Researchers from the Negev Cyber Security Research Center of Ben-Gurion University have presented a paper explaining that the software controlling signals to headphone jacks in many computers can be altered or re-tasked to change the jack from an output to an input, thereby turning the earphones into potential microphones.
The fact that speakers can be used as microphones is nothing new. That has been demonstrated ever since they were first invented. The principle in speakers of using electricity to modulate air and create sound, is the same principle in microphones, just in reverse – using air movement (from sound) to create electric signals.
Mordechai Guri and the other researchers at BGU have demonstrated that the Realtek chipset used by many PC motherboards allows reprogramming of the jack. This could turn headphones, left plugged in, into microphones. The software could thus be susceptible to malware resulting in an eavesdropping vulnerability.
They created their own sample malware they call SPEAKE(a)R (“Speak-Ear”) and demonstrate it in the video below. They were able to record audio playing from across the room, compress the recording and send it over the internet.
They explain in their paper:
A typical computer chassis contains a number of audio jacks, either in the front panel, rear panel, or both. These jacks are the sockets for plugging in various audio equipment such as speakers, headphones, and microphones. Each jack is used either for input (line in), or for output (line out). The audio ports usually have a conventional coloring system; typically green is used for speakers (output jack), blue for line in (input jack), and pink for microphones (input jack). Interestingly, the audio chipsets in modern motherboards and sound cards include an option to change the function of an audio port at a software level, a type of audio port programming sometimes referred to as jack retasking or jack remapping. This option is available on Realtek’s audio chipsets, which are integrated into a wide range of PC motherboards today.
Not all headphones, earphones, or speakers are susceptible to this vulnerability. Any that have integral amplifiers would not be able to be used in this manner.
The researchers also discuss both hardware and software countermeasures in their paper.
Software countermeasures would be an important consideration for corporate IT departments who would have access to internal workings of the devices in question.
Hardware countermeasures are significant for others in that they are more available to security personnel or those tasked with protecting information in conference rooms, meeting rooms, and offices.
The researchers point out: In highly secure facilities it is common practice to forbid the use of any speakers, headphones, or earphones in order to create so-called audio gap separation. Less restrictive policies prohibit the use of microphones but allow loudspeakers, however because speakers can be… used as microphones, only active one way speakers are allowed… Other hardware countermeasures include white noise emitters and audio jammers which offer another type of solution aimed at ruining audio recordings by transmitting ambient sounds that interfere with eavesdroppers and don’t allow them to accurately capture what is being said.
These steps are often recommended by technical surveillance countermeasures (TSCM) specialists. Speakers found throughout offices, including paging speakers, intercom speakers, even those in telephone desk sets, have been used as microphones for covert eavesdropping. A thorough TSCM inspection will help to reveal such threats.
On a recent inspection we found a speaker system above the ceiling that had been installed for emergency annunciation throughout an office. The speakers were no longer in use, but the wiring was still accessible. By connecting an audio amplifier to the wiring either in the electrical closet (the former location of the paging equipment) or anywhere along it’s run you could hear clear audio from every office. The speakers acted as microphones picking up sound through the air vents in the ceiling of each office below.
Abandoned annunciation speakers found in ceiling that could be used for eavesdropping.
Speaker vulnerabilities are well known. Any time you are having a confidential meeting, you should be aware of all microphones or speakers that are present in the room. If possible they should be removed, disconnected, or verified that they are not able to be compromised or used for eavesdropping purposes.