In theory, hackers are a bigger concern – they could get into your microphone as easily as they do your webcam. However, microphones aren’t exactly goldmines of sensitive information, so they’re not hacked very often at all. Overall, given how many people could be listening to you, it’s almost surprising that there haven’t been more cases of it reported.
Has it happened, though?
The short answer is yes: companies and hackers have both gotten access to users’ microphones without their permission. There is only one confirmed story of a smart device accidentally recording and storing speech, but there have been two other major cases of sneaky smartphone mic use.
2014: Silverpush started making headlines for its fairly creepy use of high-frequency (inaudible to humans) signals to communicate advertising information from smart TV speakers to phones. Currently, this program is not running. 2017: The New York Times discovered that Alphonso, a company that collects TV-advertising data, had built listening software into hundreds of apps, including Shazam. This software is not targeted at human speech but is rather meant to listen for recognizable audio from TV programs. It is still running, but every app that uses it needs to disclose it in their privacy policy. Unfortunately, no comprehensive list of these apps exists. 2017: some Google Home Minis developed an issue which led to them self-activating and recording everything around them. The issue was quickly discovered and fixed, and the logs deleted.
For hackers, average users’ microphones are just not the most interesting target out there; most major hacks of this kind have been espionage-related. Webcam hacks are a much bigger concern in general, as it’s much easier to scan through video for interesting material.
Are your devices doing it by design?
The short answer: almost definitely not. Almost every computer, phone, and smart home device out there should keep your microphone private by default. Smart homes are always listening, but they only store a few seconds of audio at a time — anything you say that doesn’t include “Okay Google” or “Hey Alexa” gets deleted almost as soon as you’ve said it. If Facebook shows you an ad for the tropical vacation you were just talking about, it wasn’t listening in – it was just using all the other data it already has about you to figure out what you’re thinking.
How vulnerable are my devices?
Almost everything is hackable. It’s just a matter of how hard it is to get to the vulnerability.
Computers: Hacking a computer microphone is probably the easiest. Relatively unskilled hackers can do it if they can just get some software on your machine. Phones: Any app with microphone permissions can more or less hear whatever it wants (though measures are being taken to implement extra security), so malicious apps are the most common breach. Hackers can get into your phone and install software in other ways, but that’s quite rare. Your best bet here is to disable microphone permissions for any app you don’t trust/need the microphone for. Smart home hubs: Despite the worries, these devices have fewer attack vectors than computers or phones. Most demonstrated vulnerabilities require someone having physical access to or being within Bluetooth range, though the known Bluetooth hack has been mostly fixed.
How can I protect myself?
Covering your webcam is a pretty good idea. They’re easy to hack, and you don’t want to be on somebody’s shortlist of interesting webcams. Following Mark Zuckerberg’s lead and taping over your microphone, though, will straight up not work. Tape does not stop sound waves.
Computers: Disable your microphone when it’s not in use. Determined hackers can turn it back on, but it’s easier for them to just move on to a slower antelope. If you’re still paranoid, the only option is to open up your computer and take out the mic. Smartphone: Check your permissions and make sure only apps you trust have microphone permissions. Again, hackers might circumvent this, but unless you’re Edward Snowden, ripping out your mic is probably overkill. Smart home device: Keep your network secure, don’t keep your device in a public place, and don’t let any shifty-looking types with screwdrivers get too close to Alexa. For the Echo, you can also use the hardwired microphone kill switch on top; there’s no way to disable it with software.
Should I be worried?
You can take out all your microphones and ban anything smarter than a toaster from entering your home, but if you go within a few feet of someone carrying a phone, you’ll be on the air again. Given this reality, there’s no point worrying too much about it. Companies aren’t harvesting your data (yet), hackers don’t think your microphone is very interesting, and as long as you’re not an easy target, you probably aren’t in much danger. As with most things, we’ll have to wait until there’s a big issue before we get a big solution, so until then, keep on talking to your robot friends.