Malware that turns PCs into eavesdropping devices demonstrated

November 22, 2016, American Associates, Ben-Gurion University of the Negev
Credit: George Hodan/Public Domain

Researchers at Ben-Gurion University of the Negev (BGU) have demonstrated malware that can turn computers into perpetual eavesdropping devices, even without a microphone.

In the new paper, "SPEAKE(a)R: Turn Speakers to Microphones for Fun and Profit," the researchers explain and demonstrate how most PCs and laptops today are susceptible to this type of attack. Using SPEAKE(a)R, malware that can covertly transform headphones into a pair of microphones, they show how commonly used technology can be exploited.

"The fact that headphones, earphones and speakers are physically built like microphones and that an port's role in the PC can be reprogrammed from output to input creates a vulnerability that can be abused by hackers," says Prof. Yuval Elovici, director of the BGU Cyber Security Research Center (CSRC) and member of BGU's Department of Information Systems Engineering.

"This is the reason people like Facebook Chairman and Chief Executive Officer Mark Zuckerberg tape up their mic and webcam," says Mordechai Guri, lead researcher and head of Research and Development at the CSRC. "You might tape the mic, but would be unlikely to tape the headphones or speakers."

A typical computer chassis contains a number of audio jacks, either in the front panel, rear panel or both. Each jack is used either for input (line-in), or for output (line-out). The audio chipsets in modern motherboards and sound cards include an option for changing the function of an audio port with software -a type of audio port programming referred to as jack retasking or jack remapping.

Malware can stealthily reconfigure the headphone jack from a line-out jack to a microphone jack, making the connected headphones function as a pair of recording microphones and turning the computer into an eavesdropping device. This works even when the computer doesn't have a connected microphone, as demonstrated in the SPEAKE(a)R video.

The BGU researchers studied several attack scenarios to evaluate the signal quality of simple off-the-shelf headphones. "We demonstrated is possible to acquire intelligible audio through earphones up to several meters away," said Dr. Yosef Solewicz, an acoustic researcher at the BGU CSRC.

Potential software countermeasures include completely disabling audio hardware, using an HD audio driver to alert users when microphones are being accessed, and developing and enforcing a strict rejacking policy within the industry. Anti-malware and could also be developed to monitor and detect unauthorized speaker-to-mic retasking operations and block them.

Explore further: Review: Apple's removal of headphone jack a net loss for consumers

Related Stories

New lab mimics the sound of any room

October 12, 2016

Researchers at Aalborg University, in conjunction with Bang & Olufsen in Denmark, have developed a sound laboratory that can reproduce the acoustics of any environment from cars to concert halls. One goal is better design ...

Cutting the cord: Apple pulls the earphone jack

September 8, 2016

The venerable earphone jack looks destined for the same technological graveyard where the Walkman and the rotary telephone now lie after Apple nudged wireless audio closer to mass-market adoption.

Recommended for you

A decade on, smartphone-like software finally heads to space

March 20, 2019

Once a traditional satellite is launched into space, its physical hardware and computer software stay mostly immutable for the rest of its existence as it orbits the Earth, even as the technology it serves on the ground continues ...

Tiny 'water bears' can teach us about survival

March 20, 2019

Earth's ultimate survivors can weather extreme heat, cold, radiation and even the vacuum of space. Now the U.S. military hopes these tiny critters called tardigrades can teach us about true toughness.

Researchers find hidden proteins in bacteria

March 20, 2019

Scientists at the University of Illinois at Chicago have developed a way to identify the beginning of every gene—known as a translation start site or a start codon—in bacterial cell DNA with a single experiment and, through ...

0 comments

Please sign in to add a comment. Registration is free, and takes less than a minute. Read more

Click here to reset your password.
Sign in to get notified via email when new comments are made.