Malware Can Enable Surveillance By Turning Headphones Into Microphones

By Nathaniel Mott
published

Researchers at the Ben-Gurion University of the Negev in Israel revealed that malware can turn headphones into microphones.

"Interestingly, the audio chipsets in modern motherboards and sound cards include an option to change the function of an audio port at a software level, a type of audio port programming sometimes referred to as jack retasking or jack remapping," the researchers explained in a paper about the exploit. "This option is available on Realtek's (Realtek Semiconductor Corp.) audio chipsets, which are integrated into a wide range of PC motherboards today."

The team demonstrated this concept with software it dubbed SPEAKE(a)R. It works by essentially reversing the process used to transfer sounds between a computer and the headphones connected to it. Instead of driving a current through a coil in a magnetic field to produce sounds, which is how PCs send audio to headphones, SPEAKE(a)R uses headphones to capture sound and convert it to a current sent via the coil to a PC. Ta-da! Easy surveillance.

The researchers envisioned this attack being useful in two scenarios: one in which a computer that doesn't have a microphone could be used to snoop on its owner via connected headphones, and another in which a device's built-in microphone is ignored in favor of headphones if they can get better audio. It also isn't hard to imagine this attack being used against someone who has disabled their computer's microphone but still plugs in their headphones.

Compromising someone's device won't do any good if the surveillance doesn't reveal any meaningful information, however, so SPEAKE(a)R was run through a battery of tests to see if it could be used to pick up worthwhile audio. The team found that "an intelligible audio transmission can be achieved from a few meters using headphones as a microphone," which means that an attack like this could in fact be used to snoop via someone's headphones.

So what can someone do to defend themselves? The good news is that many places where sensitive information is being communicated forbid the use of speakers; their ability to be turned into microphones has been well documented. The bad news is that short of fiddling with a motherboard's UEFI/BIOS settings or waiting for operating system makers or audio codec providers to address this issue, the best option is not to use headphones with your PC.

Nathaniel Mott
Nathaniel Mott
Freelance News & Features Writer

Nathaniel Mott is a freelance news and features writer for Tom's Hardware US, covering breaking news, security, and the silliest aspects of the tech industry.

Topics
Security
22 Comments Comment from the forums
  • ahnilated
    This is old news.
    Reply
  • skit75
    I call BS, hahah. The linked video is far from "scientific" and proves absolutely nothing to be quite honest. I got a good laugh though. Re-mapping the I/O of the integrated audio device chip does not mean that a speaker can magically become a microphone. =)

    Edit: Down-voted into submission and embarrassingly humbled, yet again =)
    Reply
  • boju
    @ SKIT75 i've used the speaker of a headphone as a mic once before as an emergency because my mic broke
    Reply
  • nukemaster
    18907570 said:
    I call BS, hahah. The linked video is far from "scientific" and proves absolutely nothing to be quite honest. I got a good laugh though. Re-mapping the I/O of the integrated audio device chip does not mean that a speaker can magically become a microphone. =)
    18907982 said:
    @ SKIT75 i've used the speaker of a headphone as a mic once before as an emergency because my mic broke
    +1 boju
    I used to do this all the time when my mic broke. It does work.
    I am almost sure if you disable mic input(realtek) on your sound card even after swapping inputs should not work.
    Reply
  • photonboy
    A speaker (driver) is essentially the same as a microphone. If you apply current to the magnet you pull in and when it releases (speaker) you push air.

    If you push air on the speaker then conversely it is creating an electric current that can be detected by the system.

    What surprised me was that the headphone path would detect this, but then we don't have great EMF protection anyway in most PC's.

    Obviously USB headphones would not have this issue.
    Reply
  • arterius2
    LOL, can I do this with my shelf speakers?
    Reply
  • arterius2
    18907570 said:
    I call BS, hahah. The linked video is far from "scientific" and proves absolutely nothing to be quite honest. I got a good laugh though. Re-mapping the I/O of the integrated audio device chip does not mean that a speaker can magically become a microphone. =)

    I actually tried this with my earbud, after reading the article, it actually does work, I have to turn up the mic volume and gain to +20 in windows settings to get a decent pickup with it, a lot of background noise, but it does work man.
    Reply
  • anbello262
    I actually do this regularly.
    And I believe that having the option to turn a mic port into a speaker port is a GREAT possibility, it helps a lot when sharing audio.
    I even use earphones as accelerometers/vibration detectors. They make for some very cheap and readily available (inaccurate in amplitude, but reliable in frequency) sensors, better than most mics for this particular project.


    But, one question:

    Laptopt with built-in speakers, what can you do to defend yourself?
    Reply
  • Syze00
    I don't know why this took so long to figure out. Speakers and a microphone are pretty much the same thing if you look at the components. Thats why (generally) good microphone makers also make some of the best headphones. Only the ignorant majority don't want headphones that actually sound good. They want one endorsed by their favorite rapper and extra bass. If you don't believe me, plug your headphones into the mic jack and talk into it. You might need to try both ears but you should pick up audio since your just moving the diaphragm in the opposite direction.
    Reply
  • snkeii
    that was my question. how would one keep pc speakers or even tv/monitor speakers from being exploited? most laptops have webcams and mics built in and im not sure they have the same socket swapping as a regular mb.
    ive used a small speaker as a mic in a pinch a few times over the last 30 years or so. its not anything new.
    Reply