According to researchers at Ben-Gurion University of the Negev (BGU), there are many malicious programs just waiting to turn computers into personal eavesdropping devices. Researchers explained as well as demonstrated just how easily most PCs and laptops are susceptible to this form of attack.
Programs such as “SPEAKE(a)R: Turn Speakers to Microphones for fun and profit” are able to transform headphones into a pair of microphones, without setting of unease. “‘The fact that headphones, earphones and speakers are physically built like microphones and that an audio port’s role in the PC can be reprogrammed from output to input creates a vulnerability that can be abused by hackers,’ says Prof. Yuval Elovici, director of the BGU Cyber Security Research Center (CSRC) and member of BGU’s Department of Information Systems Engineering.”
“‘This is the reason people like Facebook Chairman and Chief Executive Officer Mark Zuckerberg tape up their mic and webcam,’ says Mordechai Guri, lead researcher and head of Research and Development at the CSRC. ‘You might tape the mic, but would be unlikely to tape the headphones or speakers.'”
Malware is able to covertly reconfigure a headphone jack from a line-out jack to a microphone jack, converting the headphones into a hackable recording device that is predicted to have a range of several meters. Even worse, this process is able to continue even while the computer doesn’t have a connected microphone–and was demonstrated by the researchers in the SPEAKE(a)R video.
Countermeasures, however, are possible, such as completely disabling audio hardware or using an HD audio driver to send an alert when microphones are being accessed. Extra precautions can be taken with anti-malware systems, which can monitor and detect unauthorized speaker-to-mic retasking operations and block them.