Headphones can be used to spy on people through a malware that turns it into microphones, researchers announced Wednesday.
Headphones, earphones and some types of loudspeakers plugged into a computer can be manipulated and silently turned into eavesdropping microphones through the exploit, researchers at Ben Gurion University (BGU)2 in Israel explained in the paper SPEAKE(a)R: Turn Speakers to Microphones for Fun and Profit.
The software that makes this possible is called SPEAKE(a)R, and it can be used to spy, even when the computer doesn’t have a microphone or if a mic is muted, taped or turned off.
“We demonstrated it is possible to acquire intelligible audio through earphones up to several meters away,” says BGU acoustic researcher Dr. Yosef Solewicz.
Researchers released a video showing how the malware works.
“This is the reason people like Facebook Chairman and Chief Executive Officer Mark Zuckerberg tape up their mic and webcam,” says lead researcher Mordechai Guri.
“You might tape the mic, but would be unlikely to tape the headphones or speakers,” added Guri.
An ordinary computer has a number of audio jacks, used for either input or output. However, audio chipsets in modern motherboards and soundclouds have an option for changing the use of audio port with software, which is a kind of audio port programming known as jack retasking or jack remapping.
“The fact that headphones, earphones and speakers are physically built like microphones and that an audio port’s role in the PC can be reprogrammed from output to input creates a vulnerability that can be abused by hackers,” says Prof. Yuval Elovici, director of the BGU Cyber Security Research Center (CSRC).
To prevent spying through headphones, researchers say disabling audio hardware is a good idea. Using an HD audio driver that alerts someone when a microphone is being accessed is another way to prevent eavesdropping.
Researchers called for “enforcing a strict rejacking policy within the industry,” as well as the development of anti-malware and intrusion detection systems to detect and block eavesdropping.