UMTS-3G-WCDMA-Call-Flows

[jacquesm]

It is possible to use a phone as an eavesdropping device even when it is on-hook:

http://www.euronet.nl/~rembert/echelon/muren/index.html#floo... (dutch)

[bradleyland]

I don't think frequency flooding works with the newer types of microphones used in modern analog phones (electret/dynamic). The article specificly mentions carbon mics, and that frequency flooding can be defeated with a capacitor.

[jacquesm]

Yes, those are 'POTS' phones, the old style variety as mentioned in the great grand parent.

Newer phones, basically anything with a bunch of electronics are not susceptible to this kind of trick.

When it was first revealed by the dutch hacker group 'hack-tic' (http://en.wikipedia.org/wiki/Hack-Tic) the phone company denied it could be done until there was a public demonstration.

[bradleyland]

Not to be argumentative, because I really appreciated that link :) but POTS stands for "plain old telephone service". It's still in use all over the place today.

The distinction is in the type of phone attached to the POTS line. It looks like it requires a combination of a carbon mic and an old, non-integrated-circuit switchhook. Something like you'd find in an old Western Electric 2500 [1].

A carbon mic has some pretty unique properties. Base output is very high, such that output is easily detected at a distance without amplification, and they're very low impedance. Even slightly newer telephone designs would use an electret style microphone. The most basic electret circuits require a capacitor, which is noted to defeat the frequency flooding attack.

1 - http://en.wikipedia.org/wiki/Model_500_telephone#Model_2500

[waqf]

Particularly in terms of cost to deploy.

[beambot]

Actually... some ceramic capacitors are piezoelectric [1] and thus could (conceivably) be used as low-fidelity audio sensors. Better rip out all the capacitors too -- just in case. ;-)

That would be one crazy covert communications channel. Wonder if there are any security papers exploring that...?

[1] http://www.kemet.com/kemet/web/homepage/kfbk3.nsf/vaFeedback...

[jrockway]

Yes, true. Pretty much any passive device can pick up sound. Two wires running next to each other is enough. A "microphone" is just a particularly well-engineered sound collection device.

[jordan0day]

Eh, you're a little to glib here. This sort of dismissive (and imo shortsighted) response is a problem.

Let's say it's 2003 and instead of being a post about laptop internal microphones, it's about SQL injection vulnerabilities in [your favorite blogging engine]. The quick & easy response is "Oh, go adjust your tinfoil hat, do you really think you're important enough for the hackers to focus on? And if they do, don't you think they could do a little more than rely on a silly SQL injection vulnerability?"

But we know the problem with SQL injection vulnerabilities usually aren't focused hacker attacks, it's fire-and-forget script kiddie exploits that most of us have to worry about. This is no different. Not too many folks are worried about "the Agents" surreptitiously monitoring their laptop's microphone, it's some bored 14-year-old with time on his hands and an easy-to-use exploit tool.

[stcredzero]

If you are really worried about this, I recommend surgery.

There might be a Kickstarter product in this. Simply devise a magnetic activation switch for the microphone. I've opened up multiple 13" Macbook Pro laptops, so I know how little space is in that corner where the microphone and magsafe socket board is, but there is enough.

Perhaps even better: a microphone that has a deactivation pin which can be pulled with a pair of tweezers. A service would solder this in place for you, and the laptop could be used with no internal microphone. Then, when it was time for you to sell the laptop, you simply open the case and pull the pin out of the back of the microphone, reactivating it. You could even construct this out of the same microphone element as used in the macbook. Just have the pin short across the mic capsule's terminals.

[ridruejo]

Well, the article reminds me of the "Webcam" short film. It is not so much about covert NSA agents taking over your computer as targeted malware... http://www.youtube.com/watch?v=i841CamEX3o

[sequoia]

Amazing; I wonder how the webcam allowed him entry to the building and her apartment (which of course could not have happened without the webcam). I'm as tinfoily as the next guy, I have my webcam covered with a post-it, and I think the issue is serious and people should be more aware, but this video makes alarmist, overreaching leaps to conclude "use a webcam -> get raped" which is precisely what the video suggests.

[batista]

If you are really worried about this, I recommend surgery.

Me too -but in a more literal way.

Sorry for the downvotable comment, but cannot resist a pun, especially when it kinda makes my actual point.

The thing is, whether the MBP is "always listening" or not is of little consequence, in an age when we know that governments look into the wires, have taps into ISPs and can listen to any and all mobile phone conversation.

Btw, my iMac 27" 2009, doesn't seem to register any sound with the internal mic set to the minimum volume. And there's also the "Audio MIDI setup" program, where you can disable it completely.

[marchdown]

They can eavesdrop on encrypted mobile phone connections? Do you have a solid source on that?

[runjake]

For starters:

http://en.wikipedia.org/wiki/Mark_Klein

http://en.wikipedia.org/wiki/Room_641A

http://en.wikipedia.org/wiki/Gsm#GSM_service_security

  GSM uses several cryptographic algorithms for security.
  The A5/1 and A5/2 stream ciphers are used for ensuring 
  over-the-air voice privacy. A5/1 was developed first 
  and is a stronger algorithm used within Europe and the 
  United States; A5/2 is weaker and used in other 
  countries. Serious weaknesses have been found in both 
  algorithms: it is possible to break A5/2 in real-time 
  with a ciphertext-only attack, and in January 2007, The 
  Hacker's Choice started the A5/1 cracking project with 
  plans to use FPGAs that allow A5/1 to be broken with a 
  rainbow table attack.