Categories: SecurityWorkspace

Hackers ‘Can Eavesdrop Via Earphones’ By Re-Working Built-In Jacks

Researchers have demonstrated that attackers can listen in on users via headphones connected to their PCs – even if no microphone is present.

The research, published by Cyber Security Research Center at Ben Gurion University in Beer-Sheva, in the Negev desert, focuses on systems where no microphone is built-in or connected, or where it has been muted, taped or turned off – systems with active microphones would be much more straightforward to turn into listening devices, they said.

Jacks repurposed

Headphones include the same components as microphones, however, meaning they can capture sounds when plugged into a computer’s microphone jack.

And since the audio chipsets found in most computers allow such jacks to be repurposed using software, attackers who have gained access to a system can reconfigure a headphone port to record audio from a line-out plugged into it, the researchers found.

“The fact that headphones and earphones are physically built like microphones, coupled with the fact that an audio port’s role in the PC can be altered programmatically from output to input, creates a vulnerability which can be abused by hackers,” they wrote.

They said certain types of loudspeakers are also vulnerable. Most current PCs and laptops are susceptible to this type of attack. Such an exploit could be carried out through malware that infects a system through various means, such as an infected email attachment.

Off-the-shelf headphones

The researchers demonstrated that the attack worked using a pair of off-the-shelf Sennheiser headphones with no microphone, and that intelligible conversations could be recorded from up to 20 feet away.

The team recommended that chipset makers modify their firmware to disable software jack retasking.

Other workarounds include leaving speakers, headphones and earphones unplugged or using audio jammers or white noise emitters to stop computers from recording audio.

Users can also disable a computer’s audio component in its BIOS, which would also block the use of sound for any other purpose on the system.

The government recently banned the use of smart watches such as the Apple Watch from cabinet meetings due to concern they could be hacked and used as listening devices.

Do you know all about security in 2016? Try our quiz!

Matthew Broersma

Matt Broersma is a long standing tech freelance, who has worked for Ziff-Davis, ZDnet and other leading publications

Recent Posts

Ericsson To Cut 1,200 Jobs in Sweden Amid ‘Challenging’ Market

Swedish telecoms giant Ericsson blamed “challenging mobile networks market” and “further volume contraction” for job…

8 hours ago

FTX’s Sam Bankman-Fried Sentenced To 25 Years In Prison For $8bn Fraud

Dramatic downfall. Sam Bankman-Fried sentenced to 25 years in prison for masterminding $8bn fraud that…

9 hours ago

Elon Musk Orders FSD Demo For Every Tesla US Sale

Fallout avoidance? Tesla buyers in the US must be shown how to use the FSD…

10 hours ago

Amazon Pumps Another $2.75 Billion Into Anthropic

Amazon completes its $4bn investment into AI firm Anthropic, after providing an additional $2.75bn in…

12 hours ago

The Sustainability of AI

While AI promises unparalleled efficiency, productivity, and innovation, questions regarding its environmental impact loom large.…

14 hours ago

Trump’s Truth Social Makes Successful Market Debut

Shares in Donald Trump’s social media company rose about 16 percent after first day of…

15 hours ago