If you’re a tinfoil hat type who’s already gone down the rabbit hole, this should help you sleep at night. Turns out no matter how paranoid you are about being spied upon by your electronic devices, it’s worse than you’ve imagined thus far.
Some people put privacy stickers over their webcams, some people go a step further and disable the microphones on their laptop or desktop through the OS, and some actually crack open their devices to physically remove audio components in order to keep spying down to a minimum. It seems no matter which camp you fall under, you may not be protecting yourself enough.
The researchers at Ben Gurion University in Beer-Sheva, Israel have written a paper and created a little device, and it’s all the NSA wants for X-mas. This proof-of-concept code they’ve written called “SPEAK(a)R” can turn the headphones connected to a PC into a microphone using the RealTek audio codec chips.
This malware repurposes the output channel on a computer and turns it into an input channel, allowing this bit-o-code to record every sound in the room even when the headphones are still in the output-only jack. RealTek chips are so commonly used in both Apple and PCs, that the attack will run on nearly every computer on Earth.
How Do The Headphones Spy On Us Exactly?
The speakers in headphones translate electromagnetic signals into sound waves through the thin membrane’s vibrations. So simply by engineering the process to work backwards, those same membranes can pick up sound vibrations and convert them back into electromagnetic signals. This is how SPEAK(a)R picks up and translates all sound within earshot, and it does so without your knowledge.
In the tests, researchers successfully audio-hacked a pair of Sennheiser headphones (the brand does not matter). They were able to successfully record from up to 20 feet away, compress the size of the recording data to transmit it over the Internet, just as any hacker would, and were still able to decompress on the other side and understand the words spoken from a male voice.
How Do I Stop This?
The fix(es) fall into two categories: hardware and software countermeasures.
For hardware, you’ve got two choices. Forbid the use of any speaker types whatsoever in your presence, or use white noise emitters and audio jammers, which transmit ambient sounds that interfere with the sound waves, making audio capture inaccurate.
On the software side, you can disable the audio hardware in the BIOS settings. Sounds easy, no? I mean, everyone knows how to do that, right? The problem with this (aside from not being technical enough to navigate potentially dangerous-in-the-wrong-hands BIOS settings) is you end up with no sound on your computer.
Or you can wait until the audio codec vendors, such as RealTek, to develop a fix to the HD audio kernel driver in such a way where it would alert you when an unauthorized operation is in use. Lets hope after word gets out that they do exactly that.
Electronic eavesdropping is not going away anytime soon, and those of us with Reynold’s Wrap around our heads at all times aren’t quite as nutty as people make us out to be.
Just because you’re not paranoid doesn’t mean they’re not out to get you.
If a state-sponsored actor or other would-be hacker wants to hear really bad renditions of Michael Jackson songs from my kitchen, bring it on. Just don’t say I didn’t warn you.