There’s been a bit of a buzz in the news lately over an “epic new feature” in the next Apple iPad model – the one that’s supposed to come out this year.
A microphone switch!
A real-life, break-in-the-wire(ish) microphone switch so that you can be sure that your iPad really isn’t recording you while you’re in your car (less of a problem these days because few of us are commuting) or sitting around at home (more of an issue now because we’re living, working and teaching our kids in the same place).
Before you get too excited, we thought we’d add a few details to the story, and offer some tips for those of us who probably won’t be splashing out on new tablets this year, even if we wanted to.
The microphone switch isn’t a switch in the conventional sense – you don’t operate it like a regular light switch.
It’s built into the T2 Security chip, which has been part of Apple’s laptop hardware from about 2018 onwards, including recent MacBook Airs and MacBook Pros.
It’s the Security Chip that turns the microphone off, triggered by the laptop itself:
All Mac portables with the Apple T2 Security Chip feature a hardware disconnect that ensures the microphone is disabled whenever the lid is closed. On the 13-inch MacBook Pro and MacBook Air computers with the T2 chip, and on the 15-inch MacBook Pro portables from 2019 or later, this disconnect is implemented in hardware alone.
We’re assuming that the same detector that turns of the screen and triggers the software switch to put your Mac to sleep when you close the lid is what activates and deactivates the microphone.
By hooking that function up to the security chip instead of letting the regular software in the operating system take care of the microphone, Apple has effectively cut macOS out of the equation for detecting “should things be on or off”.
Apparently, Apple is extending the T2 Security Chip’s self-contained switching abilities to its new iPad range, activated by an external trigger that is MFi compliant.
Incidentally, the “Fi” in Apple’s MFi programme isn’t like the Fi in Wi-Fi, but originally meant “for iPod“.
MFi now stands for “made for iPad and iPhone”, and it encompasses physical connectors and charging devices as well as the technology and protocols used for close-proximity wireless connectivity.
According to Apple, this covers “technologies and components” all the way from AirPlay audio, CarPlay and GymKit to Lightning connectors and receptacles, magnetic charging module, and smart connector.
In future, so called “smart cases” will officially be able to tell the T2 chip they’re closed, and thus to trigger actions, including disconnecting the microphone, in a way that doesn’t rely on the correct behaviour of any apps, the operating system kernel itself, or even the main device firmware on which the operating system runs.
Of course, this is still a long way from turning off a physical switch, or from physically yanking out a jack from a socket.
A system of this sort also relies on the veracity of your smart case, which has got us speculating about a variant of the “evil cleaner” attack, where a malevolent and well-funded threat actor bribes a hotel cleaner to tamper with your laptop, your phone – or, who knows, your smart case – while you’re out of your room.
What to do?
You don’t need to do anything for this one – we thought it would be harmless fun to speculate about “smart case evil cleaner” attacks.
(We also suspect that few of us will be staying in hotels for a while, or even travelling at all, which makes the attack yet more fanciful still.)
Nevertheless, there is a pretty useful habit you can adopt right away if you want, namely actually powering off your phone (or your laptop) once in a while.
For example, if you want to have a truly private chat – and you may have no other reason than you simply want it to feel private – you can’t just leave your phone behind and head off to a remote location with a picnic basket these days.
So you may want to remember the old-school “power off” trick for your truly private times.
Sure, you have to trust that the phone really has turned itself off, but there are some ways you can be fairly certain it has.
There won’t be any detectable radiation coming from it, for a start, whether that’s electromagnetic in the form of visible light or radio frequencies, or heat dissipated by a running processor.
And if it’s not getting hot then you can safely bury it in a bag – or stash it in a cupboard in the basement with a sign saying “Beware of the Leopard.”
PS. Due to the coronavirus situation at the time of writing, some jurisdictions are requiring that at least some people leave their phones turned on and allow themselves to be tracked for health-related reasons. We are not advocating civil disobedience by turning off your phone if you aren’t supposed to. We’re just reminding you that the microphones and cameras in your phone already have a master switch.
Beratung Consulting are dedicated to Security solutions and are a trusted Sophos Partner.
