Leaving your headphones plugged into your computer could be a major security threat according to a group of Israeli researchers at Ben Gurion University. Industrious hackers can turn the accessories into eavesdropping microphones to spy on you.
The team behind the revelation published their findings in a paper, focusing on the threat in a cyber-security context. They developed a software called SPEAKE(a)R to exploit this vulnerability, using it to convert ordinary headphones into listening devices even when the PC’s microphone has been removed, taped off, or switched off.
While transforming earbuds into microphones is a well-known hack, the researchers have gone one step further with their efforts by taking advantage of a RealTek audio codec feature which allows people to retask the PC’s output channel as an input channel. Such chipsets are very common, making it possible to attack most Windows and Mac computers.
SPEAKE(a)R was tested using a pair of Sennheiser headphones. The malware managed to record audio from up to 20 feet away. The team then compressed the recording and sent it over the internet, just like a hacker would. Words spoken by a male voice could apparently still be distinguished even with the loss in quality.
Unfortunately, there’s no easy way to plug up this vulnerability. The flaw is a RealTek feature, not an accidental bug. The only way forward is to completely redesign and replace the chip in future computers. The paper only focuses on the company’s chips, but it’s possible the problem could also affect smartphones and other audio codec chips.