In this post-Snowden era, it’s pretty safe to assume that virtually any electronic device – regardless of its intended purpose or perceived capabilities or limitations – is potentially capable of serving as a spy device in the hands of a motivated hacker.
Anyone needing solid evidence of this need look no further than Israel’s Ben Gurion University where researchers have crafted a clever bit of code to turn an ordinary electronic device into an unassuming spy gadget.
Dubbed Speak(a)r, the malicious code is able to leverage the speakers inside headphones or earbuds and use them as microphones. By converting vibrations in the air into electromagnetic signals, the researchers note that it’s possible to capture audio without a microphone clear across a room.
As Wired correctly points out, the magic bit here isn’t the fact that headphones can be used as microphones (people have been doing that with ease for years) but rather, the technique the researchers are using to get there.
The code they’ve written uses a little-known feature of RealTek audio codec chips that allows users to repurpose their computer’s audio output channel as the input channel. It’s incredibly simple and because the RealTek chips are so widely used, most machines – Windows and Mac – are susceptible. The fact that the ability to switch the audio channels is a feature and not a bug means there’s no easy “fix.”
It’s likely that other audio chips are susceptible to similar attacks although the researchers haven’t yet got around to vetting any others.