So here's another piece of news to step up our computer paranoia and spying fears.
We all know it's now common practice to put tape over webcams to protect ourselves from unauthorized spying and snooping. In fact, it is so commonplace that even Mark Zuckerberg and FBI Director James Comey admit to doing so.
But wait, now, it looks like even our headphones are not safe.
A team of security researchers from the Ben-Gurion University has demonstrated that it is entirely possible to hijack a pair of garden-variety headphones and use them as spying devices.
Their proof-of-concept malware called "Speake(a)r" exploits the headphone jack "retasking" feature of RealTek audio codec chips, commonly found on most computer motherboards, and essentially turns your headphone speakers into microphones.
How the hack works
The principle behind the hack is fairly simple. In case you didn't know, any analog headphone pair can be turned into functioning microphones by merely plugging them into an audio in jack.
Since analog headphones convert electromagnetic signals into audible speaker vibrations, reversing this signal will have the speaker membranes pick up the vibrations instead, and similar to how a mic works, convert these back into electromagnetic energy.
(You can try this trick by plugging a pair of mic-less headphones into an audio-in jack then start recording.)
The researchers say that since RealTek audio chips are very common in computer motherboards, the attack can work on virtually any computer regardless of operating system, be it Windows or MacOS. The team is still determining if other audio chips and smartphones are vulnerable to these kinds of attacks but they believe it is very likely.
"This is the real vulnerability," stated Mordechai Guri, Ben Gurion's lead researcher. "It’s what makes almost every computer today vulnerable to this type of attack."
The attack works quite well too. During Ben Gurion's tests, they plugged in a pair of Sennheiser headphones and found out that they can record sounds from up to 20 feet away. "It’s very effective," added Guri. "Your headphones do make a good, quality microphone."
Although Ben Gurion's purpose for the creation of the proof-of-concept "Speake(a)r" malware is solely for theoretical and precautionary purposes, the vulnerability is certainly out there for a determined hacker to try and exploit.
"People don't think about this privacy vulnerability," said Guri. "Even if you remove your computer's microphone, if you use headphones you can be recorded."
How to protect yourself
The researchers admit that this vulnerability can't simply be patched with a software security update. The "retask" feature of RealTek audio chips is not a bug but a baked-in feature and it can't be remedied without a total redesign of the chips themselves and installing them in future motherboards.
At least for now, this hack will not work with digital/non-analog headphones. USB, wireless, Bluetooth and Lightning headphones should be impervious to these Speake(a)r-type analog input retasking attacks.
Also, since this hack requires a swap of the output and input ports, one way to tell if your headphone speakers have been retasked is if they stop playing sound. Additionally, your headphones will also have to be plugged in for the swap to even work.
So if you're paranoid enough, aside from taping over your computer's webcam, another good practice is to stop keeping idle headphones from being plugged in all the time.