Pierluigi Paganini November 24, 2016

Speake(a)r attack – Security researchers have demonstrated how to turn headphones into a microphone to spy on all target conversations

A group of security researchers at Ben Gurion University have demonstrated that it is possible to turn headphones into a microphone to spy on all target conversations in the background without raising suspicious.

The team of researchers is famous for having devised several methods to exfiltrate data from air-gapped networks.

The research team has developed a proof-of-concept malware, dubbed Speake(a)r, that allows to use typical headphones as microphones and record all surrounding conversations, such as a spying device.

The researchers published technical details of the Speake(a)r attack in the research paper titled “Speake(a)r: Turn Speakers to Microphones for Fun and Profit.”

The technique to use headphones as microphones is not a novelty, many other groups have devised such kind of techniques.

This specific research is very interesting because it managed to switch an output channel of the audio card on any laptop, running either Windows or Mac OS, to an input signal and then recording the sound without any dedicated microphone channel from as far as 20 feet away.

The Speake(a)r malware exploits a computer to record audio even when the microphone is disabled or disconnected from the computer.

“People don’t think about this privacy vulnerability,” explained the lead researcher Mordechai Guri “Even if you remove your computer’s microphone, if you use headphones you can be recorded.”

Speak (a)r captures vibrations in the air through the headphones, then converts them to electromagnetic signals, alters the internal functions of audio jacks, and then switches input jacks (used by microphones) to output jacks (used for speakers and headphones).

With this technique, a hacker is able to record audio, though at a lower quality, from computers with a disabled microphone. The method also works if users remove any existing audio component from the computer.

The method devised by the experts leverages on a feature of Realtek audio codec chips that silently “retask” the computer’s output channel as an input channel silently.

We have to consider that RealTek chips are being used on the majority of computers today, so the Speake(a)r malware works on practically any machine. According to the researchers, this issue is not easy to fix, it is necessary to redesign and replace the chip exploited by the malware.

“This is the real vulnerability,” added Guri. “It’s what makes almost every computer today vulnerable to this type of attack.”

The researchers published technical details of the Speake(a)r attack in the research paper titled “Speake(a)r: Turn Speakers to Microphones for Fun and Profit.”

Pierluigi Paganini

(Security Affairs – iPhone-freezing video, hacking

[adrotate banner=”5″]

[adrotate banner=”13″]