A report from a group of Israeli researchers claims that hackers may soon be utilising people’s speakers or headphones to listen in on conversations.
Researchers from Ben-Gurion University in Beer-Sheva have created a proof of concept malware code called “Speake(a)r” which shows how easily hackers can turn a normal pair of headphones to listen in on conversations. The code can essentially hijack any input device on a computer, attempting to gain access to the webcam or use the speakers or microphone to convert sound vibrations into electromagnetic signals which can be transmitted back to the hacker.
Mordechai Guri, the lead researcher of Ben-Gurion University Cyber Security Research Lab, told Wired, “People don’t think about this privacy vulnerability, even if you remove your computer’s microphone, if you use headphones you can be recorded.”
The Speake(a)r malware utilises a feature in RealTek audio codec chips to re-route an output channel into an input channel, allowing for headphones or speakers to record audio, even if they’re only connected to a computer’s output port. Due to the widespread use of RealTek audio chips in computers, this leaves the majority of home PCs and laptops at risk.
“This is the real vulnerability,” says Guri. “It’s what makes almost every computer today vulnerable to this type of attack.”
Using a simple pair of Sennheiser earphones, the Ben-Gurion researchers found that audio from as far away as 20 feet could be deciphered using the Speake(a)r malware. The malware can then compress this audio to reduce it’s file size and send it across the Internet. Guri says that currently there is no real fix for the issue aside from directly removing or replacing the audio chip in the computer, a task that most users would not manage easily.