Speake(a)r Malware Turns Headphones Into Microphones To Spy On You
A group of Israeli researchers have taken the bizarre step of purposely creating a new strain of malware that turns a set of plugged in headphones into a microphone that can covertly record conversations.
The researchers, based in Ben Gurion University, Israel, have taken the opportunity to create a proof-of-concept piece of software that they are calling “Speake(a)r,” and seems to have been created to highlight a way in which malicious individuals could still hijack the conversations of people using devices that have had the internal microphone physically removed.
Device owners have become increasingly aware of their own privacy and security over the last few years. Some conspiracy theorists who opt to purchase laptops, smartphones and tablets even go to the extreme lengths of physically removing webcams or pulling apart a phone to remove the internal microphone.
That may not exactly be the mainstream behavior, but it’s certainly something that happens as part of a process of ensuring that privacy is maintained at all costs. This research, and the resulting software developed by the research team at Ben Gurion University, highlights the frightful fact that even exercising extreme measures doesn’t instantly protect privacy.
The real purpose of the Speake(a)r malware is to highlight how relatively easy it is for a software-based solution to repurpose the internals of a set of headphones to be used as a microphone. Apparently the software piggy-backs on the abilities of RealTek audio codec chips to make the hack possible:
Their malware uses a little-known feature of RealTek audio codec chips to silently “retask” the computer’s output channel as an input channel, allowing the malware to record audio even when the headphones remain connected into an output-only jack and don’t even have a microphone channel on their plug. The researchers say the RealTek chips are so common that the attack works on practically any desktop computer, whether it runs Windows or MacOS, and most laptops, too.
The malware itself is extremely interesting in as far as it’s an impressive use of the underlying technology to show how an invasion of privacy is actually possible. With that in said, given that we live in an increasingly connected world where even our homes are connected to the Internet on a semi-permanent basis, it’s hardly surprising that these methods to invade privacy exist.
The researchers have also released a video showing the exploit in action, and is embedded below for you to check out.