New discovery: Chat apps can continue to collect audio data even when the microphone is muted

New discovery: Chat apps can continue to collect audio data even when the microphone is muted

The microphone on your computer and other electronic devices is one of the many potential sources of privacy challenges. Recent findings may indicate that the challenges are greater than many assume, among other things Next Web.

What happens to the microphone data when the user clicks the mute button?

This was the question that scholars know University of Wisconsin-Madison In the United States at the time they wanted to check the privacy of meeting participants from the home office.

Conclusion: Most video conferencing solutions collect audio data even when the user mutes the microphone. Verstingen constantly sends audio files to their own servers, while most apps occasionally check if there’s audio that can indicate that you’re speaking even if the mute button is turned on.

In Microsoft Teams and Skype products, it has proven impossible for researchers to track voice data through the system.

Popular apps

The team used various analysis tools to trace raw audio data from the application to the computer’s audio driver and then to the network while the application was muted. What they found is that all apps sometimes collect raw audio data, even with attenuation enabled.

The apps examined included the company’s version of Zoom, Slack, Microsoft Teams/Skype, Google Meet and Cisco Webex.

The latter was the most problematic, according to the researchers. Cisco’s popular communication app Webex collects voice data and forwards it to the server while audio is muted in much the same way as when audio is not being muted.

– We discovered that Webex constantly reads audio data from the microphone and transmits statistics from the data once per minute to the telemetry server, Write the researchers in the research article.

See also  Breach in negotiations between TV 2 and Telenor - VG

They contacted Cisco regarding the findings, and the company replied that it would investigate the case. in a comment on record Cisco says it has now made changes to Webex to prevent telemetry data from being transmitted from the microphone.

Microsoft was impossible to investigate

Microsoft’s meeting solutions, Teams and Skype, don’t use standard Windows APIs, but connect directly to the operating system. This interface is undocumented, and researchers simply haven’t been able to figure out how Teams and Skype use your mic data once the audio is muted.

Big difference between app and browser

If you use the meeting solution directly in the browser, you have two ways to mute the microphone: in the browser settings or directly in the meeting solution. But the meeting solution is also subject to browser controls and does not bypass the Java text-based API, WebRTC, which controls how apps access the operating system to use the camera and microphone.

Since the browser controls everything that happens via WebRTC, you can be pretty sure that a silent mic actually means that no Teams, Zoom, or Slack hear what you’re watching on TV during a department meeting.

But when it comes to the applications installed on your computer, the applications connect directly to the operating system.

None of the major operating systems have implemented a mute function at the software level. This means that each individual application must provide a mute function. The operating system does nothing that prevents the application from retrieving data from the microphone, even if the internal mute function of the application is turned on.

See also  Lower prices led to lower Statkraft results

Expect mute rejection

The research document states that while apps have access to read microphone data with the microphone muted, this is not something that apps do in the first place, with the exception of Webex. Instead, access is primarily used to check the status of the microphone.

However, the results present a privacy issue, according to the researchers, because the way the “mute” button works does not match how users perceive the button’s functionality.

As part of the research work, the team conducted a user study with 223 participants, in which 70 percent believed that the “mute” button prevents all microphone data from being transmitted – which is not the case.

In addition, telemetry data can also be used for malicious purposes. The researchers wanted to see if the raw data could be used to detect background activities while the microphone was muted. They were able to manage this, albeit with the help of a specially developed machine learning algorithm, with an accuracy of 82 percent.

According to the researchers, such analytics can be used for the purposes of “fingerprinting” – that is, identifying user profiles based on different types of information gathering about users.

You can find more details about the results and methodology at search article.

Hanisi Anenih

Hanisi Anenih

"Web specialist. Lifelong zombie maven. Coffee ninja. Hipster-friendly analyst."

Leave a Reply

Your email address will not be published. Required fields are marked *