Path: utzoo!censor!geac!torsqnt!news-server.csri.toronto.edu!cs.utexas.edu!sdd.hp.com!wuarchive!udel!rochester!cornell!wayner From: wayner@kama.cs.cornell.edu (Peter Wayner) Newsgroups: comp.sys.next Subject: Security Hole? Message-ID: <49464@cornell.UUCP> Date: 7 Dec 90 15:24:32 GMT Sender: nobody@cornell.UUCP Organization: Cornell Univ. CS Dept. Ithaca NY Lines: 57 This was posted today to the comp.risks newsgroup. Anyone with a slab care to check this out? ------------------ Date: Tue, 27 Nov 90 12:56 EDT From: "E. Loren Buhle, Jr. [215-662-3084]" Subject: NeXT microphone problem? THIS MESSAGE DEALS WITH A POSSIBLE "RISK" PERTAINING TO CONTROL OF THE INTEGRAL MICROPHONE IN THE LATEST NeXT MACHINE. FIRST, SOME DESCRIPTION: The newest NeXT machine has a microphone in the lower left portion of the CRT console (embedded in the plastic frame of the CRT). This integral microphone is an important input device for the voice annotation software running on the NeXT. It comes with all new NeXT machines. The software interface on the NeXT presents the user with keys corresponding to a tape recorder (e.g. record, stop, rewind, play, etc.). The user hits the record button, speaks for any length of time, hits stop, rewind, play and hears the conversation that was recorded to a disk file (and played back) . . . . very nice touch! The operating system on the NeXT machine is Mach UNIX, a multiuser environment. NOTHING APPEARS TO PREVENT REMOTE OPERATION OF THE MICROPHONE. There is NO INDICATION ON THE FRONT OF THE NeXT MACHINE THAT THE MICROPHONE IS LIVE OR DEAD! (Remember Ronald Reagan's problems with "supposedly dead" microphones?) Here is a scenario: A remote user turns on the microphone on the NeXT, recording the voice to a file (locally or remotely). Any sound in the proximity of the NeXT CRT is recorded. This file containing the conversation is then played back on a remote NeXT. Voila, a built-in office bug! While it can be argued that control of the microphone is by the console, anyone with superuser privs can undoubtable find a workaround. On the old (1988 vintage) NeXT box, the microphone was plugged into a jack on the back. Unplugging the microphone removed this problem. Cumbersome, but very effective. The new microphone is built into the CRT case. It is not trivial to detach/attach at will. So what can be done? One possibility would be to have a physical LED turn on whenever the microphone was active. This LED would be physically wired to the microphone and NOT be under program control. This possibility assumes the people carrying on the conversation are looking at the NeXT console. . . . Thoughts? Dr. E. Loren Buhle, Jr. INTERNET: BUHLE@XRT.UPENN.EDU University of Pennsylvania School of Medicine Phone: 215-662-3084 Rm 440A, 3401 Walnut St., Philadelphia, PA 19104-6228 FAX: 215-349-5978 Peter Wayner Department of Computer Science Cornell Univ. Ithaca, NY 14850 EMail:wayner@cs.cornell.edu Office: 607-255-9202 or 255-1008 Home: 116 Oak Ave, Ithaca, NY 14850 Phone: 607-277-6678