Speake(a)r attack allows to spy on users through typical headphones

Speake(a)r attack – Security researchers have demonstrated how to turn headphones into a microphone to spy on all target conversations

A group of security researchers at Ben Gurion University have demonstrated that it is possible to turn headphones into a microphone to spy on all target conversations in the background without raising suspicious.

The team of researchers is famous for having devised several methods to exfiltrate data from air-gapped networks.

The research team has developed a proof-of-concept malware, dubbed Speake(a)r, that allows to use typical headphones as microphones and record all surrounding conversations, such as a spying device.

The researchers published technical details of the Speake(a)r attack in the research paper titled “Speake(a)r: Turn Speakers to Microphones for Fun and Profit.”

The technique to use headphones as microphones is not a novelty, many other groups have devised such kind of techniques.

This specific research is very interesting because it managed to switch an output channel of the audio card on any laptop, running either Windows or Mac OS, to an input signal and then recording the sound without any dedicated microphone channel from as far as 20 feet away.

The Speake(a)r malware exploits a computer to record audio even when the microphone is disabled or disconnected from the computer.

“People don’t think about this privacy vulnerability,” explained the lead researcher Mordechai Guri “Even if you remove your computer’s microphone, if you use headphones you can be recorded.”

speakear

Speak (a)r captures vibrations in the air through the headphones, then converts them to electromagnetic signals, alters the internal functions of audio jacks, and then switches input jacks (used by microphones) to output jacks (used for speakers and headphones).

With this technique, a hacker is able to record audio, though at a lower quality, from computers with a disabled microphone. The method also works if users remove any existing audio component from the computer.

The method devised by the experts leverages on a feature of Realtek audio codec chips that silently “retask” the computer’s output channel as an input channel silently.

We have to consider that RealTek chips are being used on the majority of computers today, so the Speake(a)r malware works on practically any machine. According to the researchers, this issue is not easy to fix, it is necessary to redesign and replace the chip exploited by the malware.

“This is the real vulnerability,” added Guri. “It’s what makes almost every computer today vulnerable to this type of attack.”

The researchers published technical details of the Speake(a)r attack in the research paper titled “Speake(a)r: Turn Speakers to Microphones for Fun and Profit.”

[adrotate banner=”9″]

[adrotate banner=”12″]

Pierluigi Paganini

(Security Affairs – iPhone-freezing video, hacking

[adrotate banner=”5″]

[adrotate banner=”13″]

Pierluigi Paganini

Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer. Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US. Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines. Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.