New Malware Turns Headphones into Makeshift Microphones to Record Your Conversations
Mark Zuckerberg made headlines earlier this year for taping his webcam and microphone. While he forgot the security 101 of not reusing old passwords, the Facebook CEO was definitely paranoid of someone trying to spy on him more than someone hacking his LinkedIn or Pinterest accounts.
Spying makes everyone uncomfortable. Are those so-called IoT devices really surveilling on you? Should you tape up your webcam and microphone slot? The paranoia would see no end because there's no end to the lengths an attacker could go to spy on their targets. Now, a group of Israeli researchers at Ben Gurion University have given us yet another reason to freak out with malware that converts your headphones into microphones that can record your conversations.
Researchers demonstrated the hack in a video, using a malware they are calling "Speak(a)r" to hijack a computer to record audio, even when the target device's microphone has been disabled or entirely removed. This malware tweaks the speakers in the earbuds to turn them into makeshift microphones, covertly listening to you.
Israeli researchers design a malware to spy using headphones
It is not a new discovery that speakers in the headphones that turn electromagnetic signals into sound waves can work in reverse too. What security researchers have done with this new malware is to take the idea even further - retask computer's output channel as an input, allowing criminals to record audio even when the headphones are connected into an output-only jack, don't have a microphone channel on their plug, or the user has completely disabled or removed the microphone from their computer.
"People don’t think about this privacy vulnerability," Mordechai Guri, the research lead of Ben Gurion’s Cyber Security Research Labs said. "Even if you remove your computer’s microphone, if you use headphones you can be recorded."
The Ben Gurion researchers tested this experimental malware using a little-known feature of RealTek audio codec chips with a pair of Sennheiser headphones. "The RealTek chips are so common that the attack works on practically any desktop computer, whether it runs Windows or MacOS, and most laptops, too," researchers told Wired.
The researchers studied several attack scenarios to evaluate the signal quality of simple off-the-shelf headphones. "We demonstrated it is possible to acquire intelligible audio through earphones up to several meters away," Yosef Solewicz, an acoustic researcher at the university said.
While the team has only focused on the RealTek chips, they have yet to test which other audio codec chips and smartphones might be vulnerable. There's no easier fix in the sight too. Guri said the feature in RealTek's audio codec chips that allows the malware to switch an output channel into an input isn't "an accidental bug so much as a dangerous feature," that cannot be fixed without redesigning and replacing the chip in future devices.
Since that's a super long-fix, if you are someone who removed or disabled the mic, you will have to put that pair of headphones down too.