We know that our computer or laptop’s webcam is quite vulnerable to hacking and usually hiding their webcam’s lens with a piece of tape is the only way out. Some add another level of security and hide their microphones too so that their audio conversations couldn’t be recorded by cyber-criminals or government spies (Just like in this photo) where Mark Zuckerberg was found covering his laptop camera with tape and the microphone with a mic jack in order to protect himself from being spied.
That’s a great strategy to prevent people from peeking into your life and activities but how will you protect yourself when hackers can convert seemingly risk-free devices like headphones into recording machines to spy on you?
It is indeed true! According to Wired, Israeli security researchers from Ben-Gurion University [Pdf] have developed malware that can convert your headphones into microphones to record all your conversations.
Mordechai Guri, the head of the research team from the university’s Cyber Security Research Labs, believes that people usually overlook the probability of headphones or earbuds being vulnerable.
“Even if you remove your computer’s microphone if you use headphones you can be recorded,” noted Guri.
Israeli researchers have also created “Speake(a)r,” a proof-of-concept that demonstrated the way hackers can easily hijack your headphones and record audio even if the microphones have been disabling or even removed.
Speake(a)r basically uses the headphones as microphones and converts vibrations into electromagnetic signals. That’s how it manages to record audio from across a room.
However, the revelation comes as no surprise because the transformation of earbuds into recording devices is already discovered phenomenon and there are countless YouTube videos that demonstrate how it is done. The reason is that the headphones’ speaker uses the vibrations produced by its membrane into the air to turn electromagnetic signals into sound waves. These particular membranes also function in reverse, that is, these can pick sound vibrations and turn them into electromagnetic signals.
The difference between already known and publicly available information and the analysis of Ben Gurion University researchers is that the malware they have created uses a lesser-known feature of RealTek audio codec chips to carry out the hack. It basically modifies the function of a computer’s output channel to work as an input channel. This allows the malware to capture audio while the headphones remain linked with an output-only jack. It must be noted that the headphones don’t even have a microphone channel.
The research also revealed that the attack can literally work on any desktop computer primarily because the RealTek chips are extremely common. So no matter which operating system you are using Windows or macOS, there is every possibility that your audio can be recorded. It is even possible on laptops.
Guri further stated that the vulnerability is real; “it’s what makes almost every computer today vulnerable to this type of attack.”
The researcher also tried to test the same technique of hacking audio using a pair of Sennheiser headphones. It was learned that they could record audio from 20 feet distance. To check the quality of sound, the researcher compressed the recording and passed it onto the internet and they were astonished that they could tell the words were spoken by a male.
Guri says that the technique is quite “effective. Your headphones do make a good, quality microphone.”
Currently, there is no guarantee that a basic software patch could fix the eavesdropping issue because RealTek chips’ ability to switch between output and input channels isn’t an accidental bug, it is an inherent feature. It cannot be easily fixed unless the chip is completely redesigned in under-production computers.
So, what you need to do to protect your privacy is to unplug the headphones properly prior to making conversations via your computer.