Video Conferencing Apps Found Querying Mic Even When Muted

People who put black tape over their laptop's camera always cause a few raised eyebrows in the room. However, it seems that similar seemingly extreme precautions may not be uncalled for. In a recent joint publication by university researchers, it was revealed that a number of very popular video conferencing applications keep querying the microphone and transmitting data, even when the microphone is muted inside the software's settings.

Is this thing on?

The discovery was made by teams with the University of Wisconsin and Loyola University Chicago. The paper they published was called "Are You Really Muted?" and revealed some very strange details about how video conferencing software handles your system's microphone.

The paper shows that a number of popular apps used for voice and video chats keep monitoring the microphone even after the user pressed "mute". That doesn't automatically mean that someone can listen in on you, but researchers found out that the telemetry data transmitted during this monitoring process can be used to identify the background sound and activities that the user may be doing, and this can be performed with a high level of certainty.

The university teams came up with what the paper calls a "proof-of-concept background activity classifier", which was able to fingerprint background activities, working off the telemetry data from the already muted microphone.

Applications that were found to query the microphone when the device is muted include more or less every major video conferencing application. The list includes Discord, Cisco's Webex, Google Meet, Skype, and Microsoft Teams, as well as Slack and Zoom. Not all of them were susceptible to similar monitoring, as all apps running in a browser used the browser's internal, software mute, which directly communicates with the audio driver and shuts down any microphone data transmission.

Webex concerns partially addressed

Webex was a bit of a standout case in this study, as the researchers discovered that even on muted mic, Webex would still have raw audio in its audio buffers. The application's telemetry, transmitted as plain text, could also be intercepted by the researchers and used to identify user activity in the background. Cisco contacted Security Week who reported on the research paper and stated that the data monitored was limited to audio volume levels and gain and was only intended to "support the user experience and troubleshooting". The company further stated that this data collection related to troubleshooting was stopped and users could contact the company over further privacy concerns and ask for all data to be completely disabled.