Your Earbuds Can Become Microphones With Just A Little Malware
For those fearful of undesired surveillance, there's fresh news to instill fear in their hearts, with an Israeli university recently reporting that they were able to successfully convert earbuds into a functional microphone. Or maybe you just need a way to record those new song ideas…
Guest post by Timothy Geigner of Techdirt
Hyperconnectivity has many positive aspects for many of us, though there are negatives as well. One of the negatives that [has] come along with connectivity is the idea that everything we love can be used to spy on us. Back when prevalent criminal hacking was in the arena of science fiction and broad government surveillance was limited to thematic elements in Orwell novels, the public fear over security exploits like this was limited. Given that the alphabet agencies continue to be shown to use our devices to spy on us, however, Americans likely look more warily at their favorite technology than they did a decade ago. Everything, it seems, is a vector for an invasion of your privacy.
Including, potentially, your headphones. Israeli researchers have shown how, with the aid of some malware, your headphones can be converted into microphones in order to listen in on whatever you happen to be doing.
Researchers at Israel’s Ben Gurion University have created a piece of proof-of-concept code they call “Speake(a)r,” designed to demonstrate how determined hackers could find a way to surreptitiously hijack a computer to record audio even when the device’s microphones have been entirely removed or disabled. The experimental malware instead repurposes the speakers in earbuds or headphones to use them as microphones, converting the vibrations in air into electromagnetic signals to clearly capture audio from across a room.
“People don’t think about this privacy vulnerability,” says Mordechai Guri, the research lead of Ben Gurion’s Cyber Security Research Labs. “Even if you remove your computer’s microphone, if you use headphones you can be recorded.”
And, just like that, I'll never look at my favorite set of earbuds the same way again. What this ultimately points out is that determined hackers will find creative ways to use our own devices against us. That isn't new. What is new seems to be the never ending reports of how devices, be they IoT devices or not, can be repurposed for nefarious ends. The use of all of this by our own government, as well as our government's request for backdoors built into technology, only increases the threat vectors for this type of thing.
This particular exploit relies on ubiquitous RealTek codec chips, which can be instructed by the malware used to switch an output channel to an input channel. Those chips are everywhere and there is no current method to secure them via a patch or update.
There’s no simple software patch for the eavesdropping attack, Guri says. The property of RealTek’s audio codec chips that allows a program to switch an output channel to an input isn’t an accidental bug so much as a dangerous feature, Guri says, and one that can’t be easily fixed without redesigning and replacing the chip in future computers.
Until then, paranoiacs take note: If determined hackers are out to bug your conversations, all your careful microphone removal surgery isn’t quite enough—you’ll also need to unplug that pair of cheap earbuds hanging around your neck.
When even our headphones are a potential enemy, the world has gone mad.