Slipping Hardware Past You - Threatwire Crosspost (Patreon)

By Shannon Morse, Threatwire 

What rights do you have as consumers when it comes to potential threat vectors that aren't in use? Well it turns out, companies just don't want us to worry about it.

Back on the 16th of February, a twitter user named @vkamluk, noticed an eerie looking sensor on the back of their seat on a Singapore Airlines flight. Singapore Airlines replied swiftly, saying that yes, it was a camera embedded in the hardware on their newer in flight entertainment systems, but they are disabled and the airliner had no plans to develop any features using the cameras. They also noted that these cameras are found in Business, Premium Economy, and Economy fair seats.

While Singapore Airlines denies that these are used, another Airliner was also bombarded with questions regarding entertainment system cameras. American Airlines also has cameras embedded in their entertainment systems, and American also stated they would not be using them and they are not activated.

These could be used, logically, for things such as in-flight video calling or photo sharing in our social media age... or, maliciously, they could be used to track our gaze as we watch certain entertainment. They could be used to track data about rest, eating habits, sleep, and bathroom breaks. And since in-flight entertainment systems have already been found to be easily hackable, going back to 2016 it is cause for concern that cameras are embedded in these devices. It's entirely plausible that while they aren't in use by the airliner, an attacker could in theory try to gain access to them.

Alongside this news is Google's Nest, which had a hidden microphone built in, surprising many customers who were never informed. Called the Nest Guard, Google's Nest Secure Hub does indeed have a microphone, even though it has never been listed in the tech specs for consumers. Google announced on February 4 that voice assistance would be coming to the device, which was followed by questions about the microphone. Again, the company explained that this microphone has never been activated and their omission of the hardware was a mistake. Now we know that this microphone will be used for voice assistant but could also be used to detect glass breaking, etc.

With so many companies building recording devices into their hardware for "future uses" or, as the airliners state, just buying them off the shelf with the cameras already built in, should we be concerned that they aren't disclosing this information to customers? Do they put too much faith in products never being activated, assuming that if they aren't activated they couldn't be breached? I'd love to know your comments on this.