Audio Vulnerability - Post DSP Delayed Loopback - Internal Speaker

Hi, I discovered an new Unknown Audio device when going to chrome://audio#devices. I've attached a screenshot. When testing the device, even though all audio and bluetooth are disabled, there is a repeating audio pattern showing and is causing an oscillation that is causing some headaches.  When I close the device and step away, it goes away. 

 

The problem is that I am unable to turn this device off or mute it, so I ran a test with an audio app to block or reroute this background audio, but something with the device keeps reseting itself and making itself active.  As you can see in the screen shot, the volume/gain is at 50% and unmuted.  When running a white noise filter from the internal speaker / microphone the oscillation reduces, so it's definitely Post DSP Delayed Loopback - Internal Speaker device.

 

I power washed the device several times, but I have logs showing bluetooth going active and trying to make connections to other devices in the office, although I've disabled all bluetooth, casting and audio.

 

What happens in the loopback audio, is it begins oscillating and becomes very annoying within a few minutes.  So, I did some research and found this https://wiki.archlinux.org/title/PulseAudio/Examples#Creating_user_configuration_files .  

 

Everything on my system is up to date and brand new.  I'm only using Google based tools like gmail and docs, so there's nothing extra.

 

1. Here's a Google Share with screenshots, videos, log files.

Edited by hamluis, 12 July 2022 - 01:40 PM.
Merged topics - Hamluis.

How to attach : https://www.bleepingcomputer.com/forums/t/698076/attaching-files-to-posts-on-bleepingcomputer/#entry4791802

I'm getting an Error This upload failed when attaching.  The device log is 76Kb.  I've pasted it below.

 

Bluetooth Event Bluetooth Event when Bluetooth is not enabled nor enabling, returning an empty list. [2022/07/12 10:56:56.770142] device_cache.cc:27 GetPairedDevices() called when Bluetooth is not enabled nor enabling, returning an empty list. [2022/07/12 10:56:56.770138] bluetooth_device_status_notifier_impl.cc:72 Checking for device state changes [2022/07/12 10:56:56.770133] device_cache.cc:27 GetPairedDevices() called when Bluetooth is not enabled nor enabling, returning an empty list. [2022/07/12 10:56:56.770125] adapter_state_controller_impl.cc:108 Already in state disabled, clearing queued state change [2022/07/12 10:56:56.770120] adapter_state_controller_impl.cc:42 Setting queued Bluetooth state change to [Disable] [2022/07/12 10:56:56.770117] bluetooth_power_controller_impl.cc:231 Setting adapter state to disabled [2022/07/12 10:56:56.770112] bluetooth_power_controller_impl.cc:117 Adapter is now available after being unavailable, setting adapter state to 0 [2022/07/12 10:56:56.770043] bluetooth_adapter_bluez.cc:1232 /org/bluez/hci0: using adapter. [2022/07/12 10:56:56.769954] bluetooth_adapter_bluez.cc:963 Registering pairing agent [2022/07/12 10:56:56.621557] in_process_instance.cc:96 Binding to CrosBluetoothConfig [2022/07/12 10:56:56.599990] bluetooth_power_controller_impl.cc:239 Adapter is currently unavailable, setting pending_adapter_enabled_state_ to 0 [2022/07/12 10:56:56.599987] bluetooth_power_controller_impl.cc:231 Setting adapter state to disabled [2022/07/12 10:56:56.599984] bluetooth_power_controller_impl.cc:208 Applying primary user pref Bluetooth power: 0 [2022/07/12 10:56:56.599960] bluetooth_power_controller_impl.cc:182 Primary user pref has not been attempted to be applied, applying [2022/07/12 10:56:56.599957] bluetooth_power_controller_impl.cc:170 Initializing service [2022/07/12 10:56:56.599954] bluetooth_power_controller_impl.cc:127 Initializing local state pref service [2022/07/12 10:56:56.599951] cros_bluetooth_config.cc:73 Setting CrosBluetoothConfig services' pref services [2022/07/12 10:56:56.599945] device_cache.cc:27 GetPairedDevices() called when Bluetooth is not enabled nor enabling, returning an empty list. [2022/07/12 10:56:56.599930] in_process_instance.cc:42 Initializing CrosBluetoothConfig [2022/07/12 10:56:56.599918] bluetooth_adapter_bluez.cc:369 BlueZ Adapter

Ok so I'm no professional let me just put that out there.

What i observe in ChromeOS historically has been the Bluetooth is enabled by default at any first start , even prior to ever logging in. It runs at the hardware level so obviously controls for it are lacking, like most user space tools

Anyway . Chrome may use the list of available devices in your personal area and identify them (Bluetooth speakers, smart homestuff, anything broadcasting, especially tvs with Android) by Mac address at least.
That gets compiled iirc and stored in a cookie which constitutes as an unofficial (perhaps legacy ) method of additional authentication method without users knowing.

What device did u say u had? Bluetooth works like a beacon on a timer. As long as it's plugged into the computer (along with the network chip), and has at least 3v, there's really no easy way to turn it off...

What chrome://about urls do you have?

Hey are you logged in to another computer nearby (or any device) with a chrome browser and /or your Gmail account? I've seen devices try to communicate that way , even if you're using seemingly unrelated accounts, but share other Commonalities like network, phone number, usb debugging or file transfer...

Make sure Bluetooth is disabled in your Android container too. Assuming you use Android apps right? Also, what version are you using for that?

Your answer to those questions is important for hopefully resolving any issues because obviously things change how do get to/view certain things

Topic closed for lack of response by OP.

 

Louis

Hi, thanks everyone for helping on this.  It turns out that my devices and coworkers had a remote activated malware on our devices hit Windows 10, Android, Chromebook, iPhone, xBox and media devices like bluetooth.  Nightmare.

 

I did notify the manufacturers of the issues throughout the mitigation process.   If you're interested, I was able to pull off all of the files from several devices including my phone.  I had to develop a specific process to do so because it has a self removing feature.   The tools identified were extensive and I was able to proof out everything and replicate results which is huge. 

 

I posted a method to make a copy of the OS and files from an infected phone that has been successful.  I posted it here https://www.bleepingcomputer.com/forums/t/789405/remote-activated-malware-information-about-new-apt-model-that-i-want-to-share/

 

I'm going to post more information on other discoveries, because it is amazing at what these bad actors were able to do with their model.