{"id":19587,"date":"2022-04-28T13:12:06","date_gmt":"2022-04-28T17:12:06","guid":{"rendered":"https:\/\/me-en.kaspersky.com\/blog\/mute-button\/19587\/"},"modified":"2022-04-29T11:39:38","modified_gmt":"2022-04-29T07:39:38","slug":"mute-button","status":"publish","type":"post","link":"https:\/\/me-en.kaspersky.com\/blog\/mute-button\/19587\/","title":{"rendered":"Is your mic really muted?"},"content":{"rendered":"<p>Over the two years of the pandemic, millions of people learned to use numerous remote collaboration tools. If previously users thought little about security, after the massive uptake of such services, they started paying far more attention to it. Interest in the security of conferencing software has yet to abate, in which regard researchers at three U.S. universities published a <a href=\"https:\/\/wiscprivacy.com\/papers\/vca_mute.pdf\" target=\"_blank\" rel=\"nofollow noopener\">study<\/a> on whether the microphone mute button in popular tools actually does what it says on the tin. The results were varied, yet undoubtedly suggest that it\u2019s time to reconsider attitudes to privacy during work calls.<\/p>\n<h2>Where did the idea come from?<\/h2>\n<p>Actually, the idea was quite obvious. If you\u2019ve ever used Microsoft Teams, you\u2019ll surely be familiar with the following situation: you connect to a call in Mute mode, forget to turn it off and start talking, whereupon the program <em>reminds you<\/em> that the microphone is muted. Clearly, such an (admittedly handy) feature cannot work if the mute button disconnects the microphone altogether. How, then, is this feature actually implemented? And is sound from the microphone sent to the solution vendor\u2019s server even in Mute mode?<\/p>\n<p>These are some of the questions posed by the authors of the study. But how to check? For this, the researchers analyzed the intricacies of microphone interaction for ten services, in each case examining the scenario for browser-based calls.<\/p>\n<h2>Research results<\/h2>\n<p>From a privacy point of view, the best solution for conference calls would appear to be a web client. All web-based conferencing services were tested in a browser based on the Chromium open-source engine (the basis of many browsers, including Google Chrome and Microsoft Edge). In this mode, all services must comply with the rules for microphone interaction, as set by the developers of the browser engine. That is, when the microphone mute button is activated in the web interface, the service should pick up no sound at all. Native desktop applications have more rights.<\/p>\n<div id=\"attachment_44194\" style=\"width: 2080px\" class=\"wp-caption aligncenter\"><a href=\"https:\/\/media.kasperskydaily.com\/wp-content\/uploads\/sites\/37\/2022\/04\/28211309\/muted2.png\"><img loading=\"lazy\" decoding=\"async\" aria-describedby=\"caption-attachment-44194\" src=\"https:\/\/media.kasperskydaily.com\/wp-content\/uploads\/sites\/37\/2022\/04\/28211309\/muted2.png\" alt=\"General scheme of interaction between native conferencing application and operating system (in this case Windows 10).\" width=\"2070\" height=\"431\" class=\"size-full wp-image-19588\"><\/a><p id=\"caption-attachment-44194\" class=\"wp-caption-text\">General scheme of interaction between native conferencing application and operating system (in this case Windows 10). <a href=\"https:\/\/wiscprivacy.com\/papers\/vca_mute.pdf\" target=\"_blank\" rel=\"nofollow noopener\">Source<\/a><\/p><\/div>\n<p>The researchers analyzed how and when the application interacts with the microphone by comparing audio data captured from the microphone with the stream of information sent to the server. And they found that different programs have different behavior. Here\u2019s what they learned about the most popular services.<\/p>\n<h3>Zoom<\/h3>\n<p>The Zoom client provides an example of \u201cdecent\u201d behavior. In Mute mode, it does not capture the audio stream; that is, it does not eavesdrop on what\u2019s going on around you. That said, the client regularly requests information that allows it to determine the noise level near the microphone. As soon as the silence ends (you start talking or just make a noise), the client reminds you, as ever, to turn off Mute mode.<\/p>\n<h3>Microsoft Teams<\/h3>\n<p>Regarding the above-mentioned native client for Microsoft Teams, things are slightly more complicated: the program doesn\u2019t use the standard system interface for microphone interaction, and instead communicates directly with Windows. As such, the researchers were unable to investigate in detail how the Teams client handles muting during a call.<\/p>\n<h3>Cisco Webex<\/h3>\n<p>The Cisco Webex client displayed the most unusual behavior. Unique among all the solutions tested, it constantly processed the sound from the microphone during the call, regardless of the state of the Mute button inside the application. However, investigating the client in more detail, the researchers found that Webex does <em>not<\/em> snoop on you: in Mute mode, sound is not transmitted to the remote server. But it does send metadata; specifically \u2014 the volume level of the signal.<\/p>\n<p>On the face of it, this doesn\u2019t seem like a big deal. However, solely on the basis of this metadata, without access to the actual audio stream, the researchers were still able to determine a number of basic parameters of what was happening at the user\u2019s end. For example, it was possible to determine with a reasonable degree of reliability that the user had turned off the microphone and camera, and turned on his vacuum cleaner. Or cooking. Or that a dog was barking. It was possible to know if others were present in the room (for example, that the call was coming from a public place). This involved the use of an algorithm similar in some ways to that of Shazam and other music discovery apps. For each \u201cnoise sample\u201d, a set of patterns is created and compared to the data captured from the Cisco Webex client.<\/p>\n<h2>Privacy levels<\/h2>\n<p>The study offers some practical advice and confirms one obvious fact: you don\u2019t have full control over what data is collected on you or how. A positive takeaway from the report is that it found no crime in the operation of popular conferencing tools. Many applications tread very carefully when it comes to microphone use.<\/p>\n<p>If, despite these positive results, you\u2019re still uneasy about having a native application on your computer with constant access to the microphone, a simple solution, if possible, is to connect through a web client. Sure, the functionality will be limited, but privacy will increase: the Mute button there really does disconnect the microphone from the service.<\/p>\n<p>Another option is a hardware microphone Mute button, if there is one on your computer. Or an external headset \u2014 the Mute button on top-of-the-range models often isolates the microphone from the computer physically, not by software means.<\/p>\n<p>The real danger is not the conferencing tools themselves, but malware that can snoop on victims and send audio recordings of important conversations to its creators. In this case, you need not only a security solution that deals with unwanted programs, but also a means of controlling who accesses the microphone and when \u2014 in case a legitimate program decides to do so without asking. Kaspersky\u2019s <a href=\"https:\/\/me-en.kaspersky.com\/small-business-security\/small-office-security?icid=me-en_kdailyplacehold_acq_ona_smm__onl_b2b_kasperskydaily_wpplaceholder____ksos___\" target=\"_blank\" rel=\"noopener\">solutions<\/a> for both home and business feature a separate function that informs you when software tries to access the microphone or webcam.<\/p>\n<input type=\"hidden\" class=\"category_for_banner\" value=\"ksos-generic\">\n","protected":false},"excerpt":{"rendered":"<p>We cite an interesting study on how the mute button actually works in teleconferencing services, and discuss privacy in the web conferencing era.<\/p>\n","protected":false},"author":665,"featured_media":19590,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[1318,1917],"tags":[2554,43,2555],"class_list":{"0":"post-19587","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-business","8":"category-smb","9":"tag-microphone","10":"tag-privacy","11":"tag-snooping"},"hreflang":[{"hreflang":"en-ae","url":"https:\/\/me-en.kaspersky.com\/blog\/mute-button\/19587\/"},{"hreflang":"en-in","url":"https:\/\/www.kaspersky.co.in\/blog\/mute-button\/24104\/"},{"hreflang":"ar","url":"https:\/\/me.kaspersky.com\/blog\/mute-button\/9898\/"},{"hreflang":"en-us","url":"https:\/\/usa.kaspersky.com\/blog\/mute-button\/26426\/"},{"hreflang":"en-gb","url":"https:\/\/www.kaspersky.co.uk\/blog\/mute-button\/24372\/"},{"hreflang":"es-mx","url":"https:\/\/latam.kaspersky.com\/blog\/mute-button\/24732\/"},{"hreflang":"es","url":"https:\/\/www.kaspersky.es\/blog\/mute-button\/27130\/"},{"hreflang":"it","url":"https:\/\/www.kaspersky.it\/blog\/mute-button\/26678\/"},{"hreflang":"ru","url":"https:\/\/www.kaspersky.ru\/blog\/mute-button\/33132\/"},{"hreflang":"tr","url":"https:\/\/www.kaspersky.com.tr\/blog\/mute-button\/10661\/"},{"hreflang":"x-default","url":"https:\/\/www.kaspersky.com\/blog\/mute-button\/44193\/"},{"hreflang":"fr","url":"https:\/\/www.kaspersky.fr\/blog\/mute-button\/18842\/"},{"hreflang":"pt-br","url":"https:\/\/www.kaspersky.com.br\/blog\/mute-button\/19369\/"},{"hreflang":"de","url":"https:\/\/www.kaspersky.de\/blog\/mute-button\/28519\/"},{"hreflang":"nl","url":"https:\/\/www.kaspersky.nl\/blog\/mute-button\/28231\/"},{"hreflang":"ru-kz","url":"https:\/\/blog.kaspersky.kz\/mute-button\/24983\/"},{"hreflang":"en-au","url":"https:\/\/www.kaspersky.com.au\/blog\/mute-button\/30460\/"},{"hreflang":"en-za","url":"https:\/\/www.kaspersky.co.za\/blog\/mute-button\/30234\/"}],"acf":[],"banners":"","maintag":{"url":"https:\/\/me-en.kaspersky.com\/blog\/tag\/privacy\/","name":"privacy"},"_links":{"self":[{"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts\/19587","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/users\/665"}],"replies":[{"embeddable":true,"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/comments?post=19587"}],"version-history":[{"count":3,"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts\/19587\/revisions"}],"predecessor-version":[{"id":19592,"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts\/19587\/revisions\/19592"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/media\/19590"}],"wp:attachment":[{"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/media?parent=19587"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/categories?post=19587"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/tags?post=19587"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}