

Potential major security flaw on HP laptop? - tlrobinson
http://www.rtl-sdr.com/potential-major-security-flaw-hp-laptop-discovered-rtl-sdr/

======
tlrobinson
Relevant slides from a Defcon talk by Melissa Elliott / @0xABAD1DEA:
[https://docs.google.com/presentation/d/1Z_IRt6R2FL7POeY4J-pY...](https://docs.google.com/presentation/d/1Z_IRt6R2FL7POeY4J-pYGLDAIAdEHprQY13f-NVIfwE/edit#slide=id.p)

~~~
Nick_C
That's one of the most engaging presentations I've seen for years. I laughed
out loud at slide 38.

Thanks for the link.

------
ealexhudson
It seems unlikely that the flaw was intentional - there are much better ways
of leaking audio that are much more difficult to detect. But it's interesting
that the design and the cheap components or whatever have all conspired to
leak the audio in FM.

If nothing else, it's a great lesson in how security is just a very difficult
subject, and 'secure' an almost nirvana-like state in terms of the
impossibility of achievement.

~~~
simcop2387
Yep I'd definitely chalk this down to being unintentional myself. I'd guess
that there's leakage from the ADC on the mic which won't likely ever be turned
off since clock gating it would be difficult (many of those guys talk on SPI
or I2S or some such, which doesn't make that easy) and gating the power could
have all kinds of noise issues during power on and off. Why it's that easy to
pick up and why around 24mhz i'm not sure myself.

~~~
jonmrodriguez
Forgive my beginner question:

What makes clock gating of SPI & I2S difficult?

As an example component, here's a SPI mux by Maxim that has 8 separately-
controlled SPST switches for <= $3.30 (probably much cheaper at scale).
[http://www.maximintegrated.com/datasheet/index.mvp/id/1281](http://www.maximintegrated.com/datasheet/index.mvp/id/1281)
So, if you utilize this fully, you could clock-gate 8 separate SPI components
for < $0.42 each, right?

Is a mux the wrong way to do it? What's the proper implementation?

~~~
iyulaev
Nothing. SPI and I2S is usually not implemented with free-running clocks
anyway, the clock only runs when there's data on the interface. Sorry,
grandparent.

------
bugmen0t
</conspiracy> This one explains the issue quite well:
[http://www.reddit.com/r/RTLSDR/comments/1le3if/so_i_discover...](http://www.reddit.com/r/RTLSDR/comments/1le3if/so_i_discovered_that_my_hp_laptop_leakstransmits/cbykrqq)

Learn your electronics and don't believe in rumors ;)

------
codezero
I'd like to see if others are seeing this same behavior on the same model.
Maybe he has some weird malware that keeps the microphone live?

~~~
mschuster91
Malware, though, would likely not be able to actively send stuff out via the
air.

~~~
codezero
Agreed, but I'm not convinced that a weak FM signal isn't just some electronic
artifact of a crap board crammed in with a bunch of other tiny components that
happens to be triggered when the microphone is on.

