In this article:
In State of surveillance, Edward Snowden explains the real danger behind cellphones spying, notably the fact that such form of spying provides access to information you precautiously never stored in any electronical device.
It also demonstrate how to take appart and remove the camera and the microphone from a cellphone. Is going this far really necessary? Are there any revesible or more convenient ways?
While IMHO using some black electrical duct-tape should be enough to blind a camera in most situations, things gets more complicated with the microphone but we still have several possibilities.
The most well-known and most effective solution is to physically destruct (drill) or remove (desolder) the microphone: no microphone anymore, no malicious way to use it. An external microphone can then be plugged whenever required (earphones for instance in the case of cellphones).
Be aware however that certain devices (in particular cellphones and tablets) may contain several microphones working together (mainly used to attenuate background noise): you must be sure to not miss any of them.
The iFixit website is usually a great place to find teardown videos, unmounting instructions and even vendor specific tools and parts for various hardware including cellphones and computing devices.
Alternatively, you can contact a repair service to do the job for you. Joanna Rutkowska, founder of Qubes OS (a privacy oriented Linux distribution), went this route to remove her iPhones microphones and front camera:
- Ask an Apple service shop to do it for you,
- Restore firmware yourself,
- Verify mics/camera don’t work indeed.
But apart from the actual microphone(s), researchers have found that mobile devices gyroscopes (which do not even require any authorization in the case of mobile apps) can also be used as low quality microphones. So, the “no microphone, no audio spying possible” adage may not be completely true.
As recommended at the end of this article, this is most probably the easiest way to get an easily reversible deactivation of the microphone. All you have to do is simply cut the plug from some old microphone or earphone and put it into your device to disable the main microphone, just unplug it and the microphone will be back.
However, do not assume that while this requires a physical action on your side this means that the microphone will be physically disconnected. I remember old issues when running Linux on some laptops where plugin in earbuds would not deactivate the laptop’s main speakers: sound would be diffused through both the earbuds and the main speakers. This means that some action had to be done at the software level in order to mute the main speaker when an earbud plugged-in event is triggered.
I cannot exclude that the same rule also goes for the microphone. Depending on the device, plugin in a dummy device may indeed physically disconnect the main microphone(s), or the main microphone(s) may still remain reachable at a low level.
Nevertheless, this should still be efficient notably against spyware relying on the device’s standard audio stack and against cellphones’ hidden automatic callbacks which, IMO, are the most common threats.
Low level attacks are more in the realm of targeted attacks, and if you are a high enough target to justify such investment from the adversary and it turns out that your devices are affected by low level malware (or you assume so by default, which may be wise in such circumstances), then your balance should go toward more toward drastic measures than convenience and physically removing microphones may be appropriate.
The most documented entry point for the attackers remains at the software layer, whether by exploiting some flaw or manipulating the user into running malicious code.
Hardened desktop computing platforms (mainly Qubes OS and to a lesser measure the newcomer Subgraph OS in the FOSS realm, Polyxene in the proprietary realm, there may be other) strongly isolate software from the hardware. There is no real equivalent on mobile devices, as their low-consumption CPUs do not offer virtualization feature yet, however there are early ongoing projects integrating LXC into Android which seems to be a very promising first step.
On such systems, in order to reach the microphone a malicious software has to be able to escape the containment system and build a covert channel through it. This provides a good protection level even against targeted attacks.
However, in case of a high value target, chances are that the attacker will just try to bypass the whole operating system at once and directly reach the lowest and most privileged layers by taking advantage of:
- The Intel Management Engine (and its AMD equivalent) on computers,
- The baseband firmware on cellphones.
As far as I know, there is no real solution to these threats.
For computers: older computers do not come with Intel Management Engine and using libreboot allows to disable it on pre-2009 computers, but there does not seem to be any solution on recent platforms except using specific hardware as discussed in the following section.
The osmoconBB publishes a free implementation of the GSM stack to replace the opaque default one, but AFAIK there is no other project going any further.
On their Hardening Android for Security and Privacy, the Tor development team launched a call years ago for devices where the baseband hardware would be effectively isolated from the rest of the device but with no real luck.
A few projects aim to find solutions in order to provide platforms as trustworthy as possible to their users, allowing to have a real control on the hardware behavior.
For the computers:
The Purism company (clearly a pun on NSA’s PRISM project) builds laptops and tablets with a specific focus on privacy (by the way their Librem 13 model is the first officially Qubes-certified laptop). One of their originality is to equip each one of their product with hardware switches allowing to physically disable the camera, microphone, WiFi and Bluetooth. However, they still seem to run on CPUs enforcing Intel Management Engine (an Intel Core i5 in the case of the Librem 13).
Crowdfunded projects like the EOMA98 (also featured in Linux Magazine) try to create the most open platform as possible. This one especially is interesting due to the care taken in choosing the components, most especially the CPU. Such project rely on low-consumption CPUs, which does not provide the same computational power and cannot run a hardened desktop OS like Qubes OS (see the “Software isolation” part above, the limitation are the same as for mobile devices)… for know, since things are moving very quickly in this area and I don’t see why open hardware would not follow the same path than open software (being optimistic, I would say that bugging their own CPUs was probably the nicest present Intel and AMD could have made to their competitors).
For the cellphones:
There are comparable projects on cellphones side, like the Open hardware Cellphone which rely on the Adafruit Fona cellular phone module, but as stated above you remain stuck with GSM with no concrete future plan to go beyond this. Moreover, while the hardware itself is open I am not sure at all that this module’s firmware is open source (?), in which case it would solve absolutely nothing regarding the network baseband module trust issue. However, such device would still give the opportunity to have a better control on the microphone (and camera whenever you add one), for instance by adding a switch like the one equipping Purism computers.
Mike Perry from the Tor project has written and maintains a guide on Hardening Android for Security and Privacy. In its current shape it is described more as a proof-of-concept due to usability issues, but it still provides a wealth of information. Fundamentally, due to the lack of proper isolation between the network baseband module and the rest of the cellphone, the idea is to use two devices:
- A WiFi-only tablet with no cell network support and optionally the microphone removed (this is actually only to address a potential software exploitation now, since the microphone is effectively out of reach of the cellular network).
- A separate cell modem device providing WiFi access for data services only.
- Use VoIP (or whatever you like, as long it is data) on top of that to communicate.
Practical security is mostly a matter of balance between pure security and convenience. As always, the exact good answer heavily depends on your actual needs and threats you are really facing, but to give an idea:
For high-profile targets (I mean life or death issues, not a teenager downloading some warez ;) ), I would feel more comfortable with a solution relying on specific hardware whenever possible (ie. when such solution, which are still in their infancy, suits your needs), otherwise on physical modification of more common hardware by removing the microphones and putting some black electrical duct-tape on the cameras.
For privacy-conscious users, unless their geeky part push them to actively participate in the open-hardware move, using low-level software isolation on computers, a dummy plug in the cellphone and some black electrical duct-tape on each camera should be sufficient to quickly and easily provide a good level of privacy without really sacrificing convenience.
Article based on a StackExchange answer.