Researchers Hack Headphones Into Spying Microphones That Record Your Conversations
There are steps you can take to reclaim your privacy, such as putting a piece of black tape over your laptop's webcam, but unless you're willing to disconnect completely, total privacy might be a myth. Case in point, researchers at Israel's Ben Gurion University recently demonstrated how easy it is to hack a system so that the headphones record sound like a microphone.
The proof-of-concept computer code at work is called "Speake(a)r" and what it does is repurpose the speakers inside headphones to record audio. It does this by capturing vibrations in the air and converting them into electromagnetic signals that can be clearly heard from across a room. It even works when the headphones are plugged into a dedicated audio output jack.
Think about that for a moment and recall how often you've left a set of headphones plugged into your PC. Had it been hacked in a such a manner, someone could have been listening to you and anyone else nearby, even there's no microphone.
"“People don’t think about this privacy vulnerability," says Mordechai Guri, research lead at Ben Gurion’s Cyber Security Research Labs. "Even if you remove your computer’s microphone, if you use headphones you can be recorded."
Converting headphones into a microphone isn't a new concept, but what's unique about this method is that the malware taps into a feature of RealTek audio codec chips to turn a PC's output channel into an input channel. That makes it particularly devious, and is also what makes almost every PC out there vulnerable to this exploit.
While testing the method with a pair of Sennheiser headphones, the researchers found that they could record audio from up to 20 feet away. Furthermore, they were able to compress the recording and send it over the Internet.
This isn't something that's easily fixed with a driver update. Instead, it requires a new audio chip that isn't susceptible to the attack. Bottom line? If you're paranoid that someone is watching and listening to your ever move, tape that webcam and unplug those headphones.
The proof-of-concept computer code at work is called "Speake(a)r" and what it does is repurpose the speakers inside headphones to record audio. It does this by capturing vibrations in the air and converting them into electromagnetic signals that can be clearly heard from across a room. It even works when the headphones are plugged into a dedicated audio output jack.
Think about that for a moment and recall how often you've left a set of headphones plugged into your PC. Had it been hacked in a such a manner, someone could have been listening to you and anyone else nearby, even there's no microphone.
"“People don’t think about this privacy vulnerability," says Mordechai Guri, research lead at Ben Gurion’s Cyber Security Research Labs. "Even if you remove your computer’s microphone, if you use headphones you can be recorded."
Converting headphones into a microphone isn't a new concept, but what's unique about this method is that the malware taps into a feature of RealTek audio codec chips to turn a PC's output channel into an input channel. That makes it particularly devious, and is also what makes almost every PC out there vulnerable to this exploit.
While testing the method with a pair of Sennheiser headphones, the researchers found that they could record audio from up to 20 feet away. Furthermore, they were able to compress the recording and send it over the Internet.
This isn't something that's easily fixed with a driver update. Instead, it requires a new audio chip that isn't susceptible to the attack. Bottom line? If you're paranoid that someone is watching and listening to your ever move, tape that webcam and unplug those headphones.
