Categories: SecurityWorkspace

Hackers ‘Can Eavesdrop Via Earphones’ By Re-Working Built-In Jacks

Researchers have demonstrated that attackers can listen in on users via headphones connected to their PCs – even if no microphone is present.

The research, published by Cyber Security Research Center at Ben Gurion University in Beer-Sheva, in the Negev desert, focuses on systems where no microphone is built-in or connected, or where it has been muted, taped or turned off – systems with active microphones would be much more straightforward to turn into listening devices, they said.

Jacks repurposed

Headphones include the same components as microphones, however, meaning they can capture sounds when plugged into a computer’s microphone jack.

And since the audio chipsets found in most computers allow such jacks to be repurposed using software, attackers who have gained access to a system can reconfigure a headphone port to record audio from a line-out plugged into it, the researchers found.

“The fact that headphones and earphones are physically built like microphones, coupled with the fact that an audio port’s role in the PC can be altered programmatically from output to input, creates a vulnerability which can be abused by hackers,” they wrote.

They said certain types of loudspeakers are also vulnerable. Most current PCs and laptops are susceptible to this type of attack. Such an exploit could be carried out through malware that infects a system through various means, such as an infected email attachment.

Off-the-shelf headphones

The researchers demonstrated that the attack worked using a pair of off-the-shelf Sennheiser headphones with no microphone, and that intelligible conversations could be recorded from up to 20 feet away.

The team recommended that chipset makers modify their firmware to disable software jack retasking.

Other workarounds include leaving speakers, headphones and earphones unplugged or using audio jammers or white noise emitters to stop computers from recording audio.

Users can also disable a computer’s audio component in its BIOS, which would also block the use of sound for any other purpose on the system.

The government recently banned the use of smart watches such as the Apple Watch from cabinet meetings due to concern they could be hacked and used as listening devices.

Do you know all about security in 2016? Try our quiz!

Matthew Broersma

Matt Broersma is a long standing tech freelance, who has worked for Ziff-Davis, ZDnet and other leading publications

Recent Posts

Google Warns Of Italian Spyware On Apple, Android Phones

Italian company's hacking tools have been used to spy on Apple, Android smartphones in Italy…

13 hours ago

Intel Signals Delay To Ohio Factory Over US Chips Act Dispute

Chip maker warns new factory in Columbus, Ohio could be delayed or scaled back, over…

14 hours ago

Silicon UK In Focus Podcast: Sustainable Business

How do sustainable businesses use technology to innovate? And as businesses want to connect sustainability…

15 hours ago

Australia Fines Samsung Over Water-Resistance Claims

Samsung rapped over the knuckles by Australian regulator because of 'misleading' Galaxy smartphone water-resistance claims…

1 day ago

Amazon Reveals Alexa Option To Mimic Any Person’s Voice

Bereavement aid for those in mourning? Amazon's Alexa voice assistant could be programmed to sound…

1 day ago