A team of researchers at Ben-Gurion University of the Negev has found malware that can turn conventional computers into perpetual eavesdropping devices – even without a microphone.
In a paper “SPEAKE(a)R: Turn Speakers to Microphones for Fun and Profit,” the team demonstrates how most computers and laptops today are susceptible to this kind of attack. In order to show how commonly used tech can be exploited, they used malware called SPEAKE(a)R that can transform headphones into a pair of microphones.
“The fact that headphones, earphones and speakers are physically built like microphones and that an audio port’s role in the PC can be reprogrammed from output to input creates a vulnerability that can be abused by hackers,” explains Prof. Yuval Elovici, one of the researchers.
How is this possible? It’s actually pretty easy. A typical PC structure contains a number of audio jacks, each of which is used either for input (line-in), or for output (line-out). Modern motherboards and sound cards include an option for jack retasking or jack remapping. In other words, you have the option to change the function of an audio port with software.
Malware exploits this option by reconfiguring the headphone jack from a line-out jack to a microphone jack. This way, connected headphones function as a pair of recording microphones, essentially turning your PC into an eavesdropping device.
The researchers explain that potential software countermeasures include completely disabling audio hardware and using an HD audio driver that can alert users when microphones are being accessed. Anti-malware and intrusion detection systems should also be developed in the future.
Source:
Ben-Gurion University of the Negev(http://in.bgu.ac.il/en/Pages/news/eaves_dropping.aspx)
Chanwoo's Weekly Tech 