A cyber security team has figured out how to turn a speaker jack into a microphone jack. Hackers can now record conversations through earbuds connected to your computer.
Tin hat types, look out: even if you’ve disabled the mic on your computer, They can hear you through your earbuds. You know, Them.
Do you leave your headphones plugged into your computer?
Researchers at the Cyber Security Centre at Ben Gurion University kept noticing YouTube videos of folks turning earbuds into makeshift microphones. In a proof-of concept experiment, the team figured out how to turn an audio out jack into a mic jack with a little bit of malware they’re calling Speake(a)r. And ta-dah, a very sneaky spy mike with a range of up to 6 metres.
Here’s how it works: an earbud is basically a speaker backwards. Audio chipsets in many computers offer users the option to reroute or switch the microphone and speaker functions. This is called jack ‘retasking’ or ‘remapping.’ Once converted to an input channel, the earbuds pick up vibrations (your secrets) converts them into electromagnetic signals, and sends them into your computer.
According to Mordechai Guri, head of the project and lead author of a dense paper with a lively title, Speake(a)r: Turn Speakers to Microphones for Fun and Profit, this is a problem that’s much more than an academic project: ‘People don’t think about this privacy vulnerability. Even if you remove your computer’s microphone, if you use headphones you can be recorded.’
Though the sound isn’t great, the researchers found it clear enough to pick up conversations across a room.
This isn’t a new thing.
According to ‘Microphones for Fun and Profit,’ the NSA has known about this vulnerability since at least 2000. The paper cited an NSA guide to installing audio equipment:
‘…the speakers in paging, intercom and public address systems can act as microphones and retransmit classified audio discussions out of the controlled area via the signal line distribution. This microphonic problem could also allow audio from higher classified areas to be heard from speakers in lesser classified areas.’
And this could happen to you. Most motherboards use audiochips with remapping capabilities. According to Guri: ‘It’s what makes almost every computer today vulnerable to this type of attack.’
What you can do
Update your antivirus software, and quit looking at dodgy websites.
Stop using headphones. Not really practical, especially if one sits next to a noisy eater at work.
Upgrade your headphones. The hack works because basic microphones and speakers are basically the same thing. Change your ear gear to something with amplifiers and the hack fails. Expensive, not great for office morale, but could be handy around lunchtime, see above.
Don’t plug in. Wireless headphones eliminate the wire and the jack. But be aware every computer in the office might be compromised.
Play death metal at high volume.
Write and deploy a rejacking detection and alert system. A great idea, until it’s hacked.
Pressure chipmakers to redesign their chips. Good luck with that.
Stop being sneaky. Good luck with that!