PINDROP BLOG

Remotely Recording Conversations Through Headphones

As if attackers didn’t have enough methods for observing users’ actions, researchers have now developed a technique that allows them to use speakers or headphones plugged in to a PC as microphones to record victims’ discussions.

The attack involves a technique called re-tasking in which the researchers changed the functionality of the audio jacks on a target computer. So, whereas an input jack would normally be used by a microphone and the output jack would be used by the speakers, the researchers remapped the jacks so that the speakers can record sound when plugged into an output jack. The technique, developed by a team at Ben Gurion University of the Negev in Israel, involves the use of custom malware on the machine, but the researchers showed in their work that the attacks can succeed in recording audio from across a room.

The idea that speakers can be used as microphones to record audio is not a new one. Audio researchers–and intelligence agencies–have known for a long time that this was possible, and have explored techniques for doing it. But the issue that the Israeli researchers focus on in their work is a function of the chipsets used in a huge percentage of modern computers.

“Interestingly, the audio chipsets in modern motherboards and sound cards include an option to change the function of an audio port at a software level, a type of audio port programming sometimes referred to as jack retasking or jack remapping. This option is available on Realtek’s (Realtek Semiconductor Corp.) audio chipsets, which are integrated into a wide range of PC motherboards today,” the Ben Gurion University team says in its paper, Speake(a)r: Turn Speakers to Microphones for Fun and Profit.

The attack that the researchers developed allows them to record audio surreptitiously and then transmit it to another machine several meters away. The technique can be used without the user’s interaction.

“There are two main threat scenarios for using headphones as a microphone. The first scenario involves a PC that is not equipped with a microphone (or in which the microphone is muted or turned off) but has connected headphones, earphones, or passive speakers. In this scenario, a malware installed on the computer may reconfigure the headphone jack into a microphone jack,” the paper says.

“Usually (during normal system behavior), such reconfiguration takes place only while the headphones are not in use, such as when audio output is triggered (e.g., the user is playing music), and the microphone jack is instantly reconfigured back into a headphone jack. In the second scenario, the computer may be equipped with both microphone and headphones, but the headphones are better positioned for the desired recording, e.g., headphone are closer to the voice source and hence, can achieve better recording quality.”

Mordechai Guri, one of the researchers who worked on the new technique, said via email that RealTek and other chipset manufacturers should make changes at the software level to defend against this attack.

“It’s pretty difficult to defend against such an attack, but it’s possible that anti-virus will detect such a microphone retasking and will block it. Chip manufacturers can redesign the internal commands that can be sent to the controller and regulate it in a better way,” Guri said.

Image: Jon B, CC By-SA 2.0 license.