It’s the infosec (information security) shot seen round the world. Mark Zuckerberg posted an Instagram photo celebrating 500 million monthly users, and his Mac laptop was visible in the background. As Chris Olson pointed out on Twitter, Zuckerberg had put tape over his laptop’s camera and over its microphone input (not a mic jack).
This sparked an interesting and useful discussion that built upon an earlier bit of virality, when Edward Snowden, the man who exposed the NSA’s data-gathering behavior, showed on a Vice program on HBO how to disable audio and video inputs on a smartphone by removing them.
That may seem extreme. It is. Few of us are scrutinized, tracked, or hacked at the scale of Mark Zuckerberg or Edward Snowden. But we shouldn’t be sanguine. While OS X vulnerabilities haven’t led to widespread exploitation (so far), attackers and government agencies have been able to insinuate themselves into Macs.
3 things about this photo of Zuck:— Chris Olson (@topherolson) June 21, 2016
Camera covered with tape
Mic jack covered with tape
Email client is Thunderbird pic.twitter.com/vdQlF7RjQt
Some people also aren’t worried so much about the actuality of being a target, but want to prevent the potential of being one on general principle. A camera is easy to block, because you can effectively black it out. A microphone is harder. Covering it may muffle the volume, but because of how they’re placed in Apple’s laptops, some sound would bleed through. Since Zuckerberg’s savvy, the tape may be a reminder that he made a deeper change to software or hardware.
For most people, the fear with mics being tapped isn’t that your conversation would be listened into because you have some particular secret. But rather it’s that you could simply be the random subject of probing. There’s also the very realistic potential that NSA-scale audio-to-text extraction moves with the inevitable decrease in cost for computational power into something criminal syndicates find useful. Mass snarfed audio could be scanned for context—such as you reading a credit-card number aloud or discussing a confidential business matter. Anything technically plausible today but infeasible due to scale will eventually become practical.
So if you don’t want your microphone to be active and a piece of tape isn’t enough, what steps can you take? I asked security and hardware experts, and there’s a graduated path you can walk down.
Set microphone input to zero
You can start with a graphical user interface, and open the Sound system preference pane. For each device listed in the Input tab, set the Input Volume to zero (drag all the way to the left). This prevents gross misuse by software that might otherwise be able to use an audio source without you realizing it, as the input volume should be controlled through this approach.
Malicious software may be able to reset input volume, bypassing these settings, or pull audio directly from a device at a stage before this setting may be applied. However, it’s the simplest and most direct change you can make that has no other repercussions. Turn input volume up for a given device whenever you need to, and unplug any USB input devices while you’re not using them for extra protection.
On Macs that support audio input through the 3.5mm “headphone” jack—such as by using the ear buds/headset combo that comes with an iPhone—you could insert an stubby adapter that has nothing plugged into it, but this doesn’t apply to the built-in mics found in nearly all Macs, nor does it necessarily prevent malware that’s capable of accessing audio drivers from switching on audio input.
Monitor microphone use
Micro Snitch, from the makers of network-activity detector Little Snitch, watches for audio and video input activity at a system level. It’s just $4. When it detects a mic becoming active it posts an OS X notification and then floats a window with non-intrusive animation indicating it’s in use.
Because it’s lower level than the Sound preference pane, and because it’s separately installed software that’s not going to be found on every Mac, it’s more likely that malware would trigger it. Micro Snitch can’t monitor all input: it said it couldn’t alert me to some USB-attached microphones, but I recommend only attaching those on demand if you’re that concerned.
Remove the drivers
Unlike Windows and Linux, Apple doesn’t provide easy access to hardware drivers, either to install, remove, or modify settings. This was intentional, as part of OS X’s friendly face contrasted against Windows’ obscurity. It’s also sometimes maddening, because being able to manage drivers through a system-provided interface can help troubleshoot problems.
Kenn White, a cryptography expert, pointed me to the National Institute of Standands and Technology’s report on securing OS X for IT professionals. The report oddly discusses disabling microphone input without the specifics of how to do it, however. It does provide a lot of excellent background detail that’s worth reading.
You can disable audio system-wide, White noted, by removing a few driver files via the Terminal app using the command. Warning: As with all such unsupported low-level changes, you can wind up with an unusable system. Make a backup first and be prepared if something goes wrong.
sudo srm -rf /System/Library/Extensions/AppleUSBAudio.kext
sudo srm -rf /System/Library/Extensions/IOAudioFamily.kext
sudo touch /System/Library/Extensions
This will disallow all audio input, could disable audio output, and will probably require reapplying after each system update, which may restore missing drivers.
Disable audio input hardware
The deepest level is to disable or remove the actual hardware in your computer. This can be easier than it sounds. I asked Kyle Wiens, the head of repair-guide and parts company iFixit, and he said one could melt the solder for the audio port connection on a motherboard and remove the built-in microphone altogether.
On some models, it can be much simpler. The 2015 and 2016 MacBooks have two built-in mics, but they’re close together and connected to the motherboard with a detachable cable. Following iFixit’s guide to replace an audio port, you could instead disconnect the mics, disconnect the entire assembly, or completely remove the audio board.