Headphones: timeless, indispensable technology used across the globe for listening to music, making phone calls, and even as makeshift microphones, or… listening devices?
A group of Israeli researchers at Ben Gurion University have proven that hackers can use headphones to listen into conversations by creating a proof-of-concept code called “Speake(a)r,” designed to record audio by converting the vibrations produced by sound waves into electromagnetic signals that be captured through earbud or headphone speakers – even if the original device’s microphones have been removed or disabled.
To use headphones as a listening device, the malware designed by the researchers uses RealTek audio codec chips to change the output channel on the victim’s computer into an input channel – meaning the malware can record audio even if the headphones are connected to an output-only jack AND if there is no microphone channel.
“People don’t think about this privacy vulnerability,” Mordechai Guri, research lead of Ben Gurion’s Cyber Security Research Labs, wrote in the team’s research paper. “Even if you remove your computer’s microphone, if you use headphones you can be recorded.”
And these puppies have range. In their tests, Guri and his team tested the hack with Sennheiser headphones and were able to record from up to 20 feet away. Even at that distance, they could record, compress, and send their recordings over the internet, and still make out the audio clearly.
If you’re hoping that these RealTek audio codec chips aren’t very common, you’re out of luck. These chips are in basically any computer and most laptops, no matter the operating system. This can’t be fixed with a software patch either, as the chips are an essential part of the hardware, meaning the fix won’t come until the computers themselves are updated without the chips.
Until, the solution is pretty simple: unplug your headphones when you aren’t using them.