Slashdot Mirror

← Back to Stories (view on slashdot.org)

Security Researchers Can Turn Headphones Into Microphones (techcrunch.com)

Posted by BeauHD on from the proof-of-concept dept.

As if we don't already have enough devices that can listen in on our conversations, security researchers at Israel's Ben Gurion University have created malware that will turn your headphones into microphones that can slyly record your conversations. TechCrunch reports: The proof-of-concept, called "Speake(a)r," first turned headphones connected to a PC into microphones and then tested the quality of sound recorded by a microphone vs. headphones on a target PC. In short, the headphones were nearly as good as an unpowered microphone at picking up audio in a room. It essentially "retasks" the RealTek audio codec chip output found in many desktop computers into an input channel. This means you can plug your headphones into a seemingly output-only jack and hackers can still listen in. This isn't a driver fix, either. The embedded chip does not allow users to properly prevent this hack which means your earbuds or nice cans could start picking up conversations instantly. In fact, even if you disable your microphone, a computer with a RealTek chip could still be hacked and exploited without your knowledge. The sound quality, as shown by this chart, is pretty much the same for a dedicated microphone and headphones. The researchers have published a video on YouTube demonstrating how this malware works.

3 of 122 comments (clear)

  1. Hasn't this always been the case by tomxor · · Score: 4, Interesting

    I've noticed it's been possible to retask ports for input output on most sound cards or both for a long time... The smaller the headphone the better it would work as a passive microphone, I thought this was always obvious. This is hardly something that no one ever though of before like air gap hacks.

  2. Re:A headphone... by Kjella · · Score: 5, Interesting

    Even if you know that, it is far from obvious that there will be a hardware and software interface that'll let you turn an apparent read-only/write-only device into a read/write device. It could have dedicated ports or use fused circuits to set it in a device, the coupling could have had mode indicators or firmware that forced it into headphone or microphone mode. I've never heard of any malware doing it before, so I'd say this is pretty clever.

    And I just got a scary thought, many laptops have built-in speakers that you can't easily disconnect, can they too be reprogrammed as inputs? Even if it doesn't have much reach if you can hear what the person on the laptop is doing talking on the phone or whatever, that could be huge. I mean many headsets have a mic, so if you're worried about anyone listening in you'd have disconnected it anyway, this only adds the capability to pure headphones/earbuds.

    --
    Live today, because you never know what tomorrow brings
  3. Re:Small tidbit by Big+Hairy+Ian · · Score: 4, Interesting

    What would be more interesting is if they'd managed to do this with a PC's built in speaker

    --

    Build a Man a Fire, and He'll Be Warm for a Day. Set a Man on Fire, and He'll Be Warm for the Rest of His Life.