The mechanism is not the problem, it's that it turns on the mic by default. Most Zoom users are not in the luxury position of being in a location with a presentation room where they might need to present something, so for most people this is just an unnecessary feature and a possible nuisance. So this setting should by default be turned off (it can still work when the mic is turned on already).
Yes, but if you’re in a zoom/whatever conference room, with a zoom/whatever client running, it’s not unreasonable to think that you want to use the conference equipment. Couple with the various constraints on BT, etc this is a reasonable solution.
Where this reasonable solution is actually implemented securely is another question, and Zoom’s track record isn’t exactly fantastic.
From the description it sounds like it's just a handoff feature, as in you go into a conference room with whatever their conference room product is.
Once you get in handoff range they only need to exchange sufficient information to get the AV equipment to start a connection to the appropriate zoom/webex/whatever channel, and presumably the reverse of getting the original zoom client to close.
I'm assuming there is some work to reduce the likelihood of unintentionally triggering it, and some basic authentication, but this is not a lot of data, and ultrasound is more than sufficient to do it very "instantaneously".
OK, so the actual communication (the call itself) will be transmitted over wifi. But this means that at least some kind of access token must be transmitted over ultrasound. Is this safe? I would love to see an analysis of that communication; whether it is encrypted, is the handshake secure or can it be hijacked, does,it transmit only an anonymous access token or the whole user ID etc.
I mean, if I ever switch off Bluetooth it's exactly for the reason that I don't want my device to be detected/tracked. Zoom going around this by using ultrasound is kind of mean, since I can't prevent zoom from using audio if I want to be able to make calls.
> OK, so the actual communication (the call itself) will be transmitted over wifi
That was my interpretation of the feature described earlier in the thread
> But this means that at least some kind of access token must be transmitted over ultrasound. ...
Yup, I agree I'd love to know more about what is involved. I like to think there's a degree of authentication involved, but this is also Zoom. The company that installed a persistent service in order to circumvent a security feature in safari, that also allowed unauthenticated RCE.
> I mean, if I ever switch off Bluetooth it's exactly for the reason that I don't want my device to be detected/tracked.
I had assumed Android and PC had adopted the randomized MACs apple uses to prevent such tracking?
> Zoom going around this by using ultrasound is kind of mean, since I can't prevent zoom from using audio if I want to be able to make calls.
If we assume for now that it is properly authenticated, and has safe tokens to break tracking, identification, etc, then this behaviour seems reasonable. It would require you to open zoom in a room with the requisite enterprise-y teleconference equipment.
But of course that is quite a load bearing "if", and it already appears that they're trying to maintain the channel when they aren't active.
> I had assumed Android and PC had adopted the randomized MACs apple uses to prevent such tracking?
True, and this is why I rarely switch it off, except in situations where I don't want to be visible to devices that I previously connected to. Same for wifi.
I just find it quite over the top to work around user-controlled communication channels like bluetooth that the user might have chosen to disable, by using a medium (sound) that the user cannot switch off and still use the app.
In this case it's a convenience feature, rather than a avoid user controlled channels thing.
As I noted earlier it works without bluetooth available, but more importantly I suspect, if it were bluetooth everyone would have to peer their devices with every conference room. If it were wifi you'd need to know the network name of the conference room's AV system.
While both options would work, having a single "switch to AV system" button is clearly the best user experience, so you try to make that possible. Given both the app and the AV system have the ability to create and record sound, that's the obvious choice.
But again, I'm not making any statement on the security of the actual implementation from Zoom :D
It's pretty cool in that commodity integrated hardware is capable of doing something practical at those frequencies. Not long ago it was a struggle to get the Pro Audio Spectrum ISA card working at all.
It's awful in that using the auditory domain is too much an intrusion into the human space. There is enough noise pollution. Interference patterns around the room may generate harmonics at audible frequencies. Young kids can hear high frequencies we forgot we ever could. I can still hear CRT flybacks. Sometimes I thought I heard something electronic in conference rooms but convinced myself it was nothing.
Someone else was complaining about it affecting their cochlear implant. That is horrifying.
It is not so farfetched that it has an adverse affect on health either. America is losing diplomats left and right to some mysterious ultrasonic weapon, or at least that is one of the leading theories.
It is awful that my CPU has to be constantly running a FFT to read this signal. I think Apple has an ASIC which does the Siri voice recognition.
It's awful that it triggers the orange light to be constantly on so you end up ignoring it. What if Zoom is simultaneously using the microphone stream for nefarious purposes.
This is what Bluetooth was made for. This is a worse idea than Wifi over lighting. Even the 9-digit Zoom dial codes are better.
>Someone else was complaining about it affecting their cochlear implant. That is horrifying.
Definitely.
>It is awful that my CPU has to be constantly running a FFT to read this signal. I think Apple has an ASIC which does the Siri voice recognition.
Isn't it the zoom box that has to be doing the detection? The pc is just sending the signal, which wouldn't take much processing.
>It's awful that it triggers the orange light to be constantly on so you end up ignoring it.
I think someone commented that's for the purpose of detecting if someone is muted and notifying them. Still, there should definitely be a choice to disable this behavior. I wouldn't be able to ignore it.
>What if Zoom is simultaneously using the microphone stream for nefarious purposes.
There's a lot of nefarious things they could potentially do even without using the mic, considering it's software already running on your pc that already has an encrypted connection to their servers.
> Isn't it the zoom box that has to be doing the detection? The pc is just sending the signal, which wouldn't take much processing.
If the PC were just sending the signal it wouldn't need the microphone to be on. And it would stop working when people turn off their speakers like a lot of people do in a busy meeting room.
By the way there seem to be other ways to do it too. Not sure if it's Bluetooth but MS Teams warned me in the past that I was in a room with a Surface display (the huge first generation one). It doesn't keep the microphone active though.. I never investigated how it figured that.
