Boffins build microphone safety kit to detect eavesdroppers

TickTock mic lock won't work on Apple

Scientists from the National University of Singapore and Yonsei University in the Republic of Korea have developed a device for verifying whether your laptop microphone is secretly recording your conversations.

The researchers – Soundarya Ramesh, Ghozali Suhariyanto Hadi, Sihun Yang, Mun Choon Chan, and Jun Han – call the device TickTock. That may suit a lab project but would obviously invite a trademark lawsuit from a similarly named social media company were commercialization ever considered.

The mic-monitoring gadget is described in an ArXiv paper titled, "TickTock: Detecting Microphone Status in Laptops Leveraging Electromagnetic Leakage of Clock Signals."

Citing the increase in remote privacy attacks on laptop computers for surveillance, the five co-authors observe that while defenses have been developed for laptop webcams – e.g. a piece of tape, as favored by mark Zuckerberg – there's no analogous sound-blocking barrier to prevent surreptitious listening. Their solution amounts to a side-channel defense.

Laptop makers, they point out, have taken steps to make malware-triggered mic activation more evident or impossible. Apple, for example, has a hardware disconnect for recent laptops that's designed to disable the mic when the lid is shut.

Dell in 2020 added drivers to Linux to provide mic and camera privacy. Both Windows 10 and macOS 12 show visible indicators of mic activation, and third-party privacy software did so previously. And Purism has a hardware kill switch for the mic and camera on its Librem 5 USA phone.

The researchers contend these approaches have shortcomings.

"First, these solutions require users to trust the implementation of the laptop manufacturers or the operating systems, both of which have been compromised by attackers several times in the past or that the manufacturers themselves could be malicious," they state in their paper. "Second, these solutions are incorporated in only a small fraction of devices, hence most current day laptops do not have a way to detect/prevent eavesdropping."

Some work needed...

TickTock as a prototype consists of a near-field probe, a radio-frequency amplifier, software defined radio (SDR) and a Raspberry Pi 4 Model B. The researchers envision the device's final form will be similar to a USB drive, one that can be placed next to, or clipped to, a laptop to alert the user to any change in the device's mic status.

TickTock, they explain, relies on the fact that digital MEMS microphones on commodity laptops emanate electromagnetic (EM) signals when active.

"The emanation stems from the cables and connectors that carry the clock signals to the mic hardware, ultimately to operate its analog-to-digital converter (ADC)," they explain. "TickTock captures this leakage to identify the on/off status of the laptop mic."

Creating the mic status sensor required overcoming several challenges. One is that the frequency of the mic clock signal differs depending on the audio codec chip in a given laptop.

Another is that the area of the laptop that will leak the strongest EM signal differs based on how the device was wired. And finally, captured EM signals include noise from other circuits that needs to be filtered out to prevent false positives.

The end result was fairly successful, apart from on Apple's hardware. "Although our approach works well on 90 percent of the tested laptops, including all tested models from popular vendors such as Lenovo, Dell, HP and Asus, TickTock fails to detect the mic clock signals in three laptops, all of which are Apple MacBooks," the boffins state in their paper.

They speculate that the MacBook' aluminum enclosures and short flex cables attenuate the EM leakage to the point no signal can be detected.

TickTock had less success against 40 other devices, meaning smartphones, tablets, smart speakers and USB web-cameras. There, it managed to detect a mic clock frequency in 21 out of 40 devices.

The researchers say this is likely due to the usage of analog rather than digital mics in some smartphone models, to the lack of power constraints in plugged in mic-equipped hardware like smart speakers, and to the way in which small form factor hardware relies on shorter wire lengths that reduce EM emissions.

The researchers say they hope to extend TickTock so it can sense access to other device monitoring mechanisms like cameras and inertial measurement unit sensors. ®

Similar topics

Other stories you might like

Biting the hand that feeds IT © 1998–2022