
Is My MacBook Pro Always Listening? - brianshumate
http://brianpress.heroku.com/blog/2012/01/23/is-my-macbook-pro-always-listening/
======
jwr
Every microphone in every powered device must be considered as listening if
you are serious about security at all.

So what if the panel actually even disabled the mic preamp on the board? You
could have a program/virus/trojan that silently re-enabled it behind your
back, without you knowing. So I'd say this is nothing to be concerned about,
because every device you own potentially "listens" with its microphones all
the time.

The advice with plugging a jack into the line-in port is good -- if you're
sure your hardware hasn't been tampered with, this should physically
disconnect the microphone.

Obviously if you're _really_ worried about your computer listening, you should
rip it open and physically cut the microphone connection.

~~~
lloeki
> "if you're sure your hardware hasn't been tampered with, this should
> physically disconnect the microphone."

Why so? Most soundcards merely detect an impedance change and flick a bit to
switch from internal microphone to line-in but you can have full control of
that bit by software. That's actually what the prefpane does: even with
something plugged in the line in, one can switch back to the internal
microphone as a source. (EDIT: apparently it goes hidden on new hardware
revisions but the functionality is there, just boot into Linux and do some
poking on the soundcard to see what's really available)

~~~
calloc
You can still insert a barrel jack, this time with 4 rings instead of 3 at
which point the microphone is disabled.

For example, Apple headphones for your iPhone can be plugged in and used for
that purpose...

~~~
pavel_lishin
Only if you cut the microphone off, of course. :)

~~~
stcredzero
You can buy a 4 ring 1/8" plug adaptor for headphones. Some of these adaptors
come with no mic.

------
lloeki
Actually I don't think it is listening at all when not in use. In fact the
sound card even powers itself down when not in use, which can actually be
heard in some cases (with some badly shielded/grounded HP for example). It's
on when the prefpane is shown for the purpose of displaying that VU meter but
as soon as you quit the prefpane, the _hardware_ turns off. And as soon as an
app opens it, it turns back on.

Even then, let's assume the sound card is always on (like my old SB16):

\- what would listen to it if it was on? necessarily some code, or else it
just goes straight to /dev/null.

\- so if it's external code injected by a malicious guy, what prevents him
from setting it back to internal (and setting it back to line-in when you're
looking)? Or craft all sorts of drivers hooking into or replacing
AppleHDA.kext or whatever?

\- but if it's not external code it has to be internal (i.e Apple provided),
so what would prevent Apple to simply tell you it's off when it would not
actually be?

\- and since line-in disappeared but the (HDA or whatever) sound chip
certainly still has this functionality, what would prevent Apple from having a
second microphone plugged into that line-in, completely hidden and
uncontrollable?

Now Poe's Law kicks in and I can hear headlines already "Apple removed the
line-in on purpose to spy on us!"

------
mchanson
This article is without merit. The author's logic train derails shortly after
leaving the station.

Without removing the hardware there is no way to prevent someone with remote
root access from recording audio from any input regardless of settings. This
is true of any machine that has audio inputs and drivers loaded for those
devices.

~~~
ddagradi
He even gets basic facts incorrect. The author assumes his Macbook Pro doesn't
have a dedicated audio input. It does. Every Macbook Pro does. (The Macbook
Air is the only Mac shipping without a built-in audio input).

Really, what I see is a software update that fixes a user interface bug.
System Preferences no longer offers disconnected audio inputs as a selectable
option, because it's just plain smarter that way. Could there any possible
confusion for an average user between "Internal Microphone - Built In" and
"Line In - Audio Line In" when looking at their sound input options? Seems
like a design decision made in the interest of removing irrelevant choices.

~~~
mickael1
The 13 inch Macbook Pro, just like the Air, does not have a dedicated audio
input. It's one of those mobile phone headphone/microphone combo jacks.

~~~
bbloomberg
Hold down option and click the volume icon in the menu bar, select "Use Audio
Port for: Input"

~~~
DanBC
The ability to switch between input and output suggests it's not a dedicated
input port.

------
kennywinker
Even if the default input device is set to "Line-In" software would be able to
get the audio data from any device on the system. The NSA precautions
mentioned in the article are superstitious and would likely do nothing to
deter anyone who had compromised your system that badly.

~~~
eternalban
Is "superstitious" a euphemism for misinformation?

~~~
kennywinker
> Web definitions: showing ignorance of the laws of nature and faith in magic
> or chance.

It always means misinformation, not just today.

~~~
eternalban
Correct you are. Let's try this again: Is it a euphemism for disinformation?

------
jrockway
If you are really worried about this, I recommend surgery. I used to have this
Windows box at work that would always make sounds for no reason, even though
the sound was muted. The solution was to open it up and physically disconnect
the speaker. Never made a sound again.

If you don't want your computer to be used as a listening device, first try
adjusting your tinfoil hat. If you're still worried, open it up and remove the
speakers and microphones. Make sure you get them all! Though I'm sure someone
can figure out how to make a hard drive into a microphone, so you'd better
replace that with an SSD. Also get the camera while you're in there.

There. Now you just have to worry about the bugs the Agents put all over your
house.

~~~
finnw
> _There. Now you just have to worry about the bugs the Agents put all over
> your house._

Physical bugs are expensive. Malware is cheap.

~~~
bradleyland
If you're after a specific individual, a far better target than their computer
would be their cell phone. Computers are complex and stationary. Cell phones
are eminently more susceptible to this type of attack because the government
can compel carriers to use technology that is already in place. No malware
package required.

Working in telecom was enlightening for me. There's a _feature_ called
"executive barge in" that pops up from time to time when shopping for PBX
systems. Executive barge in allows a user with the appropriate rights to open
an audio channel to any phone connected to the switch, bypassing the alerting
phase. That is to say, the phone never rings; the audio channel just opens.
Most systems provide some sort of brief alert tone, but this is entirely
implementation based. There's nothing implicit about opening a channel that
would require a tone.

All digital phone systems have the ability to implement a feature like this.
Cell phones are digital phones. With old analog (POTS) phones, when the phone
was "on hook", there was a physical change in the connection of the copper
pairs. In modern phone systems on-hook/off-hook is just a software state.
There is no physical difference. Opening an audio channel is a distinct event,
completely separate from the alerting signal [1] in common cell phone
protocols.

The bottom line is that if you're _really_ concerned that someone is listening
in, you should watch the horrible movie "RED" and imitate John Malkovich's
character the best you can.

<http://www.scribd.com/doc/54495209/UMTS-3G-WCDMA-Call-Flows>

~~~
jacquesm
It is possible to use a phone as an eavesdropping device even when it is on-
hook:

[http://www.euronet.nl/~rembert/echelon/muren/index.html#floo...](http://www.euronet.nl/~rembert/echelon/muren/index.html#flooding)
(dutch)

~~~
bradleyland
I don't think frequency flooding works with the newer types of microphones
used in modern analog phones (electret/dynamic). The article specificly
mentions carbon mics, and that frequency flooding can be defeated with a
capacitor.

~~~
jacquesm
Yes, those are 'POTS' phones, the old style variety as mentioned in the great
grand parent.

Newer phones, basically anything with a bunch of electronics are not
susceptible to this kind of trick.

When it was first revealed by the dutch hacker group 'hack-tic'
(<http://en.wikipedia.org/wiki/Hack-Tic>) the phone company denied it could be
done until there was a public demonstration.

~~~
bradleyland
Not to be argumentative, because I really appreciated that link :) but POTS
stands for "plain old telephone service". It's still in use all over the place
today.

The distinction is in the type of phone attached to the POTS line. It looks
like it requires a combination of a carbon mic and an old, non-integrated-
circuit switchhook. Something like you'd find in an old Western Electric 2500
[1].

A carbon mic has some pretty unique properties. Base output is very high, such
that output is easily detected at a distance without amplification, and
they're very low impedance. Even slightly newer telephone designs would use an
electret style microphone. The most basic electret circuits require a
capacitor, which is noted to defeat the frequency flooding attack.

1 - <http://en.wikipedia.org/wiki/Model_500_telephone#Model_2500>

------
PedroCandeias
Even with a "mute" checkbox, it stands to reason that a hack that grants
access to the mic will also at least attempt to bypass the "mute" setting. So,
without a hardware solution, there's no real way to secure the mics on these
macbooks.

Personally I'm not that worried, but I can see why this could be a problem for
some.

~~~
Aqua_Geek
Exactly. I was going to suggest using something like Soundflower to create a
fake sound input device, but at the end of the day it's still a software thing
that can be overridden.

If you're really paranoid, you could always remove the mic with a soldering
iron... =)

~~~
maukdaddy
That's exactly what's done with cameras and microphones in high-security
environments.

~~~
LogicHoleFlaw
Yep, my father used to work in high-security (think live nuclear sites)... the
standard answer was to use a drill press to ream out any camera lenses on cell
phones that needed to be on-site.

------
bradleyland
Changing your sound configuration is useless against anyone who has obtained
admin rights on your operating system. Windows, Linux, Mac, or otherwise. If
they have root/admin, they can override any setting you change at the most
basic levels.

If you're still OCD and concerned about it, install Soundflower [1] and you
can easily configure Soundflower as your default input, but not feed anything
on to the Soundflower bus, thus making the default input silence. This is, in
effect, the same as the author's suggestion of setting the default input to
line-in and plugging in a stub; also pointless, as a line-in jack has no
ability to convert acoustic wave forms to electrical signals.

I feel less-smart for even addressing this question.

<http://cycling74.com/products/soundflower/>

~~~
unwind
I understood is as the stub was plugged into the input to avoid having the
input automatically ignored due to not having a device connected.

I don't know (no experience) if Macs' analog ports were this clever, but
considering the hardware to detect presence in the port is trivial, it
wouldn't surprise me so that's how I interpreted it.

~~~
bradleyland
I've seen a lot of Windows hardware drivers that do this. They detect when
you've plugged a device in to an audio port and change the config to
accommodate. OS X doesn't do this. If you configure Line In as the default
input, the OS will monitor that port, regardless of its state. The only
adjustment OS X makes is to remember input volumes based on plug state. So for
example, if you plug in a set of headphones, the volume will be adjusted to
the level that was set when headphones were last plugged in. When you unplug,
the volume level is reverted to the state it was in prior to plugging in
headphones.

------
tlb
Reducing the volume in the control panel doesn't add security. Microphone
input volume is settable from user level without special permissions, so any
software that was going to listen can control the volume.

------
thinkling
When you plug a microphone device (e.g. a headphones/mic combo that comes with
the iPhone) into the single audio port on a recent Macbook, it will be
detected and the control panel will switch to giving you settings for
"External microphone".

The internal microphone no longer shows up, suggesting it is disabled as
before.

Thus, the simple plug hack should still work.

(I'm running Lion on a MBP8,1.)

~~~
Tyrannosaurs
Suggesting it is disabled isn't the same as it being disabled.

Reducing the input level to zero suggests it's disabled but evidently this
isn't the case.

~~~
thinkling
That's why I phrased it exactly like that. :)

I would imagine (yes, I'm speculating) that the control panel uses a standard
OS interface to enumerate audio devices, and when the internal microphone
drops off the list in the dialog, that reflects the fact the OS isn't offering
it anymore. So an app asking the OS to enumerate audio devices would not find
the internal microphone.

It's always possible that there's a lower-level hack to get around that, but
then that's always been a concern.

By the way, I forgot to mention that when I turn my input level down to zero,
the little blue bars stop showing any signal. The blog post is about 10.6
(Snow Leopard), as mentioned below the Control Panel snapshot. Maybe this is
all fixed in 10.7 (Lion)?

------
JoachimSchipper
Cell phones are badly-secured always-on tracking devices with built-in
microphones designed to communicate potentially sensitive data over known-
insecure networks. (Start at <https://en.wikipedia.org/wiki/Phone_hacking.>)
Why are we worrying about MacBooks again?

~~~
nodata
Just because there is something worse to worry about, doesn't mean you should
forget about everything else.

------
janus
Like always, if you can't trust your machine, you should stop using it and
reformat it. The only security comes with a controlled behavior in which
software is installed in your computer, which websites you visit, etc.

Any software switch can be overriden by a silent hack. Besides, overhearing
conversations is the least of your problems if your computer is compromised. I
would worry more about documents and web browser data.

------
nthnclrk
Without further investigation, I pose a potentially naive question:

What evidence is there that this behaviour of the internal mic is the same
when the Audio preferences pane is not open?

Could it be that the mic is automatically made 'live' when system preferences
or that particular pref pane is opened?

~~~
bradleyland
Even if that's the case, it's not really relevant. If the concern is that an
attacker will listen your mic, the only 100% solution is to physically
extricate the mic from your laptop. If an attacker is able to install software
(with administrative privilege) on your computer, they can do anything you can
do, including re-configure your audio devices and mic volume levels.

------
joejohnson
This behavior is not present in OS X 10.7. However, as many people have
pointed out, it is foolish to trust the display shown in System Preferences if
you are really paranoid about security.

------
Terc
Finding a single regression in a defense in depth strategy does not an exploit
make. Software can select whichever input it wants, regardless of whatever
settings you may have set. This is one of many things that are simply a best
effort to protect the computer. Root access or even access as an
Administrative user could bypass this setting easily.

------
stcredzero
Apple should put an activation indicator LED shining through micro-holes like
the power light is, next to the microphone which is hardwired to a tiny relay,
such that the microphone is physically disconnected unless the LED is on.

------
seclorum
Yeah .. umm .. and there is _no_ guarantee that your CPU isn't broadcasting
every single operation to a top-secret government satellite, either. The
technology is there: have _you_ audited your CPU today?

~~~
jsilence
Use the same laptop RMS is using and read the source.
<http://richard.stallman.usesthis.com/>

~~~
petsos
How would I verify that this source was actually used?

~~~
Karunamon
Build it yourself and verify via hash that what is on the firmware is what
would get written.

However, if you're so paranoid that you think this could be a problem, you're
already outside the realm of buying preassembled computers anyways. Who knows
who could have tampered with it en route?

------
user24
I'll tell you what else seems to always be listening - the camera on the
MacBook Pro, even when the little green light is off.

Cover the camera with your finger or shine a flashlight/mobile phone screen
into it, watch the keyboard lights react. It's obviously listening for light
level changes.

I just wonder how much data you could collect from the sensor without the
green light turning on?

edit: I'm wrong, see my reply to jcromartie

~~~
jcromartie
If you look closely, there's actually another dot next to the camera. That's
the ambient light sensor.

~~~
user24
You're right. I thought that was the LED but it's not.

Well now, what am I going to do with this tin foil hat I just made?

------
smoody
If you hook something like this to the macbook, do you get the option of
selecting an external mic?

[http://www.amazon.com/Logitech-3-5mm-Jack-Audio-
Adapter/dp/B...](http://www.amazon.com/Logitech-3-5mm-Jack-Audio-
Adapter/dp/B0058P0I2C/ref=sr_1_14?s=electronics&ie=UTF8&qid=1327459565&sr=1-14)

------
samarudge
Paranoia much? Surely a much better approach to security would be network
monitoring, anti-virus and vigilance. This sounds like blacking out the
windows because you can't be bothered to close the curtains.

If your tin-hat doesn't feel like enough protection, try downloading and
installing Sound Flower (Generally cool app). Basically it lets you 'patch'
one audio output on the computer to an audio input, so you could record the
output of your computers speakers at near full resolution (Useful for screen-
casts/video game play through and probably lots of other things). Activate
Sound Flower Bed and select the option along the lines of 'no input'/'no
device'. Go into system preferences and select the Sound Flower device as the
default input device.

All of that is, however, completely irrelevant since applications can select
audio inputs external to system preferences and record the input at whatever
volume they like. (E.G. Skype can use a different input to the sys default,
Logic Pro can record from all you system inputs at once etc.)

------
sjs
> especially the average Mac user to secure their machine’s audio input in the
> first place.

The average user of any machine doesn't need to worry about this. Much ado
about nothing.

------
mrdingle
Though this is a bit foil-hat for most people it can be a real privacy
concern. Can your mac be used to secretly spy on you? Absolutely. Has apple
done this before to their customers? 100% (and so have others) see carrier IQ:
<http://en.wikipedia.org/wiki/CarrierIQ>

If something like this bothers you theres no reason you should be using any
closed source software at all.

It's that easy. If you're concerned about your privacy and system integrity
don't use any software from a source you don't personally trust and that can't
be reviewed by a third party.

------
droithomme
I've deleted kernel extensions to deal with related issues before. They often
get reinstalled after updates though, so it can be quite a hassle.

------
abnoid
This does not happen with my early 2011 13" mbp.

------
mirkules
Isn't there a non-destructive low-tech solution, like placing a piece of foam
tape over the microphone to block audio?

------
mbell
He should throw out his keyboard too: <http://vimeo.com/2007855>

------
ladino
currently down.. > read it here:
[http://webcache.googleusercontent.com/search?q=cache:brianpr...](http://webcache.googleusercontent.com/search?q=cache:brianpress.heroku.com/blog/2012/01/23/is-
my-macbook-pro-always-listening/)

ever thought about the camera or your mobile phone? ;)

------
p0wn3d
Does the same apply to a webcam on a laptop without an indicator light?

------
mikecane
What about putting a wee piece of tape over the mic hole?

~~~
_delirium
Newer MacBooks don't have a separate microphone hole anymore; the mic is now
located under the left speaker grille. You'd either have to tape over the
whole thing (it's a pretty big grille), or open up the machine to cover/detach
the mic specifically.

------
brianshumate
Wow, a lot of pretty serious comments for what I consider to be a completely
tongue-in-cheek post that is essentially asking a simple question.

Some of you people need to lighten up.

Besides, my favorite hat is made of copper! ;P

------
marcamillion
I tested mine and turning it down seems to work.

------
kzrdude
This is not a real approach at security.

------
derekorgan
Are you suggesting that my mac book pro is sending this data to some apple
server somewhere?

Can you imagine A the traffic that would take and B the amount of useless
information that would be recorded. They have millions of computers!

If its not being recorded locally or sent to an external source from a privacy
point of view there is no problem. Both of these would be easy to detect by
looking for sound files somewhere on the device or monitoring outbound
internet traffic.

So is it battery life that you have the problem with?

~~~
Karunamon
No, rather that "Hmm, this is odd, it seems _there is no way to disable the
mic_ "

I didn't read any allegations of remote recording here. Perhaps you clicked on
another article by mistake?

~~~
dedward
still drinking my coffee, but the one odd part was that, on theprefs screen,
with mic input all theway down, it was still regisrering audio. something is
wrong there....all other arguments about security aside,

i tried this on my mid 2009 mbp, and dont get the same results... turing
volume input all the way down should result in muted audio input. nevermind
havkers... what if i just want it off for a sec while i say something i dont
want someone to hear (mute buttons aside.... and are they working filly if
rekying on the same api)

suggest trying on multiple units... and as others have said, those guidelines
are just best practices, not guarantees. if you want guarantees, you dont have
conversations near microphones... and sweep theroom for transmitters, assuming
thats still possible. one would assume some agency with an unfathomable budget
could probable fevelop some kind of ultra liw power ulta wideband bug we are
nor goingto detect. or it will just record and theywill tell it to transmit
later. or just pick it up... thelist goes on,

theoriginal question is valid though, i would like to know that,
absentmalicious intent, when my mic is muted its muted, and inthe samevein,
that the camera light is an absolute indicator of activity.

when i get around to buying a new mac (or something) which shoukd besoon, ill
be doing someexploratory surgery n this one i think.

