Threat Intelligence, Network Security

Can you hear me now? Malware turns headphones into mics for eavesdropping


Headphones and other speaker devices plugged into a computer's audio output jack can be converted into a microphone that secretly records nearby conversations by modifying the device's software via malware, according to a new research report.

Researchers from Ben-Gurion University of the Negev (BGU) in Israel have created this proof-of-concept malware, named SPEAKEaR, which exploits an option found in Realtek Semiconductor Corp. audio chipsets called jack retasking or remapping, which allows a user to change the function of an audio port at the software level. In other words, an output jack typically used to project sounds can be switched to an input jack that instead records audio, allowing attackers to eavesdrop.

These chipsets are found in most modern motherboards and sound cards, the report explains, thus making a majority of today's PCs and laptops susceptible.

Ben-Gurion University researchers Mordechai Guri, Yosef Solewicz, Andrey Daidakulov and Yuval Elovici conducted a test of the malware, documenting their findings in a YouTube video demonstration in which headphones connected to a computer are used to record Chubby Checker singing “The Twist” on a television set across the room.

Indeed, the report concludes that technique is effective at capturing intelligence audio with earphones “up to several meters away.”

"The fact that headphones, earphones and speakers are physically built like microphones and that an audio port's role in the PC can be reprogrammed from output to input creates a vulnerability that can be abused by hackers," said Professor Elovici, director of BGU's Cyber Security Research Center (CSRC) and a member of the university's Department of Information Systems Engineering, in a press release.

According to the report, computers remain vulnerable even if their actual microphones are disconnected, muted, covered or turned off.

"You might tape the mic, but would be unlikely to tape the headphones or speakers," said Guri, lead researcher and head of research and development at the CSRC, in the release. Headphones and speakers can effectively work as recording equipment because they contain the same parts as microphones, essentially operating in reverse, the report explains.

According to the report, SPEAKeR attacks could potentially be prevented by fully disabling audio hardware, using the HD audio kernel driver to prevent rejacking or alert users when microphones are accessed, creating and adhering to rejacking policies, or even forbidding the use of speaker devices in high-security environments.

Bradley Barth

As director of multimedia content strategy at CyberRisk Alliance, Bradley Barth develops content for online conferences, webcasts, podcasts video/multimedia projects — often serving as moderator or host. For nearly six years, he wrote and reported for SC Media as deputy editor and, before that, senior reporter. He was previously a program executive with the tech-focused PR firm Voxus. Past journalistic experience includes stints as business editor at Executive Technology, a staff writer at New York Sportscene and a freelance journalist covering travel and entertainment. In his spare time, Bradley also writes screenplays.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.