Just in time for a new adminstration, Great. Now even your headphones can spy on you by Andy Greenberg.
From the post:
CAUTIOUS COMPUTER USERS put a piece of tape over their webcam. Truly paranoid ones worry about their devices’ microphones—some even crack open their computers and phones to disable or remove those audio components so they can’t be hijacked by hackers. Now one group of Israeli researchers has taken that game of spy-versus-spy paranoia a step further, with malware that converts your headphones into makeshift microphones that can slyly record your conversations.
Researchers at Israel’s Ben Gurion University have created a piece of proof-of-concept code they call “Speake(a)r,” designed to demonstrate how determined hackers could find a way to surreptitiously hijack a computer to record audio even when the device’s microphones have been entirely removed or disabled. The experimental malware instead repurposes the speakers in earbuds or headphones to use them as microphones, converting the vibrations in air into electromagnetic signals to clearly capture audio from across a room.
“People don’t think about this privacy vulnerability,” says Mordechai Guri, the research lead of Ben Gurion’s Cyber Security Research Labs. “Even if you remove your computer’s microphone, if you use headphones you can be recorded.”
…
But the Ben Gurion researchers took that hack a step further. Their malware uses a little-known feature of RealTek audio codec chips to silently “retask” the computer’s output channel as an input channel, allowing the malware to record audio even when the headphones remain connected into an output-only jack and don’t even have a microphone channel on their plug. The researchers say the RealTek chips are so common that the attack works on practically any desktop computer, whether it runs Windows or MacOS, and most laptops, too. RealTek didn’t immediately respond to WIRED’s request for comment on the Ben Gurion researchers’ work. “This is the real vulnerability,” says Guri. “It’s what makes almost every computer today vulnerable to this type of attack.”
…(emphasis in original)
Wired doesn’t give up any more details but that should be enough to get you started.
You must search for RealTek audio codec datasheets. RealTek wants a signed NDA from a development partner before you can access the datasheets.
Among numerous others, I know for a fact that datasheets on ALC655, ALC662, ALC888, ALC1150, and ALC5631Q are freely available online.
You will have to replicate the hack but then:
- Choose your targets for taping
- Obtain their TV/music preferences from Amazon, etc.
- License new content (would not want to upset the RIAA) for web streaming
- Offer your target the “latest” TV/music by (name) for free 30 day trial
For the nosy non-hacker, expect to see “hacked” earphones for sale on the Dark Web.
Perhaps even in time for holiday shopping!
Warning:Hacking or buying hacked headphones is a violation of any number of federal, state and local laws, depending on your jurisdiction.
PS: I am curious if the mic in cellphones is subject to a similar hack.
Perhaps this is the dawning of the age of transparency. 😉