Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Generic User Avatar

Audio Vulnerability - Post DSP Delayed Loopback - Internal Speaker


  • Please log in to reply
6 replies to this topic

#1 ilkforum

ilkforum

  •  Avatar image
  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:10:04 PM

Posted 12 July 2022 - 01:32 PM

Hi, I discovered an new Unknown Audio device when going to chrome://audio#devices. I've attached a screenshot. When testing the device, even though all audio and bluetooth are disabled, there is a repeating audio pattern showing and is causing an oscillation that is causing some headaches.  When I close the device and step away, it goes away. 

 

The problem is that I am unable to turn this device off or mute it, so I ran a test with an audio app to block or reroute this background audio, but something with the device keeps reseting itself and making itself active.  As you can see in the screen shot, the volume/gain is at 50% and unmuted.  When running a white noise filter from the internal speaker / microphone the oscillation reduces, so it's definitely Post DSP Delayed Loopback - Internal Speaker device.

 

I power washed the device several times, but I have logs showing bluetooth going active and trying to make connections to other devices in the office, although I've disabled all bluetooth, casting and audio.

 

What happens in the loopback audio, is it begins oscillating and becomes very annoying within a few minutes.  So, I did some research and found this https://wiki.archlinux.org/title/PulseAudio/Examples#Creating_user_configuration_files .  

 

Everything on my system is up to date and brand new.  I'm only using Google based tools like gmail and docs, so there's nothing extra.

 

  1. Here's a Google Share with screenshots, videos, log files.

Edited by hamluis, 12 July 2022 - 01:40 PM.
Merged topics - Hamluis.


BC AdBot (Login to Remove)

 


#2 Pkshadow

Pkshadow

  •  Avatar image
  • BC Advisor
  • 12,306 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:On the Brow of the Hill, West Coast, Canada
  • Local time:09:04 PM

Posted 12 July 2022 - 07:03 PM

How to attach : https://www.bleepingcomputer.com/forums/t/698076/attaching-files-to-posts-on-bleepingcomputer/#entry4791802


" mosquitoes really wake up everyday and choose violence "   — dalia (@_dalia7)
www.cnn.com/2020/07/23/health/mosquitoes-attraction-humans-future-wellness-scn/index.html
 

I-7 ASUS ROG Rampage II Extreme  / ASUS TUF Gaming F17 / I-7 4770K ASUS ROG Maximus VI Extreme


#3 ilkforum

ilkforum
  • Topic Starter

  •  Avatar image
  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:10:04 PM

Posted 13 July 2022 - 10:17 PM

I'm getting an Error This upload failed when attaching.  The device log is 76Kb.  I've pasted it below.

 

Bluetooth Event Bluetooth Event when Bluetooth is not enabled nor enabling, returning an empty list. [2022/07/12 10:56:56.770142] device_cache.cc:27 GetPairedDevices() called when Bluetooth is not enabled nor enabling, returning an empty list. [2022/07/12 10:56:56.770138] bluetooth_device_status_notifier_impl.cc:72 Checking for device state changes [2022/07/12 10:56:56.770133] device_cache.cc:27 GetPairedDevices() called when Bluetooth is not enabled nor enabling, returning an empty list. [2022/07/12 10:56:56.770125] adapter_state_controller_impl.cc:108 Already in state disabled, clearing queued state change [2022/07/12 10:56:56.770120] adapter_state_controller_impl.cc:42 Setting queued Bluetooth state change to [Disable] [2022/07/12 10:56:56.770117] bluetooth_power_controller_impl.cc:231 Setting adapter state to disabled [2022/07/12 10:56:56.770112] bluetooth_power_controller_impl.cc:117 Adapter is now available after being unavailable, setting adapter state to 0 [2022/07/12 10:56:56.770043] bluetooth_adapter_bluez.cc:1232 /org/bluez/hci0: using adapter. [2022/07/12 10:56:56.769954] bluetooth_adapter_bluez.cc:963 Registering pairing agent [2022/07/12 10:56:56.621557] in_process_instance.cc:96 Binding to CrosBluetoothConfig [2022/07/12 10:56:56.599990] bluetooth_power_controller_impl.cc:239 Adapter is currently unavailable, setting pending_adapter_enabled_state_ to 0 [2022/07/12 10:56:56.599987] bluetooth_power_controller_impl.cc:231 Setting adapter state to disabled [2022/07/12 10:56:56.599984] bluetooth_power_controller_impl.cc:208 Applying primary user pref Bluetooth power: 0 [2022/07/12 10:56:56.599960] bluetooth_power_controller_impl.cc:182 Primary user pref has not been attempted to be applied, applying [2022/07/12 10:56:56.599957] bluetooth_power_controller_impl.cc:170 Initializing service [2022/07/12 10:56:56.599954] bluetooth_power_controller_impl.cc:127 Initializing local state pref service [2022/07/12 10:56:56.599951] cros_bluetooth_config.cc:73 Setting CrosBluetoothConfig services' pref services [2022/07/12 10:56:56.599945] device_cache.cc:27 GetPairedDevices() called when Bluetooth is not enabled nor enabling, returning an empty list. [2022/07/12 10:56:56.599930] in_process_instance.cc:42 Initializing CrosBluetoothConfig [2022/07/12 10:56:56.599918] bluetooth_adapter_bluez.cc:369 BlueZ Adapter



#4 U_Swimf

U_Swimf

  •  Avatar image
  • Members
  • 226 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:04 PM

Posted 14 July 2022 - 04:16 AM

Ok so I'm no professional let me just put that out there.

What i observe in ChromeOS historically has been the Bluetooth is enabled by default at any first start , even prior to ever logging in. It runs at the hardware level so obviously controls for it are lacking, like most user space tools

Anyway . Chrome may use the list of available devices in your personal area and identify them (Bluetooth speakers, smart homestuff, anything broadcasting, especially tvs with Android) by Mac address at least.
That gets compiled iirc and stored in a cookie which constitutes as an unofficial (perhaps legacy ) method of additional authentication method without users knowing.

What device did u say u had? Bluetooth works like a beacon on a timer. As long as it's plugged into the computer (along with the network chip), and has at least 3v, there's really no easy way to turn it off...

What chrome://about urls do you have?

#5 U_Swimf

U_Swimf

  •  Avatar image
  • Members
  • 226 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:04 PM

Posted 14 July 2022 - 04:23 AM

Hey are you logged in to another computer nearby (or any device) with a chrome browser and /or your Gmail account? I've seen devices try to communicate that way , even if you're using seemingly unrelated accounts, but share other Commonalities like network, phone number, usb debugging or file transfer...

Make sure Bluetooth is disabled in your Android container too. Assuming you use Android apps right? Also, what version are you using for that?

Your answer to those questions is important for hopefully resolving any issues because obviously things change how do get to/view certain things

#6 hamluis

hamluis

    Moderator


  •  Avatar image
  • Moderator
  • 63,699 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:11:04 PM

Posted 05 September 2023 - 07:20 PM

Topic closed for lack of response by OP.

 

Louis



#7 ilkforum

ilkforum
  • Topic Starter

  •  Avatar image
  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:10:04 PM

Posted 08 September 2023 - 11:43 AM

Hi, thanks everyone for helping on this.  It turns out that my devices and coworkers had a remote activated malware on our devices hit Windows 10, Android, Chromebook, iPhone, xBox and media devices like bluetooth.  Nightmare.

 

I did notify the manufacturers of the issues throughout the mitigation process.   If you're interested, I was able to pull off all of the files from several devices including my phone.  I had to develop a specific process to do so because it has a self removing feature.   The tools identified were extensive and I was able to proof out everything and replicate results which is huge. 

 

I posted a method to make a copy of the OS and files from an infected phone that has been successful.  I posted it here https://www.bleepingcomputer.com/forums/t/789405/remote-activated-malware-information-about-new-apt-model-that-i-want-to-share/

 

I'm going to post more information on other discoveries, because it is amazing at what these bad actors were able to do with their model.






1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users