Hacker News new | past | comments | ask | show | jobs | submit login
Apple's T2 chip will prevent hackers from eavesdropping on your microphone (techcrunch.com)
218 points by tosh 11 months ago | hide | past | web | favorite | 151 comments

> The chip comes with a hardware microphone disconnect feature that physically cuts the device’s microphone from the rest of the hardware whenever the lid is closed

Why do you need a chip for this? Can't you just break the circuit with a regular dumb physical switch? Or is this a much more complex problem than it first appears?

There is already a lid closed sensor. Adding another mechanical switch is more expensive, adds another point of failure, takes space, may interfere with the aesthetics, etc...

The T2 chip probably also acts as a controller for a lot of the builtin sensors, including the microphone and lid closed switch. As a result, adding a feature to turn off the microphone when the lid is closed becomes trivial. Basically just add a logic gate between the two.

Why have the control go through a sophisticated programmable chip and not just use a simple transistor/relay directly connected to the sensor?

A “simple” transistor or relay is bulky and expensive. By comparison, routing through a programmable chip (which is already on the board) is nothing more than routing work—it doesn’t add anything to the BOM.

This is just the way people design circuits these days, because it’s easier and cheaper. A single µC with a few GPIOs, rather than a bunch of logic chips scattered around the board.

Even on programmable chips, not every part of the chip is programmable.

The goal is to make this so it cannot be overridden in software. By designing hard-coded logic in a chip that already exists, you can get the same level of security for essentially zero cost.

Especially, even if this is programmable, this chip is probably not programmable from the point of view of the motherboard...

And if an attacker is able to connect a chip programmer on your motherboard, you have a totally different threat model and bigger problems to worry about.

because it already has to go through it for signals processing

Why should it go through yet another redundant mechanism.

Have you ever seen a MacBook from the last 10 years? There are no physical switches, it's an hall sensor that works with the magnets that keep the thing closed.

Physical switch could be made INSIDE the laptop and would be automatically pressed by the lid itself - when the lid is closed. No sensors needed. No chip needed. When lid is closed - mic is disconnected. When opened - mic is connected... User does not need to do anything else then closing the lid...

There are people out there that hook up their laptop to an external display and then use it with the lid closed. Wouldn't be surprised if some of them want to use the mic with that configuration as well.

Then they are out of luck with this new T4 security chip cutoff, Apple says that it cuts off the mic when the laptop is closed, and there's no way even the kernel can override it:

“This disconnect is implemented in hardware alone, and therefore prevents any software, even with root or kernel privileges in macOS, and even the software on the T2 chip, from engaging the microphone when the lid is closed,” said the support guide.

So in this respect, there's no difference between the T2 chip cutoff and a physical switch... except that there could still be a backdoor in the T2 chip cutoff that Apple hasn't admitted to.

In my experience, it doesn't work very well with the lid-closed... therefore I (like many of my colleagues) tend to use external mics, too.

It's a shame. It's a damn fine third or fourth screen (I'm writing this on it).

I dock because I only like one screen. My workflow is already optimized for my laptop screen (I'm on it 60% of the time). So my ideal setup is one massive screen when I have the choice.

I could credentialize in multimonitor usage (I have before), but now I'm getting used to something that's incompatible with portability.

Physical switch could be done with a very small magnet behind the lid surface and an opposed micro-reed switch (or other magnetically actuated on/off device) buried behind the body surface. No surface penetrations, no exposed moving parts (reed relays are hermetically sealed).

Reed switches are pretty damned huge when working at the scale of a laptop.

Not to mention it would make the case of the computer microphonic — bump it hard enough and that’ll be transmitted through the reed relay.

Yeah, I agree. Reed switches might even resonate with music played through laptop speakers. This needs a no-moving-parts magnetic sensor.

And a magnetic switch is far too easily defeated

My parent’s table pads do precisely that. After a particularly baffling family tech support call I drove over. Their kitchen table pads magnetically lock to stay nicely aligned, and also either put a laptop to sleep, or keep it awake when closed depending how you place them.

How? The point is to prevent invisible eavesdropping not prevent some spook on the table from hacking you.

too easy to fix if it breaks

A switch is more likely to break than a sensor and there’s already one for closed lid.

theres just no lolz round here

Who controls the switch? You need an entire secure system distinct from the untrusted CPU - or a manual switch on the side. The latter goes against everything Apple believes in design wise.

I'm suggesting the lid could control the switch, physically, as in when you close it the mic's circuit is broken.

Yea that could work. I think this is cheaper for them surprisingly enough. Switches are expensive.

Expensive and failure-prone!

Just put a magnet-actuated switch into the mic itself and a magnet in the corresponding place in the body - problem solved.

Nothing to break, zero attack surface, what's not to like?

Except the magnet-actuated switch for each mic.

Those are rated for over hundreds of millions of switching cycles. They would be the last thing that breaks in a laptop.

But if you're so against moving parts, a hall sensor and a transistor would achieve the same result.

Or, you know, they could use a chip that they're already putting into the device (like the T2) and not have to use additional components. Same end result without the extra parts.

And an unknown and unknowable attack surface.

At least with the switch if the mic doesn't work you just check for magnets around it and that's it.

I'd argue the T2 chip is actually more secure than your method. Magnets can be removed. The T2 chip cannot. Not without rendering the computer unusable and the data irrecoverable.

The chip provides a hardware disconnect for the microphone, just like your idea. Except it's baked into the silicon instead of an additional large part in the body of the computer.

Regardless, if your attack model is "T2 chip is compromised", all bets are off. Worrying about the microphone would be the absolute least of your concerns. All your local and iCloud data can now be decrypted, your 2FA is compromised, so on and so forth.

The T2 chip and Secure Enclave provide the strongest security guarantees in today's computers and mobile devices respectively. I'm not worried about a compromise of the T2 chip, to be honest.

I'd argue the T2 chip is actually more secure than your method. Magnets can be removed. The T2 chip cannot. Not without rendering the computer unusable and the data irrecoverable

If someone can physically modify your laptop, you've already been hacked, T2 chip or not.

if your attack model is "T2 chip is compromised"

I think the more realistic attack model is "Apple enables the undocumented 'turn on mic while closed' feature that it was required to add through a national security letter that they can't talk about."

And then that secret hack is either discovered (or stolen) by other government.

Some repair shop or some repair guy could remove magnet for celebrity...

Why would that be more likely to fail than the lid-closed sensor which they are currently using for this application?

The lid sensor likely won't fail. What will likely fail is this T2 chip and/or its firmware. And it will fail in mysterious and unfixable ways.

> the lid could control the switch

Doing it on a chip sounds more reliable than adding a moving part.

And sounds more scalable too, if they wanted to start applying the same principle to other components like accelerometers, light sensors etc.

The point (it seems) of the T2 chip is that it's isolated from the main system and has far fewer opportunities for exploitation, while leveraging efforts already expended for the iPhone. In my mind the eventual goal of the T1 / T2 etc chip line will be to do everything for a Mac that an iPhone does—storage, webcam control and encoding, audio in/out, fingerprint reader, sensors, battery monitoring, power management etc—and then expose it all to the main system en masse.

And sounds more scalable too, if they wanted to start applying the same principle to other components like accelerometers, light sensors etc.

Is it easier the "turn off" signal from the T2 chip to each device to be turned off than it is to route the "turn off" signal from the lid closed switch/sensor to each device. Why does it have to pass through the T2 chip first?

But that would mean you can’t use the built-in microphone when actively using the computer in clamshell mode.

Is this not true with the current implementation, as well?

I am assuming that if the T2 chip is unlocked (the laptop is in use) then the microphone is still available.

If not, then you’re right it would be exactly the same.

[sarcasm="true"]bit-bangs the lid servo [/sarcasm]

What about a physical killswitch goes against Apple's design? The iPhone has always had a ringer/vibrate switch on its side since it was introduced. Obviously it doesn't do anything hardware-wise, but it's still a switch that disables some functionality.

That has a common use case of not wanting your phone ringing in a meeting.

People expect their computers not to listen to them when not actively using the mic. Your switch is the program that records you, a second is redundant and confusing.

It’s a part that when it fails is probably a motherboard replacement ($), and it fails often because people.

Almost all of Apple's security features are invisible and by default and don't get in the way. They're striking the balance between user experience and security.

Because you may want to configure it. I close my laptop when it’s attached to an external monitor. The mic should stay on in that instance.

That would defeat the purpose wouldn’t it? Malware would also configure it.

Malware doesn't have access to the T2. Presumably, the T2 is configurable separately from the rest of the hardware or anything else the system would have access to.

Unless specifics about the implementation are public, it's safer to say "...until it (malware) does have access to the T2" in response to your comment.

The Secure Enclave has been around since the 2013 and never was infected with malware and it was not for the lack of trying.

This might prevent Apple from eavesdropping on your microphone.

Extra physical switches on an Apple product?

So that they can trigger it to spy on you, duh

Why not just give users a physical switch to turn on power to the mic when they require it?

You don't need a chip for this. And to their credit Librem laptops have offered such a hardware switch for a while now (perhaps since they began selling laptops) with (as I understand it) no chipset involved.

Putting this functionality into a computer chip is ridiculous and unnecessary partially because there's no clear way for ordinary non-technical users to control that, and partially because this suggests that software (as I presume the software on this new chip will be alterable by Apple) can still affect whether the mic is hot. The headline "Apple's T2 chip will prevent hackers from eavesdropping on your microphone" should probably be interpreted to mean that Apple won't be prevented from listening in.

Camera access and wireless network access should also be physically disconnectable via a simple user-controlled piece of hardware which electrically disconnecting the on-board webcam and wireless network device from the rest of the system -- a slider or rocker switch. This too is something I understand Librem laptops offer but is uncommon elsewhere.

If your threat model includes "I don't trust Apple", then all discussion is moot. You could provide all the hardware killswitches you want. Apple could still design a way around them to get your data while the laptop is active.

Now, if you trust Apple, the T2 chip is perfectly secure for this use case. Apple claims this serves as a hardware disconnect baked into the silicon, in which case it is no different from a mechanical switch.

Finally, the whole argument about user control over various security features is interesting. I will say that Apple has, better than any other manufacturer, struck almost perfectly the balance between security and usability. Apple's software/hardware security does its job, does it well, and gets out of your way. Including 20 different hardware switches and 150 different security settings that mean nothing to the average user would not be in their design language.

It's all about your threat model. Perhaps yours is a bit too severe to use traditional consumer devices.

You're missing the point (as are the moderators, apparently): trust is a factor only when it comes to proprietary software. If you have to "trust Apple" to deal with Apple software, then you've lost any reason to trust them as they've already shown that they ought not be trusted -- both in principle (by distributing proprietary software) and in specific examples as per https://www.gnu.org/proprietary/malware-apple.html (only some of which aren't Apple's fault but merely run on Apple-made OSes, and some of which include bad business practices by Apple). Buying into claims ought not be needed and isn't needed except for proprietary software where such trust is apparently often misplaced. You can't tell if "the T2 chip is perfectly secure for this use case" because you don't know what runs on it. Apple claims a lot of things and one had good reason to believe Apple wouldn't, for instance, leave a remotely-exploitable vulnerability in iTunes unfixed for years after being notified about that vulnerability while governments exploited that vulnerability. But according to http://www.telegraph.co.uk/technology/apple/8912714/Apple-iT... that's what Apple did.

If Apple distributed free software trusting Apple wouldn't enter into the discussion. We could inspect what Apple distributed, we'd be allowed to change what we don't like about the software Apple distributed to us, and we could distribute improved versions of that software to help others. No need to buy into uninspectable code we're not allowed to change or distribute further.

And the answer to the question you didn't answer which the original poster asked -- do you need a chip to do this task -- remains "no". Purism's hardware is proof by existence. With Purism's hardware switch there's no software involved to accomplish this feature and they (as far as I know) distribute a free software distro called "PureOS" (a GNU/Linux system) which also happens to have earned an FSF-approved distro entry.

You can't patent a dumb physical switch. That and the fact that the tech industry has moved so far away from even caring about users problems that it's now busy devising cool new solutions to the problems it created for them.

Seriously, putting cameras and mics in every device and then creating web browsers which potentially have access to them at all times? Yeah, I'm most worried about what happens when I close the lid.

Because a physical switch would actually provide security. /s

Any bug or future exploit negates this feature.

I have the feeling this was just done because it was possible and then the marketing team found out about it and decided to make a big deal out of it.

So someone from Apple engineering built the T2 chip on a whim, never communicated it to senior management and then marketing accidentally stumbled upon it and then decided to suddenly promote it.

Words don't describe how delusional this is.

This only protects when the lid is closed, but many people leave the lid open on their desk.

I would love to see a light come on if the camera or microphone is receiving power, and then only turn on power to these devices when a program requests it.

The camera already functions this way. The light is connected to the actual power of the camera and cannot be disabled unless the camera is also disabled. The microphone, to my knowledge, doesn't function like this but I don't think it makes sense for it to function like this as the microphone doesn't really need power outside of what's provided to the amps and DACs inside the machine. It would be too easy to work around. Any membrane capable of vibration would be able to be used as a microphone, including the laptop's speakers, so it'd be more work for little gain.

> The light is connected to the actual power of the camera and cannot be disabled unless the camera is also disabled.

This was proven false when malware was discovered that accessed the camera on Mac laptops without activating the LED light. It's mentioned in the article.

The reasearch to prove that vulnerability was done on Macs made up until 2008 if I’m not mistaken. It’s not clear if that attack is still possible.

Which Macs still have a light?

I believe they all do, but I haven’t been able to find a document to confirm that.

The article TechCrunch links to, about Patrick Wardle’s research on the FruitFly malware, actually never mentions defeating the webcam LED: https://www.zdnet.com/article/new-analysis-fruitfly-mac-malw...

It’s possible that Wardle’s Black Hat paper does, but the link doesn’t back up the assertion in the TechCrunch piece.

This was not proven false. The malware that was discovered only affected iMacs and MacBooks from 2008 and prior when the light was not directly connected to the camera's power. That didn't happen until early 2009.

Am I the only one who has tape over my laptop camera? (Specifically a peppa pig sticker)

I bought these for all the laptops being used by my family. Especially useful when you are in a group video conference and you need a quick and foolproof way to blank the video.


I have an EFF sticker specifically for this.

> I would love to see a light come on if the camera or microphone is receiving power, and then only turn on power to these devices when a program requests it.

Isn't the microphone a simple passive device no different than a voice coil in a magnetic field? I don't think it's that simple, since it won't be powered.

My understanding is that there's often a reconfigurable circuit in the sound chip which determines where the lines in and out are routed. So even if you've physically disconnected the microphone, but left internal speakers connected, it's possible to turn the speakers into a microphone via software alone.

There's at least a pre amp and a d/a converter that the mic needs to have powered up and running before any of it's signal can be used by the rest of the computer.

Which will all be inside an IC, away from the microphone.

So what, does the light turn on whenever the entire IC sees power? Because if it relies on a signal from within the software-controlled IC, that's not exactly trivial to audit.

The trivial solution would be a LED + resistor just wired across the mic's power rails.

When the microphone is a passive connected to a multifunction IC there's no such power rail.

Most laptop mics are condenser electret mics which usually use a small dc current, although not always.

Not the last time I went down this road hardening a Thinkpad, see Step 6 at [1] (not my site). I haven't bothered with any smartphones yet, so I can't speak to what they tend to use for a mic. But if I carried one I'd definitely rip out all the voice coils and rely on a pair of headphones w/integrated mic for voice comms to mitigate potential for eavesdropping.

[1] https://blog.patternsinthevoid.net/replacing-a-thinkpad-x60-...

When replacing the lightning assembly on my iPhone 6, I noticed that the microphone looks passive. Here’s a photo[0]; It’s the little bronze(?) square next to the headphone jack.

[0]: https://www.ifixit.com/Store/iPhone/iPhone-6-Lightning-Conne...

The only reliable way to prevent eavesdropping is to physically break continuity of all voice coils in the device.

Entrusting a black box chip to do this on your behalf is more risky than there being a physical kill switch somewhere which all the voice coils pass through.

There's certainly going to be a way for the chip to be told via software to reconnect the coils, though you may not know how yourself.

I think we’re finally at the point where hardware isolation is a standard part of our defense in depth, just like ASLR and W^X. I’d like to see these exposed in more consistent ways to software. T2 should be able to provide U2F, it’s too bad it doesn’t.

Apple was part of the NSA PRISM program. Has that changed? I mean other than unverifiable marketing speak about valuing customer privacy? On one hand this could be a legitimate privacy feature or it could also be an elegant cover story for a covert channel to the PRISM inbox. Most of the non-tech people I speak with trust their phone manufacturer implicitly (even after PRISM).

We've come so far in our exchange of privacy for convenience, creating a surveillance nirvana... for those with access.

1) Fingerprint scanners 2) Facial scanners 3) Retina / iris scanners 4) Voice recordings, voice assistants. 5) GPS tracking (on IOS Google Maps defaults to knowing location even when the app is not in use).

It appears beautifully programmatic / orchestrated.

Thats my problem with Apple. They are at the end of the day an American company. My bank is legally not allowed to sell my transactions history. Apple just promises that they won't but nothing stops them from changing their mind.

I recently learned that LEDs can be used as light sensors if connected to an ADC. I wonder what other mechanisms there might be to capture sound that a determined adversary (i.e. government organisation) might use. While speakers can certainly be used as microphones, I doubt they'd be connected to an ADC so probably won't be useful, but what about the multitude of other sensors?

> While speakers can certainly be used as microphones, I doubt they'd be connected to an ADC so probably won't be useful

In most modern PCs with two audio jacks software will ask you what kind of device you just connected and reconfigure the sound chip to treat it as input or output. I wouldn't be surprised if clever software was able to convince Apple hardware to treat the built in speaker as a microphone.

That hardware capability is exploited in the following paper, if you want to know the details:

Mordechai Guri et al. (2016) 'SPEAKE(a)R: Turn Speakers to Microphones for Fun and Profit'.


By Mordechai Guri, Yosef Solewicz, Andrey Daidakulov, and Yuval Elovici.

I'm getting access denied on that link. Do you have a mirror?

I was able to read it on Arxiv: https://arxiv.org/pdf/1611.07350.pdf

I'm shocked at how many defenders pop up here for a proprietary chip that cannot be audited. Sure, this hardware/firmware combo might be safe. It also might be terrible, but no one on this thread actually knows either way. It is also vulnerable in ways that a magnetic lid switch would never be. The T2 is the single most important attack target (for desktops) now for large budget attackers. I wonder how long until the HN headline reads T2 vulnerability found.

Was also slightly bemused. Especially the comments saying a physical switch is too expensive?

An inlaid switch would cost a few cents and apart from physical tampering will always work. With Apple's design skills I doubt many would even see it.

People who boldly guarantee a products security are doomed to relearn history.

> will always work

Unless the user forgets to use the switch. Cue the XKCD comic about $5 wrenches breaking strong crypto.

The deeper philosophical question is whether to build, to quote the Arch Way, user-friendly or user-centric products (and, consequently, security). It should surprise nobody that Apple values user-friendly design over user-centric design.

Fwiw I also would prefer an inlaid physical switch.

I'm waiting for a paper to come out discussing the use of the accelerometer or gyroscope to record audio.

Several of these already. Here is one from 2014, https://crypto.stanford.edu/gyrophone/

Seem to remember an impressive one from this year using modern deep learning, but could not find it now.

Using MEMS Accelerometers as Acoustic Pickups in Musical Instruments - https://www.analog.com/en/analog-dialogue/articles/mems-acce...

With the additional privacy features added to their phones and notebooks, how much of it actually is just a marketing gimmick? It's not something Google cant compete with directly (Microsoft could, if they cared), but it's not something they've actually.. well, marketed. It could be a major selling point, so why dont they advertise it? Something's fishy.

A bit tangential, but if you want to track when programs are recording audio or video you should try out OverSight [0]. Although, since it's just software it's possible it can be bypassed by direct attacks, and it can sometimes fail to detect which program is accessing the webcam or microphone. Even with those limitations I still think it's better than nothing.

Micro Snitch [1] is another alternative, although it's more limited in its functionality since it doesn't try to detect what program is accessing your webcam or microphone. It also costs $3.99, while OverSight is free.

[0] https://objective-see.com/products/oversight.html

[1] https://obdev.at/products/microsnitch/index.html

While I'm glad this is the case, if my computer is compromised to the point where I can be spied on with the webcam/microphone, I'd be far more worried about my entire photo library, web browsing history, message history, email history, bank credentials, etc. being exposed.

When are we going to get projection against unauthorised USB devices when the workstation is locked (ie, I'm away from my computer and a nefarious actor inserts a USB device) similar to the recent iOS 12 improvements?

When workstations stop needing USB keyboards connected to unlock them?

so this means I cant use my mic when my computer is closed and hooked up to an external monitor?

this use case is actually quite funny and probably one day a reason for there being some bypass for this functionality which can be exploited/utilised :X most governments still demand LI capabilities after all....

Congratulations Apple for implementing the spst switch in 7nm with 23 million transistors.

The T2 is used for:

- image signal processing

- an audio controller

- a mass storage controller

- a dedicated AES engine for encryption.

- secure enclave for touch id

Jeez, sounds like the T2 is prime to be merged into systemd.

Someday we'll find that the image processing function has a bug that lets you control the microphone when you open some stupid meme. Great separation of security

Running on the same chip does not mean that there’s no isolation. The T2 has an ARM core with an MMU, different processes can be isolated from one another as well as you can on ordinary OSs. Given that you can’t load software on the T2 you’d have to find some remote hole and then do local privilege escalation.

And still certain things will be impossible, even if you control the software on the T2, because there is no hardware access to e.g. read the encryption keys, from what I understand.

Phew, that's a solid model! No software ever had both remote holes and local privilege escalation!

Sarcasm aside, this is part of a strategy called “defense in depth”, the general idea is that no part of your system can be completely secure so you add different types of layers to your security just to make it more difficult for attackers.

Since the T2 does not need to run user software there are additional options available to make it more secure which are not available for ordinary CPUs. For example, you could completely prevent executable code from being loaded without resetting the chip.

What do you want instead? You seem to be pushing for hardware isolation and when Apple goes and does that, putting encryption and a few other features on its own chip designed to be more secure than the CPU, that's not a good thing?

thank you. :') these let's put things that parse complicated file/data formats along side security features is just asking for trouble! :D

That is truly impressive

I just unplugged the microphone, and camera from my macbook pro retina's motherboard. I don't use the camera often and I use the microphone on my earpiece so I don't miss it.

This begs the question: how prevalent was mic spying prior?

Why knew it was or could or might be happening, but at what scale?

We don't commonly have figures on that, however the combination of proprietary (non-free, user subjugating) OS and application software plus built-in camera/mic hardware doesn't bode well for one's privacy.

What about when the gov. is the hacker ?

Why would this change anything? Presumably there would be an easier way to listen to you if this was the case.

Indeed, they'd just listen to you using the smartphone or landline/VOIP phone sat on the desk next to your computer instead.

Could the iPhone ringer switch be aftermarket rewired to disconnect all iPhone microphones?

Potential project for Strange Parts. If anyone could do it, I'm sure he could.

I'm really wondering if there even was 1 customer request for this.

My company (major telecom) literally gives away camera covers. Surely they'd do same for mics if there was a convenient cheap way. There's plenty of rumors about mics & cameras being commandeered by hackers & secret agencies.

Apple gets ahead by actually securing mic access. Lots of people want it.

Rip the mic out

Plug in USB mic when you need one.

Sure thing...

Tell that to toushands of employees of fortune 500, that don't care one bit about security, as it's not their responsabilty.

They will plug the USB mic and that would be it.

It even goes in the bag with the ports plugged in if it has space.

As though $BIGCOMPANY would approve of people tearing laptops open to tear out hardware. Or $JOEUSER could do without voiding the warranty, assuming he had a clue how.

Camera covers yeah, but mic?

Video may be embarrassing, audio more likely actionable.

Perhaps they became aware of an attempt to attack the microphone in this way.

Is there any other hardware running when the lid is closed?

RAM must continue to be powered. Your network card as well, for remote wake up on network activity. Bluetooth can also be configured similarly. On older computers with HDDs, it is also configurable whether those HDDs are turned off when the lid is closed.

Of course this is just assuming you keep the default of closing the lid => computer goes to sleep. It is possible for some Macs to keep running while the lid is closed, so basically only the display is not powered. It is also possible for some Macs since Mavericks to actually have most of the kernel running to perform background tasks, called Power Nap.

Closed-display mode: https://support.apple.com/en-us/HT201834

Power Nap: https://support.apple.com/en-us/HT204032

There is. For example you can leave your phone plugged in and it will continue charging on a macbook, even with the lid down and machine turned off.

Macbooks can't even hibernate to a complete shutdown. If you remove the battery, you can't cut out the power supply without the laptop rebooting. I.e. the ‘sleep‘ has the hardware running, waiting to pick up where the system left off.

What about a hardware switch? You know, a mechanical switch, like the one already used to detect whether the lid is closed? Besides, I also want the mic disabled when my laptop is open...

There's no mechanical lid switch.

Or they could do, you know, a simple $0.10 on-off slide switch.

And then they would have to endure 10 million support calls from users who didnt know they disabled the switch and cant make skype/facetime calls.

The presumption that nothing can ever be done, whether right or wrong, is at the very least, discouraging.

The number of people want this is ridiculously small, plus quite ugly.

Ugliness is subjective. Where do you get the data to back up the claim that "the number of people [who] want this is ridiculously small"?

Why is it so hard to believe the headline?

Has Apple security record on electronics been ever broken? I don’t think so. If there is an exploit yet, at least it’s not publicly known and no-one has seen it for sale on the black market, so it would be in the millions. I’d say Apple is trustworthy as far as I’m concerned, perhaps not trustworthy enough if the threat model is Hillary-level politics, but trustworthy enough for a billion dollars business.

>Has Apple security record on electronics been ever broken

Absolutely. It was possible to trigger the mic/camera on older Macbooks without turning on the green LED. This led to people being spied on without their knowledge (by script kiddies, not nation-states). More recently, there's the unlocking of the San Bernardino shooters' iPhones.

None of those devices have TPMs like these.

> Has Apple security record on electronics been ever broken?

Literally every model of iPhone ever released has been "jailbroken" if that's what you mean. Including of course multiple re-jailbreaks per model when Apple patched the original exploits.

There's an argument that the secure enclave is unhackable, although there have still been ways around it up until very recently (is it finally 100% secure or have the new exploits just not been discovered yet?)

I prefer to work on the assumption that no hardware / software can ever be 100% secure.

Many times, but usually patched. Thunderstrike USB exploit comes to mind.

Because you know that the technology to physically disconnect a microphone when a lid is closed is extremely simple, and doesn't require a computer chip that is impossible for the user to audit.

If you don’t trust Apple and you’re using Apple hardware you have bigger problems than the mic.

Your own biases?

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact