How hackers and eavesdropping software snoop on your conversations: Internet Scambusters #725
As more computer and mobile apps acquire the ability to respond to our voices, the potential threat to our privacy increases and listening turns to eavesdropping, or even spying.
In this week's issue, we explore microphone usage on our devices, ranging from benign Skype calls to dangerous hack attacks.
And we'll give you five tips on what you can do to eliminate or reduce the dangers of abuse.
Now, here we go...
How to Block Microphone Eavesdropping
Is the microphone on your computer, tablet or smartphone eavesdropping on your conversations, even when you're not using it?
During the past few years, reports of devices and programs listening in to nearby conversations have repeatedly surfaced.
At the same time, numerous devices, apps and even hackers are known to have the ability to switch your mic on when you're using your device, both for legitimate and dubious purposes.
Obviously, there may be plenty of occasions when you need and want to use the microphone -- making Skype-type voice-over-internet calls, for example, or using built-in virtual assistants such as Siri (Apple devices), Cortana (Windows) and Alexa (Amazon).
Then there are programs like speech-to-text, voice recognition software, and apps that let you instruct them instead of using your keyboard. Even Google's Chrome browser has the ability to act on voice commands -- if it's switched on.
Provided you're in control of when your mic is active and that whoever (or whatever) is listening in is doing so because you invited them is all well and good.
But that's not always the case. Sometimes you don't realize your microphone is on -- you may even think you switched it off -- and sometimes people are listening in for questionable purposes.
For instance, computer users have, from time to time, reported speaking words in online conversations that subsequently seem to trigger pop-up advertisements on certain web pages and social media networks, though these claims are usually denied.
It has not always been clear to what extent some legitimate apps, like Microsoft's Cortana, gather information about what you're saying, leading to genuine privacy concerns.
And, on the other side of the law, hackers have demonstrated how they can trick their way into computers and smartphones to switch on microphones without users being aware.
A couple of years ago, computer security firm Panda identified spyware that could switch on a phone's mic, identify where the device was located, record conversations and track the user all day.
This sort of eavesdropping goes hand-in-hand with illegal or questionable remote accessing of web cameras, which we reported on in an earlier issue, Webcam Safety Threatened by Crooks and Spies.
There's no better evidence that the risk of this spying is real than the recent publication of a photo of Facebook founder Mark Zuckerberg, whose laptop, in the background of the photo, was seen to have tape placed over both the camera and mic.
You can usually tell if your camera is in use because most of them have a tiny light next to the lens that switches on with the camera. But with a microphone, there's generally no visible signal.
It's also reportedly possible in some circumstances for headphones and even speakers to be used to collect conversation, even when a microphone is turned off or disconnected.
It's all this uncertainty over whether, how and why speech is being eavesdropped that creates user concern.
So, what can you do about it?
While we can't guarantee to make you soundproof, there are a number of key actions you can take to minimize the risk of being overheard or recorded, or of your microphone being activated without your knowledge.
Here's a quick rundown:
* Learn how to manually disable the microphone setting on your device, or search out software that will do this automatically for you. Then, disable the mic when you don't need it.
* You can also physically disable a microphone by plugging a cheap, wired mic into the microphone extension socket and then snipping the wire. The extension is activated as the default input source but there's no microphone.
If you have a combined headphone/mic outlet, you would need a combination headset and again, snip the wire just below the microphone.
(Note, however, that hackers may be able to switch your default setting back to the built-in microphone.)
* When installing programs, especially smartphone apps, check if they require access to your mic. Many apps will request permission, at least during first use. Deny it unless you're really going to need it.
* For programs and apps that are already installed, use their "settings" feature to check if they can access the microphone, or check the "microphone" or "privacy" listing in your settings.
For example, if you use an iPad or iPhone, visit settings/privacy/microphone to see which apps use your mic.
The same sequence in Windows 10 will perform the same task, with the ability to switch off the microphone altogether or to deny access to individual apps.
Search online for how to do this on other devices.
* Keep your Internet security software up to date to keep hackers out or to alert you when programs behave suspiciously.
By the way, tests suggest that Mark Zuckerberg's attempt to limit microphone access by using masking take doesn't work. It might muffle the sound but it probably wouldn't keep the eavesdroppers out!
Alert of the Week
Do you have an outlook.com email address? If so, beware of a message from "Outlook Administrator" that arrives in your inbox with the subject line: "Microsoft account unusual sign-in activity."
The message goes on to warn:
"We detected something unusual about a recent activity to the Microsoft account. To help keep you safe, we required an extra security challenge. You will need to verify your Microsoft email account below to confirm that the recent activity was yours and to regain access and enjoy our unlimited service."
It's quite a convincing phishing attempt to get your Microsoft sign-on details and, although the scam has been around for a while, there's been a resurgence in recent weeks.
That's all for today -- we'll see you next week.