Recently, there has been an increased public awareness when it comes to security and privacy on the internet. Being a privacy vulnerability issue this is definitely an interesting development, as people are now more conscious as to what they do online, and also how they handle their internet-capable devices even when they are offline. With that being said, has it crossed your mind that the devices that you use to listen to sound, can also be used to listen on you?
A research team at the Ben Gurion University in Israel announced Wednesday that they have been able to create a code that allows them to use headphones as microphones. No, they are not talking about the in-line mic attached to your headset, or of the mic on your computer, but turning the actual devices that you put in or on your ear to capture your conversations.
The piece of code, which the researchers called SPEAKE(a)R, converts your earphones or headphones from a listening tool to an audio recording tool.
Common security measures that a lot of people, even top tech CEOs do, includes taping up their webcam or mic when not in use, or removing the headphone with mic from the audio jack. With this piece of code however, it seems that these measures for improved privacy are not enough anymore.
Dr. Yosef Solewicz, the acoustic researcher for the team, said that they “…demonstrated it is possible to acquire intelligible audio through earphones up to several meters away”. This is most certainly alarming, as it is very likely that it has not entered most people’s minds that their headphones can be used to listen in on them.
Lead researcher for the team, Mordechai Guri, also adds that “You might tape the mic, but would be unlikely to tape the headphones or speakers”.
According to the team, this hack is not that complicated to do at all. What the SPEAKE(a)R code does is it utilizes certain protocols that can be found in even the most common of audio codecs being used in computing devices today. The targets are those commands that change the function of the audio port from an output to an input; this is called jack re-tasking or jack remapping. With this function, plus the fact that speakers and headphones can also capture sound waves and convert them to electrical signals, the result is a viable point of vulnerability for hackers to exploit. In fact, the team at Ben Gurion University have released a video to prove that this method of spying is indeed possible.
With this vulnerability, the team suggests that people should employ extra precautions to ensure that their privacy is protected. This includes turning off connected speakers when not in use and the removal of headphones or earphones from the headphone jack, even if they do not have an in-line mic. The team also suggests to manually disable computer audio hardware when there is no need to listen to any audio.
The research team at the Ben Gurion University hopes that this will increase industry awareness with regards to improving security on the audio side of computing devices. Strict rules on audio port rejacking as well as the development of specific anti-malware tools that target audio devices are some of the improvements that the team would like to see in the future.