Last updated January 1st 2017
Earlier this year, Facebook’s CEO Mark Zuckerberg revealed that he uses tape to cover the webcam and microphone jack of his laptop, with many other people around the world following suit in efforts to prevent webcam hacking and spying. But while we’ve heard about hackers activating webcams and microphones remotely to spy on people without, did you know that your headphones are also a threat to your privacy?
A new Israeli study shows how headphones can be used to record you, without your knowledge. The Cyber Security Research Center at Israel’s Ben-Gurion University has developed proof-of-concept headphones to show exactly how dangerous this headphone vulnerability can be if not addressed.
Called “Speake(a)r,” this new headset-turned-microphone works by secretly “re-tasking” the function of your speakers or headphones. “We found that most of the computers today support the capability to convert and use speakers as a microphone,” Mordechai Guri, lead researcher of the project, tells NoCamels.
This is because speakers are effectively designed like a microphone – in reverse. While speakers translate electric currents into sound waves, microphones turn sound waves into electric currents.
The Speake(a)r software reverses this process. The Realtek audio chip-sets used in most computers can have their function modified, meaning a sound card can be programmed to do more than simply emit sound, with enough software fiddling. No physical changes need to be made to the speakers, creating an opportunity for hackers to work their way remotely into a computer’s built-in speaker system and record sound.
Taping your computer is not enough
When it comes to taping your computer, well, “we just proved it’s not enough,” Guri says. “Even if you take out your microphone, hackers can still record you.” While we cannot be sure if such technology is already being used in the deep web, the Speake(a)r software proves that it is possible, and that it is not just about microphone and webcam hacking.
The idea of hackers accessing speakers without our knowledge is disturbing. The researchers at Ben-Gurion University recognized a need to check privacy and security issues for all computers, which led to this “academic prototype” as described by Guri. If used in the future, the Speake(a)r concept will help prevent such invasions of privacy.
Guri says his team members don’t necessarily want to commercialize the technology, they want to bring awareness to a potential new threat and encourage new developments in cyber-security. “At the Security Center, we are always trying to find vulnerabilities. We want to expose vulnerabilities and to close them,” he says.
What would it take? It isn’t a simple endeavor as the problem lies in how audio chips are designed. They’re now so widespread, that the next challenge cyber-security faces is remote monitoring.
In the meantime, users can unplug their speakers and headphones when not in use, or try Bluetooth or USB connected speakers which can help avoid the risk of software manipulation.