When listening to an audio, most people would use speakers or headphones as output devices. When needing to record, speak and be heard, a microphone is the input device. Recently, some researchers found out that an output device such as a speaker or headphone can be hacked. This has ledto the need to strengthen cyber security.
Wired reported that a group of researchers from Israel's Ben-Gurion University of the Negev have demonstrated how hackers turn non-powered speakers and normal headphones into microphones. They used a proof-of-concept malware to prove it how they can hack even the simplest devices and surpassing cyber security.
It has been known in the cybertech world for a while that an output device can be turned into an input device. Speakers or headphones and microphones use almost the same components. The diaphragm in a microphone is a lot like the cone in the speaker. The cyber security experts are well aware about these things.
Both microphones and headphones process the conversion of soundwaves and electrical waves similarly. A role reversal is not impossible for the two devices which might be used by hackers and bypass any cyber security passes.
Independent reported that the Realtek audio chipset has a feature that allows jacks to do double duty, meaning input and output audio functions. Realtek is commonly used in desktops or laptops. The researchers from Ben-Gurion University found a way to bypass cyber security and stealthily switch a jack from an output device into an input device and turn a headphone into a microphone.
In one of their cyber security tests, they used a pair of ordinary Sennheiser earbuds. When the proof-of-concept malware was put into work, the earbuds worked well enough as a microphone. The subject was standing 20 feet away from the computer and they were able to clearly record the subject's voice.
Their proof-of-concept malware of the cyber security test also proves that it works not only with plugged in audio devices like speakers and headphones. It also works with built-in speakers and microphones in phones, laptops and tablets.
Mordecai Guri is the lead researcher of the team that tested the cyber security detail. He confirmed that as long as the device has the double duty Realtek audio chip, the device is vulnerable to role switch or output to input attack and turn your headphones or speakers to microphones.
Guri warned that there is no easy software fix to the malware and restore cyber security. Realtek's audio chips are specially designed for its dual functionality, which Guri explained is not a traditional vulnerability that they are exploiting. The cybertech world has yet to hear Realtek's side.
The threat might sound terrifying but simple steps can be made to protect users. There are varous cyber security tips that the public can follow. SImply unplug or turn off audio devices when not in use.
