Malware Now Transforms Your Headphones Into Microphones To Eavesdrop On You

By Edwin Kee
Headphones can now be used to spy on you with Speake(a)r malware.
 Consumer Reports

How cautious are you when it comes to using your computer? Is it chock-full of security software, not to mention you would not use any computer that does not have a VPN installed on it, and you even go to great lengths such as taping your webcam? Well, here is something else for you to consider -- your pair of headphones can even be used against you for spying purposes. How is this possible? A bunch of researchers from Israel has managed to program a malware which will be able to turn your pair of headphones into microphones which will be able to record your conversations without you even realizing it.

The researchers hail from Israel’s Ben Gurion University, and this is a proof-of-concept code which has been dubbed as “Speake(a)r”. Speake(a)r was programmed in order to show the world how with a little bit of determination and the right amount of knowledge, hackers will be able to hijack your computer in order to record audio -- even when you have made the necessary precautions to remove or disable the microphone on the device. Such an experimental piece of malware will take the road less traveled -- by repurposing the speakers in earbuds or headphones, and using them as microphones instead. This is made possible through the conversion of vibrations in air into electromagnetic signals, which will then be able to capture audio in a clear manner right from across a room.

Mordechai Guri, the research lead of Ben Gurion’s Cyber Security Research Labs, shared, “People don’t think about this privacy vulnerability. Even if you remove your computer’s microphone, if you use headphones you can be recorded.” Great, what kind of defenses does the average consumer now have against such machinations in the digital arena? It is rather difficult to fathom as to how many more pieces of software or having the right kind of hardware in the home and office are required in order to have peace of mind when using a computer.

You can check out the proof-of-concept in the YouTube video above, where the speakers in headphones are able to transform electromagnetic signals into sound waves via a membrane’s vibrations. Simple logic would dictate that such membranes are also able to work in reverse, where it will pick up sound vibrations and convert them back to electromagnetic signals.The Speake(a)r malware will make use of a feature that not many know about in RealTek audio codec chips in order to “retask” the computer’s output channel on the quiet, using it as an input channel instead.

This enables the Speake(a)r malware to record audio -- despite having the pair of headphones connected into an output-only jack, without a microphone channel being on the plug. Such RealTek chips are used just about everywhere, that this attack ought to be viable on practically all average desktop computers, regardless of whether it is a Windows or a Mac machine. RealTek has remained mum on the Speake(a)r malware vulnerability though, and we do hope that this matter ought to be looked into sooner rather than later.