Security Researchers Can Turn Headphones Into Microphones (techcrunch.com)

← Back to Stories (view on slashdot.org)

Security Researchers Can Turn Headphones Into Microphones (techcrunch.com)

Posted by BeauHD on Thursday November 24, 2016 @01:00AM from the proof-of-concept dept.

As if we don't already have enough devices that can listen in on our conversations, security researchers at Israel's Ben Gurion University have created malware that will turn your headphones into microphones that can slyly record your conversations. TechCrunch reports: The proof-of-concept, called "Speake(a)r," first turned headphones connected to a PC into microphones and then tested the quality of sound recorded by a microphone vs. headphones on a target PC. In short, the headphones were nearly as good as an unpowered microphone at picking up audio in a room. It essentially "retasks" the RealTek audio codec chip output found in many desktop computers into an input channel. This means you can plug your headphones into a seemingly output-only jack and hackers can still listen in. This isn't a driver fix, either. The embedded chip does not allow users to properly prevent this hack which means your earbuds or nice cans could start picking up conversations instantly. In fact, even if you disable your microphone, a computer with a RealTek chip could still be hacked and exploited without your knowledge. The sound quality, as shown by this chart, is pretty much the same for a dedicated microphone and headphones. The researchers have published a video on YouTube demonstrating how this malware works.

122 comments

Min score:

Reason:

Sort:

Small tidbit by campuscodi · 2016-11-24 01:05 · Score: 2

You don't have to be a security researcher to do that. Electrical engineers can do it as well. The point of the article is the privacy and security implications that come from malware that can switch I/O audio jacks using software toggles found in audio drivers and secretly record you while you have your headphones or simple speakers plugged in.
1. Re:Small tidbit by Big+Hairy+Ian · 2016-11-24 01:31 · Score: 1
  
  Like most transducers speakers and microphones can convert audio signals to electrical signals and vice-verse. This is nothing new I was using speakers as microphones when I was a teenager back in the 80's (God I feel old)
  
  --
  Build a Man a Fire, and He'll Be Warm for a Day. Set a Man on Fire, and He'll Be Warm for the Rest of His Life.
2. Re:Small tidbit by xtsigs · 2016-11-24 01:46 · Score: 2
  
  The authors make a point of the fact that they are presenting nothing new with the idea of using speakers as microphones. It also appears that the switches to reverse any input/output are easily manipulated. It doesn't appear there is anything especially new about the article except to point out how easy it is to snoop and how clear the victim's voice is when recorded through speakers.
  The paper also quotes from a declassified 2000 NSA document:
  
  In addition to being a possible fortuitous conductor of TEMPEST emanations, the speakers in paging, intercom and public address systems can act as microphones and retransmit classified audio discussions out of the controlled area via the signal line distribution. This microphonic problem could also allow audio from higher classified areas to be heard from speakers in lesser classified areas. Ideally. Such systems should not be used. Where deemed vital, the following precautions should be taken in full or in part to lessen the risk of the system becoming an escape medium for NSA.
  If the NSA's concerned about people being able to listen to them through paging, intercom, and public address systems (like those in grocery stores and office buildings) then it seems unlikely that they would fail to use these systems to listen in to our conversations. Having PC speakers sitting a few feet away from your voices as you have confidential conversations, or, ahem, "conversations," with coworkers just makes it that much easier for NSA or someone else to listen in with clarity.
3. Re:Small tidbit by Big+Hairy+Ian · 2016-11-24 02:20 · Score: 4, Interesting
  
  What would be more interesting is if they'd managed to do this with a PC's built in speaker
  
  --
  Build a Man a Fire, and He'll Be Warm for a Day. Set a Man on Fire, and He'll Be Warm for the Rest of His Life.
4. Re:Small tidbit by guruevi · 2016-11-24 03:12 · Score: 2
  
  It's even a "feature" not a security bug on some computers (especially tiny laptops) to have the same jacks available as both inputs and outputs. I'm fairly the MacBook Pro's with 1 jack can do it and I've seen it done on a custom computer as well.
  I want to be a 'security researcher' and state the obvious.
  
  --
  Custom electronics and digital signage for your business: www.evcircuits.com
5. Re:Small tidbit by Anonymous Coward · 2016-11-24 03:40 · Score: 0
  
  I want to be a 'security researcher' and state the obvious.
  For most people, it probably was not obvious that a speaker even had the correct hardware to function as a microphone. I for one had no idea.
6. Re: Small tidbit by Anonymous Coward · 2016-11-24 03:46 · Score: 0
  
  I used a speaker as a second mic to capture the bottom end of kick drums and bass cabs back then. Was trying to make things sound big, but it sounded like shit, and there were no internet smartasses to teach me the art of audio recording.
7. Re:Small tidbit by meerling · 2016-11-24 03:53 · Score: 1
  
  Definitely, as teenagers back in the 80s we pulled that off too. Of course, we just did it for the irony, it's not like it was news worthy or anything, just weird.
8. Re: Small tidbit by Anonymous Coward · 2016-11-24 03:58 · Score: 0
  
  This was already accomplish 10-15 years ago.
9. Re: Small tidbit by Anonymous Coward · 2016-11-24 04:00 · Score: 0
  
  Seconded. A friend of mine works for a defense contractor (top secret clearance), and he mentioned to me that they're not allowed to bring in speakers or headphones for this exact reason.
10. Re:Small tidbit by Anonymous Coward · 2016-11-24 04:28 · Score: 0
  
  It seems like any plugin speaker with its own amplifier would mitigate this problem. Am I correct in making this assumption?
11. Re:Small tidbit by JustAnotherOldGuy · 2016-11-24 04:41 · Score: 2
  
  his is nothing new I was using speakers as microphones when I was a teenager back in the 80's (God I feel old)
  The first time I did this and heard it work, I was so surprised I fell off my dinosaur.
  
  --
  Just cruising through this digital world at 33 1/3 rpm...
12. Re:Small tidbit by JustAnotherOldGuy · 2016-11-24 04:52 · Score: 2
  
  For most people, it probably was not obvious that a speaker even had the correct hardware to function as a microphone. I for one had no idea.
  It should be apparent if you think about it for a moment. A speaker is a transducer, and almost all transducers work both ways (albeit one mode is usually more efficient than the other). A speaker and a microphone are basically the same thing, just optimized for sound in or sound out.
  Stress a piezoelectric chip slightly and you get voltage, apply voltage and it bends slightly.
  Apply heat to a thermocouple and you get voltage, apply voltage and it heats up.
  Expose a photosensitive chip to light and you get voltage*, apply voltage and it will emit a small amount of light.
  Shake a mechanical motion sensor and you get voltage, apply voltage and it will move or expand/contract.
  It should really be no surprise to anyone familiar with basic physics that this is the rule, but then they stopped teaching this stuff in public schools back in the 1980s.
  
  --
  Just cruising through this digital world at 33 1/3 rpm...
13. Re:Small tidbit by JustAnotherOldGuy · 2016-11-24 04:52 · Score: 1
  
  It seems like any plugin speaker with its own amplifier would mitigate this problem. Am I correct in making this assumption?
  Generally speaking, yes.
  
  --
  Just cruising through this digital world at 33 1/3 rpm...
14. Re:Small tidbit by Anonymous Coward · 2016-11-24 05:06 · Score: 0
  
  If you remember that picture of Mark Zuckerberg sitting at his laptop, not only was the camera taped over but also the headphone jack. He knew that there was a security problem with the headphone jack that also functioned as an audio input.
  These security researchers are pretty much only telling us that the vector is no longer useful, since targets like Zuckerberg are careful not to allow headphones in input jacks.
15. Re:Small tidbit by Vegan+Cyclist · 2016-11-24 05:12 · Score: 1
  
  Very true, or any external speakers...should be possible in theory. Pretty much every laptop has speakers, and same with PC's - my box has a little speaker for the motherboard..kind of spooky when you think about it. (Note that the record quality worsens with the sound quality of the speaker, so one designed to beep and that's all is going to be able to pick up very little.)
16. Re: Small tidbit by Anonymous Coward · 2016-11-24 05:38 · Score: 0
  
  What's a transducer? Not kidding. Taking a moment to think about it assumes you've taken a lot more than a moment to study hardware. I do math.
17. Re:Small tidbit by Antique+Geekmeister · 2016-11-24 05:38 · Score: 3, Informative
  
  > It should be apparent if you think about it for a moment. A speaker is a transducer
  Electromechanically, it's apparent. In terms of feedback that can be read by any sensory circuitry on the PC itself, it is not. A headphone or speaker circuit need have no _sensors_ that can be read or recorded by the signal generator. I'm afraid it's the introduction of simple chip solutions, designed to connect different electrical jacks to different programmable signals, and the introduction of A/D circuitry for noise cancellation and microphones that allows the cross connection of what is normally an output circuit to an input circuit.
  Such features help reduce costs of circuitry for computer motherboards by providing single well designed, well understood chips for both functions. But it's not a design requirement.
18. Re:Small tidbit by jenningsthecat · 2016-11-24 05:38 · Score: 2
  
  ... or any external speakers...should be possible in theory ...
  Not "any" external speakers. Powered speakers, (with their own amplifiers between the transducers and the input), won't send any usable signal back to the jack on the computer.
  
  --
  'The Economy' is a giant Ponzi scheme whose most pitiable suckers are the youngest among us and the yet-unborn.
19. Re: Small tidbit by Aristos+Mazer · 2016-11-24 05:40 · Score: 1
  
  Is this a good reason for Apple to remove the analog jack?
20. Re:Small tidbit by Anonymous Coward · 2016-11-24 05:49 · Score: 0
  
  You don't have to be a security researcher to do that. Electrical engineers can do it as well. The point of the article is the privacy and security implications that come from malware that can switch I/O audio jacks using software toggles found in audio drivers and secretly record you while you have your headphones or simple speakers plugged in.
  Thank you for pointing this out. The fucking scientists and engineers here trying to teach was getting pointless and way off track.
21. Re:Small tidbit by Anonymous Coward · 2016-11-24 07:48 · Score: 0
  
  +1. When I was a kid I used the stereo's "music speakers" in my family's house as a microphone array. I built a multi-stage amplifier with a Radio Shack "150-in-1" electronics kit and viola! I could hear the noises the cat made when it ate from the other end of the house. It was epic for an 11 year old. hehe
22. Re:Small tidbit by antdude · 2016-11-24 07:49 · Score: 1
  
  Which dino(saur)? T-Rex?
  
  --
  Ant(Dude) @ Quality Foraged Links (AQFL.net) & The Ant Farm (antfarm.ma.cx / antfarm.home.dhs.org).
23. Re: Small tidbit by Miamicanes · 2016-11-24 08:36 · Score: 1
  
  The internal PC speaker is a single-bit i/o line without a DAC (digital audio from it is bitbanged 1-bit pwm. Google: RealSound ). Assuming you could read the port all, the audio quality would be really bad since there's no way to quantize sampled pwm. And having at work at all assumes the i/o's data direction register can be changed.
  Basically, this exploit takes advantage of the audio chip's ability to use any line as an input or output, so you can sample stereo and output mono, or output stereo and sample mono.
24. Re:Small tidbit by Anonymous Coward · 2016-11-24 08:49 · Score: 0
  
  Yep, in the 80s I was a nerdy kid building electronics kits. Standard procedure for a cheap mic was a cheap 8 ohm speaker hooked to a cheap little audio transformer. Of course the transformer was just a nicety to get better levels, so yeah, not new.
25. Re: Small tidbit by Anonymous Coward · 2016-11-24 08:54 · Score: 0
  
  What about laptops though? "Internal audio" on those is sound-card plus speakers. In theory if they have the bug mentioned then even if you physically disable the internal mic you could just repurpose the internal speakers for the job.
26. Re: Small tidbit by Anonymous Coward · 2016-11-24 09:15 · Score: 1
  
  Most laptops already have a microphone with no hardware on/off switch.
  Laptop speakers (just like computer speakers) are powered = amplified. You might reset the speaker line into an input but the amp chip between said audio i/o and speakers will function as one way filter.
27. Re:Small tidbit by Anonymous Coward · 2016-11-24 10:02 · Score: 1
  
  The news is that this was done with the headphones plugged into the headphone jack, not the microphone jack.
28. Re:Small tidbit by JustAnotherOldGuy · 2016-11-24 10:05 · Score: 1
  
  Which dino(saur)? T-Rex?
  I think it may have been a Speakersaurus.
  
  --
  Just cruising through this digital world at 33 1/3 rpm...
29. Re:Small tidbit by Anonymous Coward · 2016-11-24 13:10 · Score: 0
  
  Like most transducers speakers and microphones can convert audio signals to electrical signals and vice-verse. This is nothing new I was using speakers as microphones when I was a teenager back in the 80's (God I feel old)
  Hell I was doing it in the 50s. GTF off my lawn.
30. Re:Small tidbit by Anonymous Coward · 2016-11-24 15:07 · Score: 0
  
  I assume, and I may be being presumptuous, that you are American. Turning speakers into microphones is not ironic. The concept of irony is difficult to explain to someone who doesn't get it without having it explained to them, but I know it when I hear it, and I'm not hearing it.
31. Re:Small tidbit by dbIII · 2016-11-24 16:13 · Score: 1
  
  Here is one example of how to do it:
  http://www.omgubuntu.co.uk/201...
  I think the news here is potential malware doing it instead of it being a deliberate choice by the user.
32. Re:Small tidbit by aaronb1138 · 2016-11-24 18:36 · Score: 1
  
  Still the article and security implications are bullshit. If you can get access to installing your malware on the machine, than the physical domain of eavesdropping is irrelevant. It's not like there is a vendor selling TEMPEST secured equipment with headphone jacks but no mics (and that messing with audio drivers would pass). Switching signal direction on jacks has been a standard feature of audio chipsets since the AC'97 standard, it's just that the auto-detection routines in most CODECs would correctly direction the jack for what you plugged in.
  
  What is interesting is that this "hack" is in the same realm of overblown and needing excessive access as the Cisco VoIP phone hack that everyone was fellating Ang Cui for a few years back. Yeah, if I can hang out physically connected to a diagnostic port on someone's phone for several minutes to flash the firmware, I can do much better as far as surveillance. Not to mention the frequency that VoIP VLANs can't reach the Internet to egress their eavesdropping.
33. Re:Small tidbit by goose-incarnated · 2016-11-25 01:27 · Score: 1
  
  If you remember that picture of Mark Zuckerberg sitting at his laptop, not only was the camera taped over but also the headphone jack. He knew that there was a security problem with the headphone jack that also functioned as an audio input.
  The headphone jack on its own can do nothing. It's when you plug in headphones (or speakers) into it that the sound can be recorded.
  
  --
  I'm a minority race. Save your vitriol for white people.
Workaround: by Anonymous Coward · 2016-11-24 01:06 · Score: 0

Use a headphone preamp or even cheap active speakers.
1. Re:Workaround: by hcs_$reboot · 2016-11-24 03:01 · Score: 1
  
  Or use a new iPhone, it doesn't have a headphones plug
  
  --
  Slashdot, fix the reply notifications... You won't get away with it...
amplifier by dehachel12 · 2016-11-24 01:12 · Score: 2

Would it work with amplifier+speakers ?
1. Re:amplifier by arielCo · 2016-11-24 01:45 · Score: 1
  
  Nope, because you can't "retask" an amplifier to sense the voltage at its output and feed it into its input. It only works with passive devices like nonamplified headphones (desktop speakers usually need an amp).
  
  --
  This post contains no rudeness or derision of any kind. All arguments are friendly. Terms and exclusions may apply.
2. Re:amplifier by PIBM · 2016-11-24 01:46 · Score: 1
  
  Actually, it depends on your amplifier.. But a good rule of thumb is that you would be safe. This 'hack' on PCs date back to when voice chats appeared .. since no one had dedicated pc microphone, everyone I knew was using cheap headphones.. And doing this without the user knowledge has been possible for quite a while --- since the input/ouput could be reaffected, which is also too long ago to remember. News, anyone ?
3. Re: amplifier by Anonymous Coward · 2016-11-24 02:00 · Score: 0
  
  I would hate to bust your bubble. To completely stop the sine, you need an on off switch. A powered system. But, with the newer phones, being able to read sine systems, can be done on the fly, and recorded locally. Just a few software modifications. And they are in the communications packages. Not just one system either. All oses. They all, especially now, are listening for a voice, say sari, or Amazon, or what is the win version?
4. Re: amplifier by Anonymous Coward · 2016-11-24 02:24 · Score: 0
  
  With the onboard chip the amp is inside and you can connect the analog output somewhere else. Tell me how to make an outside amp work in reverse so the EMF induced at the speaker reaches the IC.
Real hackers by Anonymous Coward · 2016-11-24 01:17 · Score: 1

Real hackers pull this stunt through wireless headphones.
1. Re:Real hackers by Anonymous Coward · 2016-11-24 01:28 · Score: 0
  
  Join us now and share the software;
  You'll be free, hackers, you'll be free.
  Join us now and share the software;
  You'll be free, hackers, you'll be free.
  Hoarders can get piles of money,
  That is true, hackers, that is true.
  But they cannot help their neighbors;
  That's not good, hackers, that's not good.
  When we have enough free software
  At our call, hackers, at our call,
  We'll kick out those dirty licenses
  Ever more, hackers, ever more.
  Join us now and share the software;
  You'll be free, hackers, you'll be free.
  Join us now and share the software;
  You'll be free, hackers, you'll be free.
A headphone... by hcs_$reboot · 2016-11-24 01:17 · Score: 5, Informative

is a microphone. Both headphones and microphone share the same mechanism (using a voice coil). The microphone is more sensitive (as it generates small alternative current when the sound makes the diaphragm vibrate) ; and headphones do the opposite, its diaphragm vibrates when the device injects positive or negative current. Even a bigger speaker is sensitive enough to act as a microphone.

--
Slashdot, fix the reply notifications... You won't get away with it...
1. Re:A headphone... by Anonymous Coward · 2016-11-24 01:41 · Score: 0
  
  The issue is the computer hardware. Not all audio ports can be configured to go either direction...
2. Re:A headphone... by Kjella · 2016-11-24 01:54 · Score: 5, Interesting
  
  Even if you know that, it is far from obvious that there will be a hardware and software interface that'll let you turn an apparent read-only/write-only device into a read/write device. It could have dedicated ports or use fused circuits to set it in a device, the coupling could have had mode indicators or firmware that forced it into headphone or microphone mode. I've never heard of any malware doing it before, so I'd say this is pretty clever.
  And I just got a scary thought, many laptops have built-in speakers that you can't easily disconnect, can they too be reprogrammed as inputs? Even if it doesn't have much reach if you can hear what the person on the laptop is doing talking on the phone or whatever, that could be huge. I mean many headsets have a mic, so if you're worried about anyone listening in you'd have disconnected it anyway, this only adds the capability to pure headphones/earbuds.
  
  --
  Live today, because you never know what tomorrow brings
3. Re:A headphone... by drinkypoo · 2016-11-24 02:05 · Score: 1
  
  I just got a scary thought, many laptops have built-in speakers that you can't easily disconnect, can they too be reprogrammed as inputs?
  That depends on the CODEC and how it is used. If it has repurposeable outputs and they use them just for routing convenience because they have more than they need on the device then it's not impossible.
  Not all codecs even have switching onboard, for those you are safe for sure. For the ones that do, it's going to be a case-by-case basis.
  
  --
  "You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
4. Re:A headphone... by Shane_Optima · 2016-11-24 02:52 · Score: 1
  
  Even if you know that, it is far from obvious that there will be a hardware and software interface that'll let you turn an apparent read-only/write-only device into a read/write device.
  I think it's a reasonable assumption that few hardware manufacturers have bothered to create a design where electrical signals can be sent to a speaker/headphone jack, but never received. That sounds like the sort of thing that would require more money to build.
  
  The software interface could/would be provided by the attacker, of course.
  
  I've never heard of any malware doing it before, so I'd say this is pretty clever.
  Meh. It's not a new idea at all. I had an electronics kit in the 6th grade that came with a little earpiece that functioned as both a speaker and a microphone. There obviously was only a single diaphragm, and when I read up on how speakers and microphones worked it was readily apparent that they were the same thing (but usually with optimizations for one functionality or the other.)
  
  And so years later when I heard about security concern over webcams, I instantly thought of the speakers as well. There's been talk about this possibility for a long time but there's been nearly as much concern as there has been vs. webcams. Probably because it's tricky, and of limited utility to regular attackers.
  
  One more thing to note though: acoustic analysis can sometimes decode keystrokes on a keyboard fairly accurately. This means that one compromised speaker in a room (perhaps in an IoT device) could be used to compromise the password for a non-compromised device.
5. Re:A headphone... by thegarbz · 2016-11-24 03:23 · Score: 2
  
  it is far from obvious that there will be a hardware and software interface that'll let you turn an apparent read-only/write-only device into a read/write device.
  Have you not used a computer in the past 15 years? The vast majority of desktop computers have come with apps to dynamically assign recording / playback outputs to various ports as you see fit. It stands to reason that the underlying hardware has been capable of this since we first started abandoning the Soundblaster.
6. Re:A headphone... by Anonymous Coward · 2016-11-24 03:58 · Score: 0
  
  Not really that impressive. Turning an in into an out (or vice-versa) is just one minor kernel module change away in Linux, for most popular hardware anyway.
  The interest in this attack vector is purely academic anyway, since it requires some really low level access. If you already have that kind of access, it's already curtains for the user.
  So you can stop being paranoid. If anyone (read: government) wanted to listen to you, it's far more likely that they'll just tap your phone (illegally), possibly also abuse the proprietary "features" of the baseband processor to enable real-time audio capture. Or hack a nearby Android if they just want to take the easy route.
7. Re:A headphone... by ilsaloving · 2016-11-24 04:00 · Score: 1
  
  Is CODEC the right acronym? Do you mean DAC? I know a codec to be the format in which a signal is encoded by software.
8. Re:A headphone... by koreanbabykilla · 2016-11-24 04:38 · Score: 1
  
  Codec isn't an acronym. It's short for compressor/decompresser like modem is to modulator/demodulator
9. Re:A headphone... by Anonymous Coward · 2016-11-24 04:49 · Score: 0
  
  I think CODEC is probably the correct term. The chip has both DAC (digital-to-analog) and ADC (analog-to-digital) converters built in. Usually more than one of each type. The chip takes in a specially formatted serial stream of data from the computer at a fairly high speed, and separates the stereo or multi-channel information in the serial stream and sends each channel to the appropriate DAC/output. At the same time, the chip can take input from the ADCs and create a serial stream of data to send to the computer. The chip usually has adjustable audio filters, mixers, amplifiers, and switchable input/output pins. I think this article is about being able to secretly switch an output connector to become an input.
10. Re:A headphone... by Anonymous Coward · 2016-11-24 05:34 · Score: 0
  
  is a microphone. Both headphones and microphone share the same mechanism (using a voice coil). The microphone is more sensitive (as it generates small alternative current when the sound makes the diaphragm vibrate) ; and headphones do the opposite, its diaphragm vibrates when the device injects positive or negative current. Even a bigger speaker is sensitive enough to act as a microphone.
  Thank you for demonstrating what happens when you bring an engineer into the average conversation.
  And we wonder why geeks and nerds are considered anti-social.
11. Re:A headphone... by thebigmacd · 2016-11-24 05:38 · Score: 1
  
  CODEC isn't correct, no. An audio/video codec is an *algorithm* which operates in the digital realm, converting digital data from uncompressed to compressed format and vice-versa. A codec can be implemented in hardware but is not the hardware itself.
  Ffmpeg is a codec.
12. Re:A headphone... by ilsaloving · 2016-11-24 06:16 · Score: 1
  
  That's what I was thinking. But if so, I'm wondering what component specifically the parent is referring to, apart from it being just "the audio chip". IS there a specific term?
13. Re:A headphone... by jez9999 · 2016-11-24 08:27 · Score: 1
  
  many laptops have built-in speakers that you can't easily disconnect
  Don't they usually come with a MIC you can't easily disconnect?
  
  --
  == Jez ==
  Do you miss Firefox? Try Pale Moon.
14. Re:A headphone... by EETech1 · 2016-11-24 10:49 · Score: 1
  
  I'm just guessing here, but I would imagine that the speakers may have a small audio amplifier built into the motherboard, but headphones would be driven directly off of the chip. The amplifier would prevent the audio from the speakers going the other direction.
  Cheers
15. Re:A headphone... by Anonymous Coward · 2016-11-24 12:04 · Score: 0
  
  My laptop has built in speakers. It also has a built in microphone... We're fucked.
16. Re:A headphone... by Megol · 2016-11-24 13:53 · Score: 1
  
  It is correct: https://en.wikipedia.org/wiki/...
17. Re:A headphone... by Anonymous Coward · 2016-11-24 20:21 · Score: 0
  
  I think it's rather coder/decoder. That's a more generic term than compression and decompression.
  Now the funny thing is, whichever of these two definitions you choose, it's a perfect example of an acronym that isn't an initialism, like e.g. Comintern, NORAD (a rather loose one?) or radar where ra- stands for radio.
18. Re:A headphone... by Anonymous Coward · 2016-11-24 20:54 · Score: 0
  
  You might know about that xkcd slide where "attackers can read my email, impersonate me, browse my bank accounts (etc.) but at least they can't install drivers without my permission", because that one thing needs the root password or root privileges.
  Well, other way around, if the user space data is only about games, kitten and porn (or even slashdot browsing history) that won't be of much use to attackers but live or recorded audio in the room where the terrorist cell or red brigade or shadow business board meets is rather more interesting.
  Almost any desktop or laptop uses a Realtek chip for audio, which makes the attack a bit plausible. But someone has to have left headphones plugged in. (passive consumer speakers for that use do exist but they're probably exceedingly rare or not used since the 90s)
19. Re:A headphone... by Anonymous Coward · 2016-11-25 00:32 · Score: 0
  
  At first I thought the same, but then I read the rest and I have to say I never expected the sound card to be able to read from its output port.
  I would have expected that the line out is connected to a dedicated DAC which would then make it impossible for this to happen (as far as I know), but that assumption is apparently incorrect.
20. Re: A headphone... by Anonymous Coward · 2016-11-25 02:43 · Score: 0
  
  I believe it is what one would call a Natalie Portmanteau.
21. Re:A headphone... by syntotic · 2016-11-25 08:13 · Score: 1
  
  FINALLY! I ve been fighting without sound since 2009!!! ALL laptops come with the same defects and no solution since then. I was starting to (learn how to) record double nintendo ds double sessions when puff! BSOD. First ever in laptops. After some two hours waiting for the system to come finish diagmostics, no more recording AT ALL!!!! And since then the same ISSUE in all laptops from win7 to win10: recording does not work. But sometimes it feels like some videos do have a sound signal over them.... sometimes... So the problem is being recognized, eh? No antivirus has ever complained though, and no driver solutions available either. Maybe these comments will show a solution is needed?
22. Re:A headphone... by Agripa · 2016-11-25 15:38 · Score: 1
  
  is a microphone. Both headphones and microphone share the same mechanism (using a voice coil). The microphone is more sensitive (as it generates small alternative current when the sound makes the diaphragm vibrate) ; and headphones do the opposite, its diaphragm vibrates when the device injects positive or negative current. Even a bigger speaker is sensitive enough to act as a microphone.
  This is only true for *dynamic microphones* which are tiny voice coil speakers. Most microphones are electret microphones which are a variation of the condender microphone and nothing like speakers but in consumer gear they are increasingly being replaced by MEMS microphones.
hurrah for apple! by Anonymous Coward · 2016-11-24 01:18 · Score: 0

Apple apparently saw this one coming :)
1. Re: hurrah for apple! by Anonymous Coward · 2016-11-24 02:03 · Score: 0
  
  How? Sari, coffee?
meh by Anonymous Coward · 2016-11-24 01:19 · Score: 0

unpowered analog speakers and microphones are basically the same parts. Guess people aren't aware a headphone works as a mic. The only trick here is they could get the audio output chip to report back the electrical level to the computer.
UMM DUHHH by Anonymous Coward · 2016-11-24 01:29 · Score: 0

Take any headphones plug them into the mic jack and speak at will.. This is NOT rocket science, and if it is I was a rocket scientist at the early age of 11. this is just forcing a mic driver to install on the headphone jack. I could script this in less then 2 mins and I have no degree.
1. Re: UMM DUHHH by Anonymous Coward · 2016-11-24 01:46 · Score: 0
  
  You couldn't if the hardware doesn't allow it. That's the point of the article.
2. Re: UMM DUHHH by Khyber · 2016-11-24 02:59 · Score: 1
  
  The hardware allows it and has since WAY BACK (Like Sound Blaster Live using kX drivers you could route anything anywhere.)
  And with things like the newer Windows Sound System (Win7+) you can now surreptitiously and maliciously make it so that your malware can listen in on a specific program. You couldn't do that in XP, as XP didn't have per-program audio control.
  
  --
  Still waiting on Serviscope_minor to wake up to fucking reality and realize that Jessica Price isn't going to fuck him.
3. Re:UMM DUHHH by Anonymous Coward · 2016-11-24 04:41 · Score: 0
  
  If this is so easy, is there a bit of software that could be used for testing computers with integrated speakers? I have a computer with a built in speaker using the realtek chip. I havent ever found an option like that in alsamixer. Wouldnt I need a modified driver, are there commands to type in the shell?
Well, umm by Anonymous Coward · 2016-11-24 01:30 · Score: 0

Why not just use the microphone? There's one on most headphones these days.
Hasn't this always been the case by tomxor · 2016-11-24 01:31 · Score: 4, Interesting

I've noticed it's been possible to retask ports for input output on most sound cards or both for a long time... The smaller the headphone the better it would work as a passive microphone, I thought this was always obvious. This is hardly something that no one ever though of before like air gap hacks.
1. Re:Hasn't this always been the case by Anonymous Coward · 2016-11-24 05:37 · Score: 0
  
  Yes, because you coded the machine code instructions yourself, you noticed this.
  Doesn't automagically mean it's obvious to everyone else just because you noticed it.
2. Re:Hasn't this always been the case by Anonymous Coward · 2016-11-24 06:00 · Score: 0
  
  I have even used this in the past, my laptop did not have a headphone jack, but had a configuration option to use the output port as input. I connected a real microphone though.
3. Re:Hasn't this always been the case by Anonymous Coward · 2016-11-24 06:43 · Score: 0
  
  This is not some obscure behaviour that only sound card driver programmers will notice... it's an intentional feature, and anyone with basic understanding in speakers understands that speakers are principally the same as microphones. This is like saying "if you get hacked then someone could turn your wifi interface into a packet sniffing drone"... well yeah if they hack your system then they can fuck with your device drivers too. If there was a research article for all of the possible things you could do once you have root access to someones computer then there would be more research papers than there are computers. This isn't even security research it's just a "once you have access you could do this shit look".
Phbbt by Minupla · 2016-11-24 01:31 · Score: 1

I figured that out when I was 8!
Slow researchers!
(In seriousness, its a nice hack. Now excuse me while I put black electrical tape over all my microphones... oh wait...)

--
On the whole, I find that I prefer Slashdot posts to twitter ones because I don't get limited to 140 chars before
What about the motherboard speaker? by WormholeFiend · 2016-11-24 01:34 · Score: 1

Does it work on that too if you dont have any other audio?
1. Re:What about the motherboard speaker? by drinkypoo · 2016-11-24 01:41 · Score: 2
  
  Does it work on that too if you dont have any other audio?
  The short answer is no
  A longer answer is, only if your motherboard speaker is tied not just to the buzzer output, but also to the audio codec, which is outstandingly rare in a PC but not actually unheard of.
  
  --
  "You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
2. Re:What about the motherboard speaker? by swb · 2016-11-24 02:19 · Score: 1
  
  It may be rare in build your own motherboards, but it's not uncommon in low-end Dell desktops. I see a fair amount of desktops with what sounds like a typical crap beep speaker wired to the sound chip output. The sound quality and volume is poor, but you hear Windows audio out of it.
  I doubt it would make a useful microphone as the audio output quality is poor and its buried inside the noisy PC case, which may be made worse by being a SFF case where its closer to fans or drives.
3. Re:What about the motherboard speaker? by drinkypoo · 2016-11-24 02:39 · Score: 1
  
  I see a fair amount of desktops with what sounds like a typical crap beep speaker wired to the sound chip output. The sound quality and volume is poor, but you hear Windows audio out of it.
  Yes, in such hardware, I would definitely be concerned about the risk of such an attack.
  
  I doubt it would make a useful microphone as the audio output quality is poor and its buried inside the noisy PC case, which may be made worse by being a SFF case where its closer to fans or drives.
  Yes, only in the case where the speaker is front-mounted does it seem like it would be possible to get high-quality audio. Then again, with sufficient processing, you might be able to get usable audio, and there's a processor right there.
  I've also recently become aware that the original PC speaker hardware could be used in reverse. How much useful audio you could get through a crap speaker inside a noisy steel box full of noisy spinning rust I'm not sure, though. As far as I know, that hardware is now emulated and won't work in the same way, but I've been wrong before.
  
  --
  "You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
4. Re:What about the motherboard speaker? by Anonymous Coward · 2016-11-24 04:24 · Score: 0
  
  If you need a whole audio codec to run the PC speaker, how do you get POST beeps to decode when you're having a problem? Or is the expectation that you just buy a new one when that happens?
5. Re:What about the motherboard speaker? by Anonymous Coward · 2016-11-24 04:47 · Score: 0
  
  I remember a driver that would emulate a sound card on the builtin speaker for output (windows 95 era) the sound quality was pretty tinny.
6. Re:What about the motherboard speaker? by drinkypoo · 2016-11-24 11:44 · Score: 1
  
  If you need a whole audio codec to run the PC speaker, how do you get POST beeps to decode when you're having a problem? Or is the expectation that you just buy a new one when that happens?
  Either the BIOS knows how to make that happen, or (more likely) the codec isn't the only thing connected to the speaker.
  
  --
  "You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
7. Re:What about the motherboard speaker? by Anonymous Coward · 2016-11-24 21:03 · Score: 0
  
  Perhaps an evil maid can wire the PC speaker to an "AUX" input header on the motherboard or sound card.
And... by Anonymous Coward · 2016-11-24 02:00 · Score: 0

...I plugged a cheap microphone into a headphone jack and heard sound. Like you said, old news.
Realtek's bad design strikes again. by sethstorm · 2016-11-24 02:02 · Score: 1

Not only do they make bad networking chipsets, their audio chipsets are even worse.

--
Twitter supports and protects racists - by smearing their critics with the "Hate Speech" label.
1. Re:Realtek's bad design strikes again. by thegarbz · 2016-11-24 03:24 · Score: 1
  
  Not only do they make bad networking chipsets, their audio chipsets are even worse.
  What about this is bad design? I see a bug, but I see it in a good design that allows you to dynamically assign I/O where needed be it the back or the front or the riser card or the whatever. Computers have done this for 15 years. Researchers have demonstrated it on one device but I'll bet you a Mars bar that this feature is exploitable across a wide range of vendors, even dedicated Soundcard vendors.
2. Re:Realtek's bad design strikes again. by Anonymous Coward · 2016-11-24 04:03 · Score: 0
  
  They probably did a risk analysis and concluded that anyone with the capability to change the driver could just as easily just grab all the data on the disk, monitor key input, gain access to any connected camera or anything else they wanted to.
  Blocking this feature would improve security as much as setting up a sign behind a door.
  If someone breaks through the door then the sign will not really be an issue for them.
Nothing new here IMO by Anonymous Coward · 2016-11-24 02:04 · Score: 0

I have been using my headphones as a microphone because i didn't have a microphone when i was a kid ~20 years ago. Almost all audio cards can be programmed to use each connector either as "speaker" or as "mircrophone". So i am wondering how this is news?
Re: Israelis again huh by Anonymous Coward · 2016-11-24 02:14 · Score: 0

Go to hell, Nazi. Every developed country has security researchers in its universities.
So Apple did something right by dromgodis · 2016-11-24 02:30 · Score: 1

This hack won't work on your iPhone 7. Now they can never turn it into a device that can pick up sounds at any time... Oh...
Winston Smith... by Anonymous Coward · 2016-11-24 02:40 · Score: 0

Who would have thought that all of that Big Brother monitoring equipment was really just the various entertainment devices Winston had saved for over many months.
1. Re:Winston Smith... by Anonymous Coward · 2016-11-24 05:09 · Score: 0
  
  "Under the spreading chestnut tree I sold you and you sold me"
Why is it considered "Malware" by Anonymous Coward · 2016-11-24 02:41 · Score: 0

This could be quite useful
Feature, not a bug by drinkypoo · 2016-11-24 02:42 · Score: 2

Not only do they make bad networking chipsets, their audio chipsets are even worse.
I'm with you on the rtl eth, but being able to switch inputs in the codec is a feature, not a bug. It enables you to do stuff like plug in a device, answer a question about what it is, and not have to worry about which port is which. It also lets you have multiple inputs or multiple outputs with just two jacks, which would often be useful on a laptop.
The problem isn't in the hardware, it's in the software.

--
"You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
Most plug allow both in and out by aepervius · 2016-11-24 03:07 · Score: 1

At least for the cards I have had for the last 10 years you have a color for the plug and you can choose *at the moment* you plug in if it should act as headphone, as microphone, it is not set as "in" or "out" you can even switch them around and it sitll work properly. If the driver can chose, then the driver can be misused to switch around and amde believe headphone/loudpseaker are (poor) microphone

--
C. Sagan : A demon haunted world:
http://www.amazon.com/gp/product/0345409469/
visit randi.org
Everything old is new again... by NetAlien · 2016-11-24 03:17 · Score: 1

Good grief! We were doing this in the early 60s when the carbon microphones in our headsets crapped out. Switching earpeice between ear & mouth gave us half vs full duplex comms too... :)
Software switches strike again! by Anonymous Coward · 2016-11-24 03:21 · Score: 0

This is what happens when you have software switches and single ports capable of working as mic and headsets.
Even TVs in the 80s had distinct IO.
Hell, there were even adaptors for two-way ports to allow one-way communication only.
This could be used to choose specifically what device you want to be a master and which the slave, useful for doing special effects in hardware only. (which I found out accidentally as a KID of 13)
Of course, these days many more crappy headphones are going through USB, which is even worse.
Or infinitely worse, BLUETOOTH.
Courage and security by zerofoo · 2016-11-24 03:24 · Score: 1

The new iPhone 7 - even more courageous and secure.....
1. Re:Courage and security by freeze128 · 2016-11-24 05:28 · Score: 1
  
  The iPhone (yes, even the iPhone 7) already has a built-in microphone. It would be easier to just turn that on and listen, rather than try to do this headphone thing.
  
  In fact, this whole exploit is becoming increasingly pointless, since all cell phones have a built-in microphone, and so do almost all laptops.
2. Re:Courage and security by q4Fry · 2016-11-30 06:22 · Score: 1
  
  There are some companies who provide a hardware kill switch to the microphone (grep for "HKS"), but this exploit means that the speakers are also vulnerable.
What's new? by Anonymous Coward · 2016-11-24 03:26 · Score: 0

So what's new? Everyone who's a bit a home in such things knows that a classic speaker (magnet and membrane, not piezo ones) and a classic microphone (magnet and membrane, not capacitive types) are exactly the same thing, save mechanical differences aimed at making them somewhat better at what they're being designed for than at working the other way around.
And everyone who has looked closely at the settings of the most common audio chips in their PCs knows that input and output are somewhat relative, because each jack can be reprogrammed to be any of a few different functions.
It's not like nobody came up with this idea before. I know *I* did, I just didn't believe it merited calling myself a security researcher because of it.
This even reminds me of the 1970's, when I did silly things like plug a microphone into a cassette recorder headphone jack and listen to sound coming (faintly, I admit) out of the mike. And I'll even admit that the first time I did it was by accident, and made me fear I had ruined the mike. Which would be something "not good" for a teenager.
And BTW, Realtek did good. Making jacks configurable is not bad design. Calling that a bug *is* negative thinking.
not a bug, its a feature by Anonymous Coward · 2016-11-24 04:20 · Score: 0

i dont know how this is even news, ive been able to plug headphones into the mic port and collect sound since windows 95. the physics behind microphones and speakers are the exact same thing with the only difference being in the direction of application.
Then in windows 98 you were able to start retasking ports for different things. this is not a hack, this is a feature that has been implemented into audio drivers for years to allow people to use 5.1 and more speakers for their setups. computers with built in speakers like most laptops can do this as well.
Hasn't this always been the case? by Anonymous Coward · 2016-11-24 05:51 · Score: 0

I've noticed it's been possible to retask ports for input output on most sound cards or both for a long time... The smaller the headphone the better it would work as a passive microphone, I thought this was always obvious. This is hardly something that no one ever though of before like air gap hacks.
why is this news? by Anonymous Coward · 2016-11-24 06:09 · Score: 0

Every speaker can be turned into a microphone. duh.
1. Re:why is this news? by Anonymous Coward · 2016-11-24 06:37 · Score: 0
  
  have you tried it with a piezoelectric speaker?
2. Re:why is this news? by gweihir · 2016-11-24 10:03 · Score: 1
  
  Works as well, just needs a lot of DSP after to correct.
  
  --
  Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
3. Re:why is this news? by Megol · 2016-11-24 14:01 · Score: 1
  
  Yes. Plasma speakers may be a bit harder to hack though...
Home automation is better at sending data to cloud by rlh100 · 2016-11-24 06:50 · Score: 1

Who needs to hack into anything when we are installing home automation devices like Amazon Alexa Echo and Google Home that stream audio to the cloud. In the case of the Echo its 16bit, 16KHz audio with a sophisticated microphone array that can determine the direction of the conversation. Both Google and Amazon are proud of their voice recognition capabilities.
How do you know it is only sending audio when you talk to it? Blinking LEDs? See discussion about software control of indicator LEDs.
Awgh! by Anonymous Coward · 2016-11-24 09:37 · Score: 0

In Soviet Russia, microphones are speakers.
Just one more drop in the sea by Anonymous Coward · 2016-11-24 09:38 · Score: 0

Your smartphone has a microphone (or three) you can't easily disconect and the radios part runs closed and obscured software that probabbly accepts remote commands.
Your laptop has a built in microphone and laptop jacks have been for a while compatible with 4 rings jacks so if you use your phone's headphones you have another microphone connected.
Many smart tv's have mics as well.
Most of the above have webcams but at least you can cover those. You can't cover a mic with the gain cranked up to 11.
I used to work as a sound engineer for conferences some 10 years ago and for giggles I would route one of the backup mic's to my headphones and crank the gain really high. I could hear what panel members whispered 10 seats away.
Tinfoil hat subversion by Flownez · 2016-11-24 11:49 · Score: 1

I wonder how soon until they can subvert tin foil hats?
OK. So... by RightwingNutjob · 2016-11-24 15:32 · Score: 1

put an amplifier or isolator between the jack and the speaker. Security problem gone.
really! by Anonymous Coward · 2016-11-25 00:34 · Score: 0

I knew about this since I plugged in my headphones backwards on pc sound card 10 years ago.
When I started to worry by Anonymous Coward · 2016-11-25 03:55 · Score: 0

The first time I plugged into the headphone jack and Windows popped up a notification that it knew about it.
Prevention by nuc1e0n · 2016-11-25 06:50 · Score: 1

Would a diode put a stop to this?
1. Re:Prevention by Agripa · 2016-11-25 15:41 · Score: 1
  
  Would a diode put a stop to this?
  Yes sort of but that is not the way to go about it. Adding a headphone amplifier would neatly solve the problem.
Feature, not a bug by Ant+P. · 2016-12-06 11:36 · Score: 1

So... how can I invoke this deliberately? I would *love* to swap my laptop's line-in/out in software, because one port's never been used and the other is damaged beyond repair.