Now hackers can spy on you through your headphones.
Everyday we hear about some dangerous piece of smartphone malware or some new way for hackers to keep tabs on what we’re up to.
But recently, researchers at Israel’s Ben Gurion University discovered a new way to spy on users via headphones connected to a vulnerable computer. Yes, beware! your headphones are not safe any more.
As Wired reports, researchers have created a piece of proof-of-concept code they call “Speake(a)r”, designed to demonstrate how determined hackers could find a way to surreptitiously hijack a computer to record audio even when the device’s microphones have been entirely removed or disabled.
The experimental malware instead repurposes the speakers in earbuds or headphones to use them as microphones, converting the vibrations in air into electromagnetic signals to clearly capture audio from across a room.
Here is a video demonstrating how the malware works can be viewed below. It’s pretty next-level stuff.
“People don’t think about this privacy vulnerability,” says Mordechai Guri, the research lead of Ben Gurion’s Cyber Security Research Labs. “Even if you remove your computer’s microphone, if you use headphones you can be recorded.”
Researchers says malware uses a little-known feature of RealTek audio codec chips to silently “retask” the computer’s output channel as an input channel, allowing the malware to record audio even when the headphones remain connected into an output-only jack and don’t even have a microphone channel on their plug.
Since RealTek chips are so common that the attack works on practically any desktop computer, whether it runs Windows or MacOS, and most laptops, too. And there’s no simple software patch for the eavesdropping attack. According to the researchers, the only way to protect computers going forward is to do away with those codec chips.