Researchers at the Ben-Gurion University of the Negev in Israel revealed that malware can turn headphones into microphones.
“Interestingly, the audio chipsets in modern motherboards and sound cards include an option to change the function of an audio port at a software level, a type of audio port programming sometimes referred to as jack retasking or jack remapping,” the researchers explained in a paper about the exploit. “This option is available on Realtek’s (Realtek Semiconductor Corp.) audio chipsets, which are integrated into a wide range of PC motherboards today.”
The team demonstrated this concept with software it dubbed SPEAKE(a)R. It works by essentially reversing the process used to transfer sounds between a computer and the headphones connected to it. Instead of driving a current through a coil in a magnetic field to produce sounds, which is how PCs send audio to headphones, SPEAKE(a)R uses headphones to capture sound and convert it to a current sent via the coil to a PC. Ta-da! Easy surveillance.
“SPEAKE(a)R: Turn Speakers to Microphones for Fun and Profit”
The researchers envisioned this attack being useful in two scenarios: one in which a computer that doesn’t have a microphone could be used to snoop on its owner via connected headphones, and another in which a device’s built-in microphone is ignored in favor of headphones if they can get better audio. It also isn’t hard to imagine this attack being used against someone who has disabled their computer’s microphone but still plugs in their headphones.
Compromising someone’s device won’t do any good if the surveillance doesn’t reveal any meaningful information, however, so SPEAKE(a)R was run through a battery of tests to see if it could be used to pick up worthwhile audio. The team found that “an intelligible audio transmission can be achieved from a few meters using headphones as a microphone,” which means that an attack like this could in fact be used to snoop via someone’s headphones.
So what can someone do to defend themselves? The good news is that many places where sensitive information is being communicated forbid the use of speakers; their ability to be turned into microphones has been well documented. The bad news is that short of fiddling with a motherboard’s UEFI/BIOS settings or waiting for operating system makers or audio codec providers to address this issue, the best option is not to use headphones with your PC.