There have been so many advances in technology over the past decade it almost feels like we’re living in a futuristic world.
Some modern technology used to live in the world of science fiction, only to be seen on the big screen. When I was a kid, I could only dream of one day owning a communicator like Captain Kirk had on “Star Trek.” Now, we have smartphones more powerful than Mr. Spock could ever have imagined.
But, with the good, sometimes comes the bad.
One downside to many innovations is the loss of privacy. You’d be surprised to find out some of the gadgets that allow scammers to spy on you.
That’s why you need to know about these three things that could be spying on you right now.
Cybercriminals are always looking for new ways to pull off a scam. Now, it looks like our headphones are not even safe.
A team of security researchers from the Ben-Gurion University has demonstrated that it is entirely possible to hijack a pair of garden-variety headphones and use them as spying devices.
Their proof-of-concept malware called “Speake(a)r” exploits the headphone jack “retasking” feature of RealTek audio codec chips, commonly found on most computer motherboards, and essentially turns your headphone speakers into microphones.
The principle behind the hack is fairly simple. In case you didn’t know, any analog headphone pair can be turned into functioning microphones by merely plugging them into an audio-in jack.
Since analog headphones convert electromagnetic signals into audible speaker vibrations, reversing this signal will have the speaker membranes pick up the vibrations instead, and similar to how a mic works, convert these back into electromagnetic energy.
(You can try this trick by plugging a pair of mic-less headphones into an audio-in jack, then start recording.)
The researchers say that since RealTek audio chips are very common in computer motherboards, the attack can work on virtually any computer, regardless of the operating system, whether it’s Windows or MacOS. The team is still determining if other audio chips and smartphones are vulnerable to these kinds of attacks but they believe it is very likely.
“This is the real vulnerability,” stated Mordechai Guri, Ben-Gurion’s lead researcher. “It’s what makes almost every computer today vulnerable to this type of attack.”
The attack works quite well too. During the tests, they plugged in a pair of Sennheiser headphones and found out that they can record sounds from up to 20 feet away. “It’s very effective,” added Guri. “Your headphones do make a good, quality microphone.”
Although the purpose for creating the proof-of-concept “Speake(a)r” malware is solely for theoretical and precautionary purposes, the vulnerability is certainly out there for a determined hacker to try and exploit.
“People don’t think about this privacy vulnerability,” said Guri. “Even if you remove your computer’s microphone, if you use headphones you can be recorded.”
The researchers admit that this vulnerability can’t simply be patched with a software security update. The “retask” feature of RealTek audio chips is not a bug but a baked-in feature and it can’t be remedied without a total redesign of the chips themselves and installing them in future motherboards.
At least for now, this hack will not work with digital/non-analog headphones. USB, wireless, Bluetooth and Lightning headphones should be impervious to these Speake(a)r-type analog input retasking attacks.
Also, since this hack requires a swap of the output and input ports, one way to tell if your headphone speakers have been retasked is if they stop playing sound. Additionally, your headphones will also have to be plugged in for the swap to even work.
2. Smart toys
Some concerns are being raised with smart toys that are connected to the internet. Several privacy groups have filed complaints with the U.S. Federal Trade Commission (FTC) as well as the European Union. They are accusing Genesis Toys, along with its tech partner Nuance, of violating deceptive practices and privacy laws.
Privacy groups are expressing concern over the toys i-Que and My Friend Cayla. They claim that these toys record kids’ voices, without the required permissions, and send the recordings to Nuance. The fear is that these recording databases could be sold to police or intelligence agencies.
Another concern is the way the toys connect to Bluetooth devices. The toys don’t have a safeguard built in, meaning any unauthorized Bluetooth device could connect to them.
The privacy groups say that could allow someone to eavesdrop on the children. In the formal complaint, they state this could lead to, “predatory stalking and physical danger.”
This video from the Norwegian Consumer Council demonstrates the toys’ flaws and how someone can connect their phone through Bluetooth and speak to the children.
3. Advertising billboards
Advertising Billboards are designed to make us look at them. With sensational graphics and catchy messaging, they attract our attention and draw us in. But now, it looks like billboards could be spying on us.
That’s the fear of privacy experts who warn that companies are monitoring consumers, pulling private information from their smartphones as they pass by their modern electronic advertising signs.
Some of today’s high-tech billboards employ something called RADAR technology, which collects data that is used to target advertising to individuals. It’s like clicking on an item online and having its ad follow you as you browse.
RADAR measures consumers’ real-world travel patterns and behaviors as they move through their day. The data comes from a third party – like your cellphone provider – and it’s all anonymous.
Here’s the bottom line, a personal phone should be just that – personal. It shouldn’t be a James Bond-like tracking device for a corporation.
We live in a world where we’re always being tracked- online, on our phones and now – passively, when we’re not actively using our devices.
That’s something to remember the next time you pass a billboard at the mall, at the airport or even Times Square.
Tired of being spied on? Here are 3 ways to search the web without Google tracking you
“Google” has become synonymous with “finding information.” But even the mighty Google has its drawbacks, especially if you value your privacy. The world’s most famous search site is also known for saving your search history, reading your email, and tracking what you click. Before you break out the torches and pitchforks, try these alternatives.