All our devices could turn into a gateway for spying, even our headphones. Israeli security researchers at Ben Gurion University recently discovered a way to turn headphones into microphones to use them to record audio. In other words, your headphones could act like a spying device without, needless to say – without your knowledge or consent.
Speake(a)r proof-of-concept malware transforms the speakers in earbuds or headphones to microphones.
The researchers developed a piece of proof-of-concept code they named Speake(a)r for the purpose to show how hackers could establish a way to hijack a computer to record audio, even when the device’s microphones have been entirely removed or disabled, Wired explains. The experimental malware literally transforms the speakers in earbuds or headphones to microphones, converting the vibrations in air into electromagnetic signals to audibly capture audio from across a room.
Researchers point out that the employment of headphones as microphones is not a new idea.
However, something was done differently this time – and it was using the output channel of the audio card for input signal. The recording of the sound comes next.
Related: Android Firmware Acts Like Backdoor, Secretly Transmits PII to a Chinese Company
For that to be done, the research team used a piece of malware dubbed Speak(a)r. With its help, they converted headphones into microphones by changing vibrations in the air emitted by the sound (i.e. voice) into electromagnetic signals. This enables the headphones to act as a microphone. Almost all sounds across the room can be detected.
What researchers did next was to make the output channel of the audio chip turn into an input channel, this way allowing it to record sound. Wired says that all of this is possible due to a feature available in the Realtek audio codec chip. This feature enables the malware to record audio.
What’s worse is that the majority of the available Windows and Mac systems are prone to the vulnerability described above.
It’s one of the many privacy-related issues we are (not) dealing with.
Unfortunately, many people are unaware of the dangers that their beloved devices bring. Or they just don’t seem to care enough to do something. Those who care, however, don’t have many choices.
Is there a way to be protected against this Speake(a)r exploit?
According to the tests performed by the research team who unveiled the problem, recording is possible from 20 feet away, or approximately 6 meters. Users, naturally, have no idea of what is happening.
But that’s not even the worst part. The real issue here stems from the fact that the vulnerability exists in the Realtek chip. And there is no software patch that can fix it. One way to deal with the issue is to upgrade the hardware to prevent such exploits from taking place in the future.