Home page logo
/

pen-test logo Penetration Testing mailing list archives

Re: Covert Microphone Application
From: Matt Burnett <marukka () mac com>
Date: Fri, 28 Jul 2006 06:46:53 -0500

every laptop ive taken apart that has had a built in mic, has had a associated mic cable. Is taking apart a laptop a difficult task for a IT professional? Yeah you could epoxy the mic holes, but there are plenty of other holes in the laptop which would allow sound to travel to the mic. And if your really worried about this, you can burn out the mic part of the sound card by breifly attaching the mic cable to the 12V supply.

On Jul 27, 2006, at 10:03 PM, Ralph Forsythe wrote:

On Thu, 27 Jul 2006, Matt Burnett wrote:

Wouldnt it just be a lot easier for you or your boss to disconnect the
microphone cable than going though some elaborate scheme to prove it
could possibly be done? If they can "ruled" any laptop at will then
couldnt they also get into your mail servers? Wouldnt anything that
would be discussed in your meeting generate followups in a email?

How are you going to disconnect the microphone cable when there isn't one? The mic is built into the laptop - you'd have to take the thing apart. As an alternative, ram a bunch of epoxy in the mic hole(s); that would pretty much muffle any noise it might record, IMO.

As for the task at hand, very easy as others have pointed out. Lots of ways to get into the system, especially in a corporate environment where remote access is often enabled for tech support purposes. Bear in mind you not only have to worry about people gaining access from the outside (which hopefully your network is secured against), but also an employee looking to do something bad - particularly one with privileges for remote access or ability to physically access the machine. Given that this *is* a conference room, uncontrolled physical access at some point is likely unless this laptop always travels with someone.

There isn't a real good way to secure the network connection itself that wouldn't be easily bypassed by anyone with physical access to the laptop, and given that pretty much any modern laptop will have a microphone on it, I think epoxy or fun with a set of screwdrivers is the only sure bet - of course, this assumes someone doesn't bring their own machine into the room for a meeting, as people very often do (even more often if you have wi-fi access in there).

I just don't see any unequivocal method of making sure you're secure against this, unless you switch it to a desktop PC with no microphone port and ban laptops from entering the room. And then we get to the risk assessment and threat/vulnerability vs cost determination, which is really what will define how far you're willing to go with this. Of course someone can always stick a mic into the celing, or rig up any number of other eavesdropping methods, so short of conducting meetings in a secured underground bunker, you will have to live with the potential. However you're most definitely going to get a new laptop out of the deal, so run with it!

Someone else remarked that we can't assume this system is even connected at all. Actually it's a pretty logical step, since the original statement said "shiny new internet laptop". If it can surf the web, it's connected at least some of the time. Not a huge leap of faith on that one...

- Ralph

On Thu, 27 Jul 2006, Matt Burnett wrote:

Wouldnt it just be a lot easier for you or your boss to disconnect the microphone cable than going though some elaborate scheme to prove it could possibly be done? If they can "ruled" any laptop at will then couldnt they also get into your mail servers? Wouldnt anything that would be discussed in your meeting generate followups in a email?



------------------------------------------------------------------------------
This List Sponsored by: Cenzic

Concerned about Web Application Security? Why not go with the #1 solution - Cenzic, the only one to win the Analyst's Choice Award from eWeek. As attacks through web applications continue to rise, you need to proactively protect your applications from hackers. Cenzic has the most comprehensive solutions to meet your application security penetration testing and vulnerability management needs. You have an option to go with a managed service (Cenzic ClickToSecure) or an enterprise software (Cenzic Hailstorm). Download FREE whitepaper on how a managed service can help you: http://www.cenzic.com/news_events/wpappsec.php And, now for a limited time we can do a FREE audit for you to confirm your results from other product. Contact us at request () cenzic com for details.
------------------------------------------------------------------------------


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault