To listen a Audio we need headphones, whereas to record we need Microphones. But Security researchers at Israel’s Ben Gurion University have created a proof-of-concept exploit that lets them turn headphones into microphones to secretly record conversations.
Malware that turn Headphone as Microphone
In earlier days Headphones was also used as Microphones because Speakers and microphones employ similar components to process electrical signals and sound in very similar ways.
But Researchers manages to switch the output sound channel as an input one , where intelligible audio can be acquired through earphones and can then be transmitted distances up to several meters away.
The experimental malware instead re-purposes the speakers in earbuds or headphones to use them as microphones, converting the vibrations in air into electromagnetic signals to clearly capture audio from across a room.
“People don’t think about this privacy vulnerability,” says Mordechai Guri, the research lead of Ben Gurion’s Cyber Security Research Labs. “Even if you remove your computer’s microphone, if you use headphones you can be recorded.”
The speakers in headphones can turn electromagnetic signals into sound waves through a membrane’s vibrations, those membranes can also work in reverse, picking up sound vibrations and converting them back to electromagnetic signals. (Plug a pair of mic-less headphones into an audio input jack on your computer to try it.)
But how this hack possible?
Ben Gurion researchers took that hack a step further. Their malware uses a little-known feature of RealTek audio codec chips to silently “retask” the computer’s output channel as an input channel.
This allows malware to record audio even when the headphones remain connected into an output-only jack and don’t even have a microphone channel on their plug. The researchers say the RealTek chips are so common that the attack works on practically any desktop computer, whether it runs Windows or MacOS, and most laptops, too.
“This is the real vulnerability,” says Guri. “It’s what makes almost every computer today vulnerable to this type of attack.”
To be fair, the eavesdropping attack should only matter to those who have already gone a few steps down the rabbit-hole of obsessive counter-intelligence measures. But in the modern age of cybersecurity, fears of having your computer’s mic surreptitiously activated by stealthy malware are increasingly mainstream.
In this tests, the researchers tried the audio hack with a pair of Sennheiser headphones. They found that they could record from as far as 20 feet away—and even compress the resulting recording and send it over the internet.
In highly secure facilities it is common practice to forbid the use of any speakers, headphones, or earphones in order to create so-called audio gap separation. Less restrictive policies prohibit the use of microphones but allow loudspeakers, however because speakers can be reversed and used as microphones, only active one way speakers are allowed.
Software countermeasures may include disabling the audio hardware in the UEFI/BIOS settings. This can prevent a malware from accessing the audio codec from the operating system.
However, such a configuration eliminates the use of the audio hardware (e.g., for music playing, Skype chats, etc.), and hence may not be feasible in all scenarios. Another option is to use the HD audio kernel driver to prevent rejacking or to enforce a strict rejacking policy.