Researchers at Ben Gurion University in Israel have created malware that will turn your plugged in headphones into a microphone.
Now, if you've ever plugged old headphones into a standard line in jack, you know that headphones are basically tiny microphones anyway, with vibrations converting themselves into electromagnetic signals. But this malware is a bit different. Dubbed "Speake(a)r", the malware does the same thing, but through software. Wired explains:
Their malware uses a little-known feature of RealTek audio codec chips to silently "retask" the computer's output channel as an input channel, allowing the malware to record audio even when the headphones remain connected into an output-only jack and don't even have a microphone channel on their plug. The researchers say the RealTek chips are so common that the attack works on practically any desktop computer, whether it runs Windows or MacOS, and most laptops, too.
You can see the exploit in action in this video:
Wired says that in their tests, the researchers at Ben Gurion were able to record sound from as far as 6m away with a pair of Sennheiser headphones. Apparently, even when the compressing the recording to send over the internet, the recording was still distinguishable.
Moreover, because the chip feature that the researchers are exploiting is working as intended — it switches between line in and line out on one port — protecting against this kind of proof of concept wouldn't be easy.
The idea is definitely interesting, but it's hardly the only way you can get spied on easily. If you have any internet-of-things devices in your house, consider that cameras, lights, home automation hubs and anything else can be hacked to spy on you too. And don't forget that we all carry around little spy computers in our pockets every single day, even though something as simple as battery status can give away location.
And to think, we said Mark Zuckerberg was paranoid for covering up the ports on his computer and his web cam.