Although he was raised a good Linux boy, my son likes to use a variety of insecure operating systems to keep in touch with his bad-influence friends. Sometimes he leaves creepy chat programs running with a live mic while he is AFK. I’ll hear some faint high-pitched noises and realize it’s a gang of squeakers coming through his headphones and everything I say has, unbeknownst to me, been broadcast to their little party. Come on, I know normal people seem to welcome the Stasi, but having your private conversations piped to random adolescents? Am I the only one this bothers?
Being the curmudgeonly old man that I am, I have set up his computer so that I can now easily yank out the microphone plug on his headset. Even if my son isn’t around, I always do this if I’m going to power up that machine, even if I’m logging into my own account with a secure OS. My main desk computers very deliberately have no microphones. When my son leaves his iPhone lying around at night, I treat it just like James Bond treats a KBG planted surveillance listening device he finds. I have been known to wrap this noisome iPhone in conductive foil and then in a pillow.
Call me silly, but some privacy is important to me.
Today’s topic is this interesting question. If I notice a pair of headphones plugged into the microphone jack, would I worry about that? Obviously something is physically misconfigured, but would I flag a privacy threat based on that configuration? I think I would because I well know that microphones and speakers (including headphones) have very little structural difference and can be repurposed to do each other’s job. But that’s a weird hypothetical situation, right?
Turns out no. It turns out that certain Realtek audio chips have a feature (?) where the jacks can be reconfigured in software. This means that what you think of as the output jack can be reprogrammed as the input jack. Now, given the right malware, the situation could easily be as described above with the headphones plugged into the microphone jack. Of course, nothing would seem or even be misconfigured physically.
Can people listen in on ambient conversations in your room through an ordinary pair of headphones with a compromised computer containing this Realtek chipset? The answer, of course, is yes.
The computer I’m sitting at now has a pair of earbud headphones plugged in and lying face up on the desk. I hardly ever use them. I have the Intel 8 series chipset but I can’t really tell from the datasheet if retasking is supported. However, I think it’s best to assume so. Unlike the datasheet, this Intel HD Audio description of enhanced features is in plain English and says this.
Intel HD Audio also provides improvements that support better jack retasking. The computer can sense when a device is plugged into an audio jack, determine what kind of device it is, and change the port function if the device has been plugged into the wrong port. For example, if a microphone is plugged into a speaker jack, the computer will recognize the error and will be able to change the jack to function as a microphone jack. This is an important step in getting audio to a point where it "just works" — users won’t need to worry about getting the right device plugged into the right audio jack.
I actually have thought of cutting off the main body of a 3.5mm stereo plug and using it to short out the mic jack on my laptop with the hope of disabling the internal mic. But I can see that strategy has even more problems than I originally thought.
If you have accepted the built-in microphones in smartphones and laptops always listening to everything you say in the privacy of your living room or car, this news will probably not increase the stink of surveillance in your life by a noticeable amount. If however you have taken great pains to not let that stink permeate your life, this feature will smell pretty bad.