Realtek's audio chips -- found in Macs and many PCs -- can repurpose your laptop's headphone jack to serve as a mic jack, and capture audio through your headphones.
The attack targets people who have already taken the paranoid step (once demonstrated by Edward Snowden) of ripping out their laptop's mic; but when such a person is targeted, the attack can work silently and without any outward indication; it relies on the fact that headphones' membranes vibrate in the presence of external sound (just like mics' membranes) and the magnets in headphones convert those vibrations to electrical signals that can be detected by the headphone jack.
There’s no simple software patch for the eavesdropping attack, Guri says. The property of RealTek’s audio codec chips that allows a program to switch an output channel to an input isn’t an accidental bug so much as a dangerous feature, Guri says, and one that can’t be easily fixed without redesigning and replacing the chip in future computers.
Until then, paranoiacs take note: If determined hackers are out to bug your conversations, all your careful microphone removal surgery isn’t quite enough—you’ll also need to unplug that pair of cheap earbuds hanging around your neck.
Great. Now Even Your Headphones Can Spy on You [Andy Greenberg/Wired]
(Image: Amy Gilson, CC0)
Iowa state court officials contracted with Coalfire to conduct "penetration tests" on its security; as part of those tests, two Coalfire employees broke-and-entered the Adel, Iowa courthouse, and were caught by law-enforcement, whose bosses in Dallas County were not notified of the test.
Eleanor Saitta's (previously) 2016 essay "Coercion-Resistant Design" (which is new to me) is an excellent introduction to the technical countermeasures that systems designers can employ to defeat non-technical, legal attacks: for example, the threat of prison if you don't back-door your product.
For decades, people (including me) have predicted that cyberinsurers might be a way to get companies to take security seriously. After all, insurers have to live in the real world (which is why terrorism insurance is cheap, because terrorism is not a meaningful risk in America), and in the real world, poor security practices destroy […]
There’s reading for pleasure, and then there’s reading for fuel; absorbing the great ideas in nonfiction books so you can apply them in your own life. In today’s hectic pace, it can be difficult to find the time to do that reading – especially for the entrepreneurs and professionals who can benefit the most from […]
Breaking into the big leagues as a project manager isn’t done overnight, but there are principles that anyone can learn, and they’re applicable to nearly any business. No matter what your field, if there are multiple teams working toward a common goal, you’re going to need a roadmap. The Project Management Professional Certification Training Suite […]
On the one hand, nostalgia is “a corruption of the historical impulse,” according to William Gibson. On the other hand, “Super Mario Bros.” will never not be cool. Luckily, there’s a way to satisfy that retro gaming while still keeping an eye on the future: The GameShell Kit. This thing is simultaneously the last handheld […]