Careful Drilling Keeps Stadia From Listening In

Google’s fledgling Stadia service leverages the Chrome ecosystem to deliver streamed PC games on mobile devices, web browsers, and TVs. While not strictly required, the company even offers a dedicated Stadia controller that connects directly to the streaming servers over its own WiFi connection to reduce overall system latency. Of course, being a Google product, the controller has a tiny microphone that’s always listening in for interacting with the voice assistant.

[Heikki Juva] didn’t like the privacy implications of this, but unfortunately, there appears to be no way to turn off this “feature” in software. He decided the most expedient solution would be to simply remove the microphone from the controller, but it turns out there was a problem. By researching previous teardowns, he found out that it’s nearly impossible to take the controller apart without damaging it.

Getting close to the target.

So [Heikki] came up with a bold idea. Knowing roughly the position of the microphone, he would simply drill through the controller’s case to expose and ultimately remove the device. The operation was complicated by the fact that, from the teardown video he saw, he knew he’d also have to drill through the PCB to get to the microphone mounted to the opposite side. The only bright spot was that the microphone was on its own separate PCB, so physically destroying it probably wouldn’t take the whole controller out with it.

Now we don’t have to explain why drilling into a gadget powered by an internal lithium-ion battery is dangerous, and we’re not necessarily vouching for the technique [Heikki] used here. But when presented with a sealed unit like this, we admit there weren’t a lot of good options. The fact that the user should have to go to such ridiculous lengths to disable the microphone in a game controller is a perfect example of why we should try to avoid these adversarially designed devices, but that’s a discussion for another time.

In the end, with a steady and and increasingly larger bits, [Heikki] was able to put a 7 mm hole in the back of the Stadia controller that allowed him to extract the microphone in one piece. Removing the microphone seems to have had no adverse effect on the device as, surprisingly enough, it turns out that a game controller doesn’t actually need to listen to the player. Who knew?

As our devices get smarter, hidden microphones and cameras are unfortunately becoming more common. Thankfully a few manufacturers out there are taking the hint and including hardware kill switches for these intrusive features, but until that becomes the norm, hackers will have to come up with their own solutions.

Update 1/10/21: This article originally indicated that the microphone is always listening. While there is no hardware switch to disable the mic, there is a button which must be pressed to trigger the voice assistant functions. We have used strike through above to indicate the change to what was originally published.

86 thoughts on “Careful Drilling Keeps Stadia From Listening In

  1. > including hardware kill switches

    You mean the switch on the side of the case which is just a piece of plastic with no mechanical linkage to any electrical contacts?

    (Yes, I’m sure 99.99% of products, the piece of plastic will mate with a slider switch that at minimum, is connected to a GPIO pin so the user’s wishes can be sampled and respected… but it’s that 0.01% who decide they’ll just make it “appear” that they’re respecting the user’s request knowing the average user can’t easily prove it either way.)

      1. My work Dell has a plastic shutter that slides over the camera. That’s pretty definitive.

        Also allows a fun Webex (etc) trick.
        Screenshot the screen when your boss is talking, set that as your custom background, close the shutter so there is nothing of you to overlay.

  2. > “Sampling a GPIO” pin is not a *hardware* kill switch

    No, it isn’t… take ${RANDOM_CONSUMER} who typically cannot tell the difference between a 5G base station and a circuit board from an ancient analogue cable TV receiver… and ask if they can tell the difference between a real hardware kill switch that disconnects that microphone and one that merely tells the MCU not to listen.

    Not everybody can read traces on a PCB. A real hardware kill switch, and a software kludge will more or less look identical. Worse, a “kill switch” can be just a purely passive widget with no electrical function at all, and many users, who aren’t the sort to go rip apart a new gadget, won’t be any the wiser.

  3. Except that the Stadia controller’s mic isn’t always on and listening….
    It’s only used for Google Assistant, and you can only activate Google Assistant by holding down the Assistant button on the Controller. As well as this, you can completely turn off the mic from software by going into the Stadia app and turning off Google Assistant.

          1. Neither my PC nor my TV remote (nor the TV itself) contain microphones (yes, I’ve checked). I am aware my phone contains one. I take precautions if/when needed. My personal phone is not in the room during certain work related calls (Nothing too interesting but sensitive to industrial espionage by certain countries). My work phone is checked, approved and issued by my employer.

      1. A) You think Google would risk a billion Euro fine from EU regulators?

        B) If that were true, how do you know Google has not put in an additional hidden microphone into all devices?

          1. quick question can you identity the encrypted audio that a regular mic sends? after you sniff the traffic can you be sure its audio?

            on the other hand can you encrypt a hidden microfone so when some one opens the case, its cant be find?

    1. I think if the mike is controlled by software on the controller, it ca be turned on by software off the controller as well. Big Brother only needs to be suspicious to do that. After all, something like google assistant with software control must take data in to put data out.

    2. Unless you have access to the source code, you can’t know that. Unless the microphone is electrically disconnected, it is listening and just being ignored. If the button is only a trigger and not physically breaking the mic connection, then the process is under software control which means it could be remotely triggered. As you say “you can completely turn off the mic from software….” which is a way of saying you can completely turn the mic ON from software.

    3. If you can completely turn off the mic from software, you can completely turn the microphone ON from software. Since you don’t control the software, you don’t control the mic. Unless there is a physical disconnect switch (like the hook switch on old school phones), you don’t control the mic. It amazes me how trusting people are of these devices when companies like Google have repeatedly proved again and again how much data they are wanting to collect from you. Also, do we really believe that these “easy to use” consumer devices are truly designed with security as a priority and that all the nation state level actors cannot compromise them for use as wide scale surveillance devices.

      Back in the day countries used a lot of technical resources and took a lot of risk to get surveillance into various locations, now people voluntarily purchase and install surveillance devices into their own homes while trusting the manufacturers to keep them secure and only collect data when they say they are.

      Given the fact that major network infrastructure like SolarWinds and FireEye are being compromised, I doubt the home assistant devices are incredibly secure. Here is something to think about. Do you actually believe that domestic and foreign intelligence organizations have NO employees inside of Google? Do you believe that those devices are completely cryptographically secure given that anyone can purchase one and it would not be beyond belief that their source code is available to intelligence agencies?

      If I was a leader of this country and the boss of the NSA told me they had not looked at compromising these devices, I would fire him immediately. Either these devices are already compromised or someone is not doing their job.

      You may or may not care whether domestic and foreign intelligence services are listening in, however you cannot even begin to convince me that it is not possible or is being done already.

  4. > Of course, being a Google product, the controller has a tiny microphone that’s always listening in.

    Pretty sure the Stadia controller’s microphone isn’t always-on. That’s why there’s an Assistant button on the front, instead of responding to Google’s wake word.

      1. You can use any Bluetooth gamepad you want. Stadia works with Xbox, ps3/4/5 and switch pro controllers natively. Any knockoffs that respect one of these styles works fine as well.

        I’m fact, the one controller I have that DOESN’T work seamlessly is the Steam Controller. Even that I can kludge.

        Do a quick Google search before you put your fingers to your keyboard.

  5. This has been happening for at least 30+ years, long before “smart phones” (ref: https://www.cnet.com/news/fbi-taps-cell-phone-mic-as-eavesdropping-tool/ and https://en.wikipedia.org/wiki/Covert_listening_device#Remotely_activated_mobile_phone_microphones ). Anything that can be tuned into a remotely accessible bug has been.

    Whatever you may think, silently installing an update, pushed by your cell phone provider is a pretty neat hack. Especially with pre-smart phone handsets.

  6. When I build a device that has a microphone in it I install a hardware switch that shorts out the microphone contacts and/or disconnects them. Today most devices are using fully digital microphones that output an I2S or similar data connection directly from the element. Shorting out a digital mic informs the MCU that the mic is no longer active. With an analog mic the audio is just silent when shorted. So you run a fairly high risk of bricking the device if the manufacturer is truly malicious in their intent to spy on you.

    1. With an analog mic the audio is just silent when shorted.
      Not really true: it’s not really silent, just attenuated quite a bit.
      You might get away with it with an electret mic in a consumer application, but it’s definitely not true with a low-impedance dynamic mic. If it’s got an XLR connector, count on being able to still hear it, though it might be 60 dB down.

      Other than nuking it from orbit[ing drill bits], the only way to be sure is to open the connection to the mic AND short the input to the ADC/preamp.

      1. EU needs to come up with a law saying that anything network connected with a microphone in it must have a hardware kill switch. This is getting ridiculous. A mic in a game controller? Just why?

          1. You recall incorrectly. The Wii remote and PS4 controllers have speakers in them. The Wii had at least one microphone attachment for karaoke-type games. The Xbox 360 controller has a 2.5mm headset jack. Later revisions of the Xbox One controller have a 3.5mm jack. Most console camera accessories like the Kinect and the Playstation Eye have built-in microphones that could conceivably be always-on. But no first-party video game controllers have been known to include a microphone to my knowledge since the second player’s controller on the Famicom.

          2. Ah yes I did. I was thinking of the WiiU and mislead by an acquaintance who raised his controller when he shouted at team mates, but actually had a Kinect.

      2. I’m strictly talking about an electret in a homebrew device. There’s exactly no chance I am going to attach a $40-$500 dynamic mic via XLR cable to my IoT device. The electret requires parasitic power. If you remove the power, short the mic input at the PCB, etc it’s going to be below the noise floor of the garbage preamp I used because this is a homebrew IoT device. If you are fully paranoid then a noise generator is simple to build and screws up the rest of the circuit even if you have crappy capacitors or other components generating audio.

        Commercial devices: Disconnecting the microphone isn’t good enough. The ceramic capacitors on the PCB will output nearly as much audio as an electret mic if they are carefully place.

    2. “So you run a fairly high risk of bricking the device if the manufacturer is truly malicious in their intent to spy on you.”

      Sounds like a good way to draw attention to the fact one’s spying. Something most spy’s try to avoid.

  7. Stadia comes with a built in Google Assistant which can be used to help you figure out what to do next in a game. That’s why the microphone is there. If this makes you so paranoid, you may want to stop using modern day electronics altogether, including mobile phones and laptops.

    1. I thought about that too ! People said I looked like a cave man so it only makes sense I should live in one too, but my wife doesn’t like the idea. I suppose I could leave her and that would solve a lot of other issues as well.

    2. Honestly, I wish I could live without modern day electronics. But living without a cell phone or internet access is a privilege few people can afford in modern society. It used to be a privilege to have them, now few can afford not to. You’d have to have enough time to deal with the inconvenience or enough money to pay others to deal with it for you.

  8. Why y’all PC Master Race folks have to shit on Stadia so much. Us poor people who can’t afford a nice rig like PC Games to you know. Constantly shitting on a service that has very few issues (if you have decent internet) is some serious gatekeeping that stops services like this from flourishing.

    Sorry I’m not rich I guess.

    1. I don’t see any shitting on Stadia, just on the choice of putting a microphone in the controller that cannot be turned off in a way that can be definitely trusted (even if there is no malicious intent, bugs, mistakes and errors happen).

    2. First of all, just buy an Xbox if you want to play games and can’t afford a new computer.

      Second, literally nobody here has said anything negative about the service so what the hell are you even talking about?

    3. I have a decent gaming rig that can run most games on ultra settings at~60fps, along with an Xbox One S (wife doesn’t understand why I need a Series One or at least One X!?!) an Asus laptop that actually can run about anything w/120hz and is definitely workable, plus some odds and ends, oh and Stadia. I don’t speak for the 10’s of us who pay for Stadia Pro but I think it’s pretty decent. I got the kit for free for having YT premium and said why not? I wanted to play Assassins Creed Valhalla but didn’t want to drop another 100 on something that very well could sit in cellophane for 12 mos (like RDR2) so when Ubi+/Stadia integration happened I bit. I like it and have spent a good 20 hrs on it. It is responsive, cheap, looks (Sorry y’all but it’s true) unbelievable and is almost as fast as my I7-9700K in my desktop. So yeah screw them you can have a AAA experience on an Atari budget so let the snobs blow their $ on screaming rigs that’ll be obsolete in 2 yrs while you invest in Stellar and when they ask you for a loan you can be the snob.

  9. Things not to do to MEMS microphones..
    Never get dust in them.
    Never get moisture, particularly soapy, low surface tension moisture.
    Never expose them to excessively loud noises.
    Never expose them to mechanical shocks.

    So for instance, you shouldn’t hold a device you suspect of having a MEMS microphone next to the smoke alarm when you press the test button. Nor bang it on the desk a few times. Nor should you dust it with talcum powder. Nor should you remove the battery and dunk it in the dish water, expecting it to dry out and be fine in a couple of days. And you should probably never expose one to superglue/crazyglue/cyanoacrylate fumes, that could be pretty bad also.

  10. Eh, that just makes you seem paranoid to them. I’d much rather have them see me as irritatingly mischievous. Just wire in one of those novelty greeting card chips in place of the mic. Extra points if you manage to flash it with Rick Astley, or Baby Shark, on continuous repeat.

      1. This site needs a like/unlike button in here. I had no idea who Ricky Astley was or what Bady Shark was until just now. I still haven’t listened to Baby Shark yet. Not sure I want too either.

  11. This is the second reason why I never took my Stadia controller out of the box. The first reason is due to the issue with too much latency to really enjoy a game. The whole kit was free, but I almost feel like I was ripped off.
    I use the Chromecast occasionally, though.

  12. I got my last laptop, an HP Spectre X360, in 2019 specifically because it had a webcam kill switch, supposedly for both mic and video. That was a major reason for me, among others.

    I would be extremely pissed off if I found that this was a digital switch rather than physical, but I’m not going to tear it open to find out.

    I’m sick of webcams and mics being added to everything so I feel like I’m living constantly being taped, is there a way to verify the realness of the physical switch?

    In Win 10, toggling it adds or removes a webcam device from the device manager, but that might not be able to be trusted.

  13. All of this reminds me of a story I heard about a guy that ordered a brand new Eddie Bower Bronco and waited months for it to arrive, when he got it, he didn’t like the seat belt dinger so he started looking for a wire to kill it. By the time he got done, it needed to go back to the dealership because it wouldn’t start or run. He was informed there was no warranty coverage on the vehicle anymore and it would be 6 more months before the factory would be able to send a new wiring harness and cost a several thousand $’s to fix it.

    1. Heh. Though I know from experience that Ford factory service manuals of that era are particularly useless for tracing harness faults. I wasted 3 days following “procedure” on mine, then got it figured out in 2 hours by working nose to tail with a bleeper.

      1. I just remembered a job my Grandpa did way back in the mid 70’s, mid 60’s cars were still everywhere. He had mustang come in the shop that would drag the battery down and after a few days he found a resistance wire in the harness under the hood that went to the Vreg, it was fried all the way along its path and shorted to something else. He finally managed to get resistance back in the circuit to closely match original and went a bunch of black tape trying to reinsulate other wires. By the time he had it all out of the harness, what a mess I thought, but now after being in the repair business for over 40 years myself I think, wow how simple those cars were. I have been into computer controlled harnesses that are five times or as thick or more looking for problems. Living out in the country is a interesting experience dealing with squirrels, chipmunks, rabbits, mice, rats and goats and even birds sometimes.

    1. It’s damaged, but in a way that lets him still use it. If he had cut the thing open and then tried to glue it shut, there was no guarantee it would still be functional. Or at least, comfortable to hold.

  14. My 5 cents…?

    Why so complex solution if you want keep your game controller on “not listening” mode?
    1) Disable internet access from your WiFi base-station settings when not gaming?
    2) Or plug a headset (with mic) into headset connector and disable microphone in there! Or is it also software controlled which microphone to use?

    Br, Hneri

  15. lmao so many fails with this one. Just plug a slug into that handy jack just above the microphone to kill it. Why would you use Stadia and still worry about privacy? Just pick a poison and take the lumps from one of the big three. That is life now.

    1. The odds are fairly good that you don’t need a “slug” which I presume is what’s also called a tape blanking plug. Most 3.5mm jacks have a switch in them that disconnects the other audio source or sink. Therefore just jamming a matchstick, stir stick, or even toothpick if you aim it right in there will disable other speakers and mics.

      However, this is presuming it’s purely mechanical source selection. Most computer audio for instance since the 90s, you can plug in a mic and speakers, but still (on a laptop) you can use the mixer controls to select internal mic and speakers electronically. In which case, neither jamming the switch with a matchstick or putting a shorted plug in is going to do much, because the fault might be detected, fully open or closed circuit and the smarts might default back to the internal.

      If one was to be rigorous about it, one could wire a jack plug with resistors and capacitors to emulate the characteristics of a real headset, and thus hope that it really thought it had one. Though if it’s doing “sanity checks” like sampling the internal one to see what’s going on, it still might think yours is faulty for getting no signal and switch back. So yah, smallest MP3 player you can find taped to the bottom and Baby Shark on loop LOL

      1. LOL yep gotta have Baby Shark. In my experience with what you mentioned above in newer circuit design with multiple possible inputs, the circuits usually just eats the hottest signal (again defaulting to “closest” listener iot). I would guess as long as whatever you are pumping in is slightly louder than what it is picking up with the internal mic, it should default to the louder signal. That is a lot of supposition on my end though lol. I have little clue as to what chips are used in each specific instance. That requires some comparative magic and such that I would be too lazy to do unless someone was paying me haha. I do wish I had a Stadia controller now to try the slug trick out though just to see if it worked. You could be quite right about having to have the proper load for phones etc for it to respond and nix knock offs etc.

  16. Google has been known to use ultrasonic sensing using mics on their devices…probably so only the closest device activates on “hey google”. Possible that something similar is planned for controller to link to closest chromecast tv rather than having to manually select each time

    1. Data collection happens, you just don’t know when. Then through various conspiracies of corporate or even government incompetence it will be parked on a server somewhere, regarded as low value, and as such given about 25 cents worth of protection. Because 25 cents is about the average legal profit to be gained by snarfing your data. However, somewhere else in the world, cybercriminals, adept at ID theft, extortion and blackmail, may think that every sample of real personal data is worth on average $3 for all the non-legal things you can do with it. Therefore may expend a buck worth of effort to get it. i.e. thousands of bucks raiding databases of thousands of records. However, should you have “won” this lottery, it’s not only $3 that’s going to be at risk, it’s a mortgage worth, 50,000 people didn’t get selected, but you’re the lucky winner, they had just enough info on you to be able to get stuff in your name, because you weren’t careful what you let get on the internet.

  17. Is the mic through hole?

    If so then maybe instead of drilling through the PCB to get rid of it one could short the pins.

    For bonus points short them with a switch so that one can still open the switch and use the voice assistant when desired.

Leave a Reply

Please be kind and respectful to help make the comments section excellent. (Comment Policy)

This site uses Akismet to reduce spam. Learn how your comment data is processed.