Using a computer is full of potential pitfalls. Viruses, ransomware, phishing scams, and even errant cups of coffee can all turn seemingly simple tasks into a nightmare.
I’m not talking about keyloggers or identity theft (both of which are bad enough) — but instead, I’m referring to a criminal who hacks into your operating system and takes over your webcam and/or microphone. Knowing that someone could be watching your every move or listening to your every utterance should send shivers down your spine.
We’ve already looked at why you should disable or cover your webcam. Now let’s take a look at the microphone.
The Secret Spy
Web camera hacking has frequently been in the headlines over the last few years, and as a result, it’s now firmly in the public conscience.
A hacked camera is reasonably easy to spot; lots of built-in laptop cameras have a light that shows when they’re in use, while external USB cameras can be unplugged to nullify any threat. The threat is there, but it’s “treatable”.
But what about microphones? Almost all computers now have built-in microphones. How can you tell if they are being used? They don’t have lights, they don’t (or at least, rarely) come with on-screen notifications, and they’re not as easy to cover as a webcam; some muffled speech will still get through, especially if you’re a loud talker.
“I Don’t Care if Someone is Listening to Me”
It’s easy to be dismissive of the potential threat. Why should you care if someone listens to you talking about a TV program with your partner, or the sports results with your best friend? What use is that information to a criminal?
The answer: massively useful.
What happens when you try and login to an online service that you’ve not used in months or years? Often, you’ll have forgotten your password. Then what happens? You go through a series of security questions. And guess what are the most common questions; “What is the name of your pet?”, “What is your favorite sports team?”, and “What is your mother’s maiden name?”. Questions whose answers you might well have discussed in your home.
For the seriousness of the problem, you need to look no further than the Samsung TV debacle of early 2015. It was revealed that voice searches were being sent unencrypted over the Internet, and that it was possible to pull the actual audio out of the raw data. A security nightmare.
RATs (But Not Rodents)
The chances of a hacker targeting you in the above manner are admittedly slim, but there are still more serious and sinister concerns you need to be aware of.
Specifically, RATs. And no, I don’t mean those disease-infested rodents that live in city sewers.
RATs is short for “remote access Trojans”. In short, they are pieces of malware which allow a hacker to remotely control a victim’s computer. They are often delivered by zero-day vulnerabilities and can thus bypass security software before running invisibly in the background.
Once operational, these RATs can capture sounds from the user and their surrounding environment and send it back to the hacker via compressed audio files or even encrypted streams.
RATs have been found in highly secure government and corporate environments, with experts now claiming confidential data is being exposed at an alarming rate. The problem has been exacerbated by the proliferation of VoIP phones (such as Skype), which have increased the number of potential vulnerabilities by their very nature.
Bottom line — whether you’re a home user or business owner, you’re at risk from audio RATs.
The last vulnerability worth considering is the use of microphones as a means for transmitting and receiving data using high-frequency audio signals that are inaudible to humans.
In 2013, researchers at Germany’s Fraunhofer Institute for Communication, Information Processing, and Ergonomics conducted a study. It found that “covert acoustical networking” — a technique which had been hypothesized but never proved — was indeed possible
The two researchers, Michael Hanspach and Michael Goetz, discovered that it was conceivable to transmit small packets of data between two laptops that 20 meters apart and not connected to the Internet. The signal could then be repeated, allowing hackers to quickly develop a mesh network over huge distances.
“These arms races between defensive and offensive advanced technologies have been going on for [a long time], but now, with the low cost of writing code, it may get progressively more challenging to defend against.”
~Mark Hagerott, U.S. Naval Academy cybersecurity professor
According to Hanspach, the network could transmit data at about 20 bits per second — not enough for large files, but more than adequate for sending date from keyloggers, encryption keys, or login credentials.
A Microphone Isn’t Just for Your Voice
So there you have it. Three very different hacking techniques, all of which utilize your computer’s microphone.
Whether it’s someone listening into your conversations to garner personal information, a hacker who’s used advanced software to remotely listen in to a business’ confidential Skype conversations, or someone who is using your microphone to collate data, it all just proves just how vulnerable you can be if you’re are not careful.
Of course, you can disable your microphone, but that won’t help if someone has deployed a RAT on your machine. The only way you can be truly safe is to use zero-day virus protection alongside your regular anti-virus software, and be extremely vigilant about which sites and apps you grant microphone access to.
Have you been the victim of a microphone hack? Do these threats concern you or are they scaremongering? As always, we’d love to hear your stories and opinions in the comments section below.