New Spy Malware Can Turn Headphones Into Microphones

It is the kind of stuff one only used to see in spy movies but researchers from Israel’s Ben Gurion University have demonstrated how a piece of headphone can be turned into a microphone and be used to snoop on an unsuspecting user via malware. The idea is to show how a determined hacker can hijack any computer, even if no microphones are plugged in or has been disabled, and turn it into a listening device through a piece of code.

The vulnerability relies on widely used Realtek audio solutions’ ability to re-task the jacks. Realtek is ubiquitous when it comes to motherboard audio that almost every computer out there uses their hardware from low-end units to laptops and high-end motherboards including the often-used Realtek ALC1150. The customized spy malware can re-purpose the earphones by converting the vibrations in the air into electromagnetic signals, while the earphone jack it is plugged into is re-tasked in the OS to function as an input device instead.

In their tests, the researchers used a pair of Sennheiser headphones and have successfully recorded audio from as far as 20 feet away. The audio was then compressed and sent over the internet with the user none-the-wiser. Since the re-tasking ability is an actual hardware feature, researchers say this is not a simple matter of applying a driver fix since it is not a bug. The researchers are also further looking into similar spying vulnerabilities with other audio solutions as well.