Headphones have always done what we expect them to do-- play tunes and sounds, practically blocking out the noise of the outside world. While we know that they give a one-sided listening experience, researchers might have found a loophole that opens the possibility of a third-party entity listening in on us instead.
Researchers over at the Ben Gurion University in Israel have created a piece of code concept they dub as 'Speake(a)r'. It was designed to demonstrate how hackers could find a way to hijack a computer to record audio, even if the device's microphones have already been disabled.
This technique re-purposes the speakers in earbuds and headphones into microphones, capturing vibrations in the air and converting them into electromagnetic signals. This will then enable the hackers to quietly capture audio without the knowledge of the owner.
“People don’t think about this privacy vulnerability,” says Mordechai Guri, the research lead of Ben Gurion’s Cyber Security Research Labs. “Even if you remove your computer’s microphone, if you use headphones you can be recorded.”
This trick apparently isn't new anymore, with YouTube videos demonstrating how to exactly make this possible. However, unlike the ones in the video-streaming website, the Gurion researchers exploited a little-known feature of Realtek audio codec chips, which reverses the computer's output channel as an input channel.
With many Realtek audio chips out there, the hack can practically be done on any computer, whether you are running Windows, or macOS. “This is the real vulnerability”, says Guri. “It’s what makes almost every computer today vulnerable to this type of attack.”
Guri states that there is no simple software patch to stop the possible eavesdropping attack. Given the Realtek codec chip is a feature in itself and not a bug, the problem reportedly can only be solved by replacing and redesigning the audio chip in future computers.
While this type of attack is indeed alarming, hacks like Speake(a)r are not generally something to be highly worried about, especially for those who don't really mess around with computer systems. It is currently only a proof-of-concept, and most likely won't become a mainstream thing when it comes to hacking anytime soon. Still, in today's era of cybersecurity, it always pays to give extra care to what we do with our computers, in order to keep ourselves safe from criminals.