Short Bytes: Researchers at the Ben Gurion University, Israel, have created a malware, called Speake(a)r, to exploit a feature on Realtek codec chips. They can use a pair of headphones to record sound and send it to the laptop using the audio output jack.There are different ways for hackers to spy on you. Most of them include your computer’s camera and microphone sensors. Well, many people including Mark Zuckerberg and FBI Director find it convenient to put a tape on the webcam and mic. Some people even go to the extent of removing a microphone from their machine.
These things can be handy for a while but won’t help in a long-run. In fact, the level of spying has gone past your webcam and mic. Attackers can now use headphones to record everything.
For a while, you can convince yourself that your earphones don’t have a mic at the first place, so, there is no scope for such things. But you’ll be happy to know that a new proof-of-concept malware Speake(a)r, developed by Isreali researchers at the Ben Gurion University, uses the speakers of your earphones as microphones to record the voice around them.
ATTACKERS CAN NOW USE HEADPHONES TO RECORD EVERYTHING
A number of DIY hacks show how to convert an earphone into speakers. But, in this research, the researcher actually use the audio output jack on your laptop as an input jack.
In order to throw out music, the membrane in the earphones vibrates according to the signals it receives from your device. The reverse can be done in which the membrane takes vibrations from its surroundings which are converted into signals. The malware Speake(a)r uses a lesser-known feature (or vulnerability) called jack retasking on Realtek codec chips – these are found on most of the laptops and desktops running Windows, MacOS, and other operating systems.
The researchers are trying to exploit the same vulnerability on other chips as well. For testing, they used a pair of Sennheiser headphones and found that the sound could be captured from as far as 20 feets. Now, that’s frightening.
The recorded audio can then be compressed and transferred over the internet. Fixing this serious vulnerability is not a matter of a simple software patch. A redesigned chip is required to address the bug.
If you have something to add, tell us in the comments below.