Over the years, many of us in the security community have heard about attacks directed against our computers' microphones. One scenario in particular demonstrated how an attacker could piggyback off a Skype session and record an unsuspecting user's audio and video.
As a community, we've responded to these threats differently. Some have developed tools to help prevent actors from abusing our microphones. Others have disabled their computer's audio input functionality, or physically removed the mic component from their machine.
Still others have cried in a corner, and given up hope of securing their microphones because it's "impractical".
Well guess what? All of those responses (especially the last one) can't stop attackers from surreptitiously recording you. That's because researchers have devised a jack retasking attack to reprogram a computer's input and output audio ports and thereby turn your headphones... into audio recorders.
Researchers at the Cyber Security Research Center at Ben Gurion University, the same institute which has in the past messed around with air-gapped computers and investigated the resilience of 911 emergency services, came up with the method by exploiting two facts.
These are as follows:
- Fact #1: Headphones/earphones are inverses of microphones. Both make use of power, a magnetic field, and sound waves. They just do so in the reverse order based upon what type of audio jack they're plugged into. (Input vs. output determines the flow of those properties.)
- Fact #2: Realtek's audio chipsets, which are found in a lot of different computers' motherboards, allow an actor to reprogram the function of an audio port at the software level using a method called jack retasking. That means someone can remap an audio input port as an audio output port and vice versa.
See where they're going with this? The researchers clarify in their paper :
"The fact that headphones and earphones are physically built like microphones, coupled with the fact that an audio port’s role in the PC can be altered programmatically from output to input, creates a vulnerability which can be abused by hackers. A malware can stealthy reconfigure the headphone jack from a line out jack to a microphone jack. As a result, the connected headphones can function as a pair of recording microphones, thereby rendering the computer into an eavesdropping device – even when the computer doesn't have a connected microphone."
The attack, which works through a piece of malware that does the jack retasking, is applicable in two main threat scenarios: when a computer doesn't have a mic component or when someone's headphones are better positioned to record the user.
In their experiment, the researchers proved their attack could work with a pair of Sennheiser headphones. They found that they could record from up to 20 feet away and still make out what the user was saying.
The team recommends that RealTek and others modify their chipsets so that someone can't retask the audio jacks. But even if those companies complied, that would take years for new chipsets to reach our computers.
That harsh reality leaves users with few countermeasures.
At the hardware level, users can decide to never plug in any speakers, headphones, or earphones into their computers. They might also want to consider using audio jammers and white noise emitters near their computers.
When it comes to software, they could choose to disable the audio component entirely in their computer's BIOS. But that means no music, no Skype, no anything. Just the dull hum of their computer.
It's up to you to decide whether you want to take that leap. But at the end of the day, there will always be the risk of an attack. We shouldn't needlessly deprive ourselves because of it.