Millions of us don headphones each day. Few, if any, have ever given much thought to the possibility of someone listening on the other end.
Researchers at Ben Gurion University in Israel have created a piece of code designed to prove it’s possible to hijack a user’s headphones and turn them into a covert listening device. Dubbed ‘Speake(a)r,’ the malicious code utilizes our existing earbuds (or headphones) to capture vibrations in the air and convert them to electromagnetic signals able to capture audio.
Mordechai Guir, lead researcher at Ben Gurion’s Cyber Security Research Labs told Wired:
People don’t think about this privacy vulnerability. Even if you remove your computer’s microphone, if you use headphones you can be recorded.
This isn’t new. Many a YouTube hack has demonstrated the ability to use headphones as a microphone in a pinch. What’s clever is in how the malware manages to switch an output jack on your laptop — running either Windows or MacOS — to an input and capture the audio without a dedicated microphone channel.
Using a little-known feature of RealTek’s audio codec chip, the malware secretly “retasks” outputs on a laptop and turns them into inputs capable of recording audio behind the scenes. In this case, it really is a feature, not a bug.
Speake(a)r, at this point, is a proof of concept. It’s a scary thought that someone could be monitoring a room without your knowledge, but it’s probably not worth getting worried about just yet. We’ve yet to encounter any proof of this being used in the wild, and the simple truth is: most of us just aren’t interesting enough to warrant covert listening.
Still, it’s worth noting what’s possible, and as this concept video proves: even your headphones aren’t entirely safe from hackers.