“If you use headphones you can be recorded,” researcher states.
Computer hackers are capable of recording victims through their headphones without realizing, a new study has found.
Wired reports that researchers at Israel’s Ben Gurion University have developed a proof-of-concept code designed to demonstrate how a computer can be hacked to secretly record audio even if the microphones have been disabled. The malware program can repurpose speakers in earbuds and headphones to use as mics, but that isn’t even the sinister part.
Repurposing headphones as speakers (and vise versa) is commonly known, but what their program, appropriate called Speake(a)r, accomplishes is being able to access a weakness in the commonly used RealTek audio codec chips. The program switches headphone outputs to inputs, allowing a hacker to spy through headphones, even if without inputs or built-in speaker function.
“This is the real vulnerability,” says Mordechai Guri, leader of the University’s Cyber Security Research Labs. “It’s what makes almost every computer today vulnerable to this type of attack.”
Guri also points out that the RealTek vulnerability isn’t as simple as an error that can be updated. It’s an intentional feature that hackers can manipulate, meaning it may need to be redesigned and replaced in future computers.
RealTek has read to comment on the findings.