Even Your Headphones Can Spy on You
November 22, 2016
Wired — Researchers at Ben-Gurion University have created a proof-of-concept code called “Speake(a)r” designed to demonstrate how a determined hacker could find a way to surreptitiously hijack a computer to record audio.
“People don’t think about this privacy vulnerability,” says Mordechai Guri, head of research and development at BGU’s Cyber Security Research Center. “Even if you remove your computer’s microphone, if you use headphones you can be recorded.”
The science behind this feat is fairly simple. Just as the speakers in headphones turn electromagnetic signals into sound waves through a membrane’s vibrations, those membranes can also work in reverse, picking up sound vibrations and converting them back to electromagnetic signals.
But the BGU researchers took that hack a step further. Their malware uses a little-known feature of RealTek audio chips to silently “retask” the computer’s output channel as an input channel, allowing the malware to record audio even when the headphones remain connected into an output-only jack.
These particular chips are so common that the attack works on practically any desktop computer — whether it runs Windows or MacOS — and most laptops.
In their tests, the researchers found they could record intelligible audio from as far as 20 feet away using the hack.
“It’s very effective,” says Guri. “Your headphones do make a good, quality microphone.”
Unfortunately, there is not currently a simple software patch to prevent this kind of eavesdropping attack. Until there is, it may be beneficial to unplug those headphones.