Researchers eavesdrop via headphones by changing sound ports on PC

Spread the love

Researchers at Israel’s Ben-Gurion University have developed software that allows them to make the output port work as an input port in computers with Realtek audio chips. That way they can pick up sound with connected headphones.

In their research they mention that it has long been known that speakers can act as microphones, because they convert sound waves into electrical signals. According to the researchers, this alone does not pose a security risk, because usually no speaker is connected to a microphone input. To make their software, called ‘Speake(a)r’, work, the researchers use a feature that is part of the Intel HD Audio specification. This makes it possible to assign a new function via software to an audio connection of a PC, for example from output to input. They demonstrate this using Realtek audio chips.

The researchers report that this method only works with the passive speakers that are found in headphones and not with active speakers that are equipped with an amplifier. These occur, for example, in computer boxes. By taking advantage of the fact that sound ports can take on a new function, because they have both a dac and an adc, the researchers were able to pick up intelligible sound at a distance of several meters. Headphones offered about the same sound quality at a distance of three to five meters as a microphone at a distance of nine meters.

Possible countermeasures, according to the researchers, are turning off the sound hardware in the BIOS or not connecting headphones, but this is not a user-friendly option. A better option would be to develop a custom driver to prevent or strictly enforce the assignment of a new function to a sound port. In addition, security software could use API monitoring to detect such changes.

The researchers at Ben Gurion University have been focusing on this type of research for some time now. For example, they devised a way to send data via radio waves with a USB drive and a method to steal data via the sound of a hard disk.

Demonstration of the Speake(a)r method

You might also like
Exit mobile version