Acquired Electronics360

Consumer Electronics

Malware Can Turn Computers into Eavesdropping Devices Without a Microphone

26 November 2016

The recent distributed denial of service (DDoS) attacks that crippled parts of the internet—including PayPal, Twitter, Amazon, Netflix, Spotify and many others—opened the eyes of many to how unprotected the devices we use every day can be used against us.

Now researchers at Israel’s Ben-Gurion University of the Negev (BGU) have demonstrated a scarier reality for consumers in malware that can turn computers into perpetual eavesdropping devices, even without a microphone. The malware does this by covertly transforming headphones into a pair of microphones that can then be used to exploit the public.

“The fact that headphones, earphones and speakers are physically built like microphones and that an audio port’s role in the PC can be reprogrammed from output to input creates a vulnerability that can be abused by hackers,” says professor Yuval Elovici, director of the BGU Cyber Security Research Center and member of BGU's Department of Information Systems Engineering.

In a typical computer, a number of audio jacks are present in the front panel, rear panel or both. Each jack is used for input or output, and the audio chipsets in modern motherboards and sound cards include an option for changing the function of an audio port with software. Malware can reconfigure the headphone jack from a line-out jack to a microphone jack, turning the headphones function into recoding microphones or an eavesdropping device. This works even if the computer does not have a microphone, researchers say.

So how do you avoid having this happen? While it may be possible to tape up the microphone and webcam, it is far more difficult to tape the headphones or speakers. One way would be to completely disable the audio hardware and use an HD audio driver to alert users when microphones are being accessed. Another way would be to use a strict re-jacking policy regarding audio jacks. Anti-malware and intrusion-detection systems could also be used to monitor and detect unauthorized speaker-to-microphone re-tasking operations and block them.



Powered by CR4, the Engineering Community

Discussion – 2 comments

By posting a comment you confirm that you have read and accept our Posting Rules and Terms of Use.
Re: Malware Can Turn Computers into Eavesdropping Devices Without a Microphone
#1
2017-Apr-12 3:28 PM

Powered speakers (with a built-in amplifier) probably are not very good microphones; the reverse gain from the amplifier output to the input would be infinitesimal.

Re: Malware Can Turn Computers into Eavesdropping Devices Without a Microphone
#2
2017-Apr-20 8:59 AM

And yesterday I saw that Bose is being sued in a class action for selling the information from their app for headphones showing listening habits. I say strike back. When not wearing your headphones play some really disturbing techno music and just leave it running. Or play one song over and over all day when not listening to music. I think a nice Kenny Rogers song should get them to leave you alone.

If hackers think it's worth while to ease drop I say give them nothing to listen to.

Engineering Newsletter Signup
Get the Engineering360
Stay up to date on:
Features the top stories, latest news, charts, insights and more on the end-to-end electronics value chain.
Advertisement
Weekly Newsletter
Get news, research, and analysis
on the Electronics industry in your
inbox every week - for FREE
Sign up for our FREE eNewsletter
Advertisement

CALENDAR OF EVENTS

Date Event Location
30 May-02 Jun 2017 Lake Buena Vista, Florida USA
04-09 Jun 2017 Honolulu, Hawaii, USA
Find Free Electronics Datasheets
Advertisement