Is a hacker listening to you through your headphones? Possibly the NSA? Should we be worried? Should we blame RealTek?
Researchers at Ben Gurion University in Israel just discovered something pretty interesting. They created a proof-of-concept code, labeled “Speake(a)r,” to show how a dedicated hacker could hijack your earbuds and headphones through your PC.
The end result? Malware that changes your headphones into makeshift microphones, allowing hackers to record your own conversations.
How exactly does it work? Wired explains that, even if your PC microphones are turned off,
“The experimental malware…repurposes the speakers in earbuds or headphones to use them as microphones, converting the vibrations in air into electromagnetic signals to clearly capture audio from across a room.”
Mordechai Guri, research lead of the university’s Security Research Labs, said,
“People don’t think about this privacy vulnerability. Even if you remove your computer’s microphone, if you use headphones you can be recorded.”
Wired explains that earbuds easily function as microphones. They linked to several YouTube videos with the search term, “Headphones to Mic.” Here’s where things become scientific.
“Just as the speakers in headphones turn electromagnetic signals into sound waves through a membrane’s vibrations, those membranes can also work in reverse, picking up sound vibrations and converting them back to electromagnetic signals. (Plug a pair of mic-less headphones into an audio input jack on your computer to try it.)”
But the researchers didn’t just download a YouTube video and try it out. Instead, the experimental malware uses “a little known feature” in RealTek audio codec chips. The malware simply ‘retasks’ the computer’s output channel as an input channel. Thus, the malware records audio. RealTek chips are so common, say the researchers, that the attack works on just about any PC or Mac desktop or laptop. Guri said,
“This is the real vulnerability. It’s what makes almost every computer today vulnerable to this type of attack.”
What’s worse, Guri says, “There’s no simple software patch for the eavesdropping attack.” Furthermore, to fix this problem, manufacturers have to redesign and replace the chip in future designs.
Until then, just take out your headphones.
Cyber Security Labs posted a video on YouTube on how to turn your microphones into a mic.