Researchers at Israel's Ben Gurion University have created a proof-of-concept exploit that allows them to turn normal headphones connected to a PC into microphones that can then be used by potential hackers to eavesdrop on conversations. According to a new paper titled, "Speake(a)r: Turn speakers to microphones for fun and profit," the security researchers explained that many current PCs and laptops are vulnerable to this particular kind of attack.
The researchers designed a code dubbed "Speake(a)r" that is able to secretly reconfigure a computer's output or headphone jack to an input or microphone jack, allowing a hacker to listen in and even record someone's private conversations.
"The fact that headphones, earphones and speakers are physically built like microphones and that an audio port's role in the PC can be reprogrammed from output to input creates a vulnerability that can be abused by hackers," professor Yuval Elovici, director of the BGU Cybersecurity Research Center (CSRC), said in a statement.
Researchers found that the audio chipsets used in modern motherboards and sound cards include an option to alter the function of an audio port on a software level using a type of programming called "jack retasking" or "jack remapping."
Researchers said that the experimental malware targets RealTek audio codec chips, which has this option, to remotely reconfigure and swap the headphone jack for a microphone jack, essentially allowing a potential hacker to turn a computer into an eavesdropping device "even when the computer doesn't have a connected microphone."
RealTek's audio chipsets are currently used in a wide range of PC motherboards, researchers said.
"Our experiments demonstrate that intelligible audio can be acquired through earphones and can then be transmitted distances up to several meters away," researchers wrote. "In addition, we showed that the same setup achieves channel capacity rates close to 1 Kbps in a wide range of frequencies."
However, they did note that the reconfiguration can only take place when the headphones are not in use. For example, if a user is playing music at the time, the microphone jack is "instantly reconfigured" back into a headphone jack.
To demonstrate the hack, researchers used a pair of Sennheiser headphones and found that they could remotely record audio from 20 feet away.
Researchers noted that since the vulnerability currently lies in the RealTek chips, there is not much users can do to fix the issue except completely disabling the audio hardware to prevent the malware from accessing a computer's audio codec or "enforcing a strict rejacking policy" across the industry. They added that anti-malware and intrusion detection systems could also develop API monitoring to detect and block any unauthorised speaker-to-mic retasking attempts.
"This is the reason people like Facebook chairman and chief executive officer Mark Zuckerberg tape up their mic and webcam," Mordechai Guri, lead researcher and head of Research and Development at the CSRC, said. "You might tape the mic, but would be unlikely to tape the headphones or speakers."