"Shut Up and Dance," a recent Black Mirror episode where the protagonist was repeatedly blackmailed by a faceless hacker in possession of a video recording of him during a very private moment was, like any Black Mirror episode, sinister in its near-realism and catastrophic consequences.
The episode itself is a hotbed for a separate moral discussion altogether, but everyone who watched it can agree that the whole maelstrom could have been avoided by slapping a tape onto the protagonist's laptop's webcam, thereby restricting hackers access to it.
Well, the makeshift, slap-on-a-tape privacy solution that even Facebook chief Mark Zuckerberg himself uses will soon be useless because it seems as if your security will also be at risk via other channels, this time through your own headphones.
Hacking Via Headphones
A group of Israeli researchers from Ben-Gurion University in Beer-Sheva has created "Speake(a)r," a proof-of-concept code designed to show that hackers can spy on targets using alternative channels if a webcam is inaccessible. Speake(a)r is disturbingly able to hijack a computer to record audio even when the microphone is switched off or disconnected from the computer.
The malware can turn the speakers or headphones into microphones by converting the vibrations into electromagnetic signals.
"People don't think about this privacy vulnerability," Mordechai Guri, the research lead of Ben-Gurion University's Cyber Security Research Labs, told Wired.
Repurposing headphones into microphones isn't news. How-to videos accomplishing this task are readily available online. But the researchers took it up a notch. The malware utilizes a feature from RealTek audio codec chips that maneuvers the computer's output channel into an input channel, allowing for headphones to record audio even when connected to an output-only headphone port.
Researchers have noted how easy this was to administer given that the RealTek chips are so common. Virtually any desktop computer running Windows or Mac can fall victim to this kind of malware.
RealTek has not yet responded with regard to Ben-Gurion University's research.
Ben Gurion University's Experiment
For the test, the researchers used a pair of Sennheiser headphones. They found out that the audio recording capability of the Speake(a)r can stretch as far as 20 feet. Furthermore, the recorded audio can then be compressed and sent over the internet, with the recorded audio still clearly distinguishable, an appalling scenario not at all unlikely to happen in the future if hackers exploit this little-known RealTek feature.
Guri says that there's no simple patch for the attack. The problem stems from the RealTek audio codec chip, which would be difficult to simply override via software. The best solution to prevent hackers from potentially eavesdropping your conversations would be replacing the audio chip inside your computer, which doesn't sound like a problem you can talk about with your computer repairman readily.