Can you hear me now? Malware turns headphones into mics for eavesdropping

Headphones plugged into a computer's audio output jack can be converted into a microphone that secretly records nearby conversations by modifying the device's software via malware, according to a new research report.

the SC Magazine UK take:

Headphones and other speaker devices plugged into a computer’s audio output jack can be converted into a microphone that secretly records nearby conversations by modifying the device’s software via malware, according to a new research report.

Researchers from Ben-Gurion University of the Negev (BGU) in Israel have created this proof-of-concept malware, named SPEAKEaR, which exploits an option found in Realtek Semiconductor Corp. audio chipsets called jack retasking or remapping, which allows a user to change the function of an audio port at the software level. In other words, an output jack typically used to project sounds can be switched to an input jack that instead records audio, allowing attackers to eavesdrop.

These chipsets are found in most modern motherboards and sound cards, the report explains, thus making a majority of today's PCs and laptops susceptible.

Ben-Gurion University researchers Mordechai Guri, Yosef Solewicz, Andrey Daidakulov and Yuval Elovici conducted a test of the malware, documenting their findings in a YouTube demonstration in which headphones connected to a computer are used to record Chubby Checker singing “The Twist” on a television set across the room.

Indeed, the report concludes that technique is effective at capturing intelligence audio with earphones “up to several meters away.”

"The fact that headphones, earphones and speakers are physically built like microphones and that an audio port's role in the PC can be reprogrammed from output to input creates a vulnerability that can be abused by hackers," said Professor Elovici, director of BGU’s Cyber Security Research Center (CSRC) and a member of the university’s Department of Information Systems Engineering, in a press release.

According to the report, computers remain vulnerable even if their actual microphones are disconnected, muted, covered or turned off.

"You might tape the mic, but would be unlikely to tape the headphones or speakers," said Guri, lead researcher and head of research and development at the CSRC, in the release. Headphones and speakers can effectively work as recording equipment because they contain the same parts as microphones, essentially operating in reverse, the report explains.

According to the report, SPEAKeR attacks could potentially be prevented by fully disabling audio hardware, using the HD audio kernel driver to prevent rejacking or alert users when microphones are accessed, creating and adhering to rejacking policies, or even forbidding the use of speaker devices in high-security environments.

A proof-of-concept malware called SPEAKEaR exploits jack retasking capabilities in Realtek audio chipsets, turning computer headphones into microphones that can eavesdrop on nearby conversations.
A proof-of-concept malware called SPEAKEaR exploits jack retasking capabilities in Realtek audio chipsets, turning computer headphones into microphones that can eavesdrop on nearby conversations.

Headphones and other speaker devices plugged into a computer's audio output jack can be converted into a microphone that secretly records nearby conversations by modifying the device's software via malware, according to a new research report.

Researchers from Ben-Gurion University of the Negev (BGU) in Israel have created this proof-of-concept malware, named SPEAKEaR, which exploits an option found in Realtek Semiconductor Corp. audio chipsets called jack retasking or remapping, which allows a user to change the function of an audio port at the software level. In other words, an output jack typically used to project sounds can be switched to an input jack that instead records audio, allowing attackers to eavesdrop.

These chipsets are found in most modern motherboards and sound cards, the report explains, thus making a majority of today's PCs and laptops susceptible.

Ben-Gurion University researchers Mordechai Guri, Yosef Solewicz, Andrey Daidakulov and Yuval Elovici conducted a test of the malware, documenting their findings in a YouTube video demonstration in which headphones connected to a computer are used to record Chubby Checker singing “The Twist” on a television set across the room.

Indeed, the report concludes that technique is effective at capturing intelligence audio with earphones “up to several meters away.”

"The fact that headphones, earphones and speakers are physically built like microphones and that an audio port's role in the PC can be reprogrammed from output to input creates a vulnerability that can be abused by hackers," said Professor Elovici, director of BGU's Cyber Security Research Center (CSRC) and a member of the university's Department of Information Systems Engineering, in a press release.

According to the report, computers remain vulnerable even if their actual microphones are disconnected, muted, covered or turned off.

"You might tape the mic, but would be unlikely to tape the headphones or speakers," said Guri, lead researcher and head of research and development at the CSRC, in the release. Headphones and speakers can effectively work as recording equipment because they contain the same parts as microphones, essentially operating in reverse, the report explains.

According to the report, SPEAKeR attacks could potentially be prevented by fully disabling audio hardware, using the HD audio kernel driver to prevent rejacking or alert users when microphones are accessed, creating and adhering to rejacking policies, or even forbidding the use of speaker devices in high-security environments.

Sign up to our newsletters