The malicious code labeled “Speake(a)r” uses the headphones to capture vibrations in the air and convert them to electromagnetic signals. The signals are then able to capture audio.
“People don’t think about this privacy vulnerability,” says Mordechai Guri, the research lead of Ben-Gurion’s Cyber Security Research Labs, told Wired. “Even if you remove your computer’s microphone, if you use headphones you can be recorded.”
Still, the shocking revelation is not that new. Actually, there are numerous videos on YouTube that show the basic process.
It’s fairly simple – the speakers in the headphones turn electromagnetic signals into sound waves through a membrane’s vibrations. As a result, those membranes also work in reverse, picking up the vibrations and converting them to electromagnetic signals.
However, researchers at Ben-Gurion University went beyond the basics and applied some well-thought coding. Their code uses a relatively unknown feature or Realtek audio codec chips to turn the computer’s output channel into an input channel.
This allows the code to record audio even when the headphones remain connected into an output-only jack, without the microphone channel on their plug. The scary thing is that, according to the researchers, the Realtek chips are so widespread that the attack works on practically any computer, whether it runs Windows or MacOS.
An effective method
The researchers tested the malicious code on a pair of Sennheiser headphones. The results were staggering.
They could record from as far as 20 feet away, even compress the final recording and send it over the internet, as a hacker would. On top of that, they were still able to distinguish the words spoken by a male voice.
“It’s very effective,” says Guri. “Your headphones do make a good, quality microphone.”
Consequently, a simple software patch cannot solve the problem, according to Guri. RealTek’s audio codec chips need a thorough redesign and a complete replacement of the chip in future computers.
What this means is that, in a case of a similar attack, the only effective solution is unplugging the headphones.