We all know that speakers are microphones and microphones are speakers, right? If not, take a moment to plug your headphones into a microphone jack and yell into them. It’s not exactly hi-fi, but it works.
So it’s not a huge surprise that three security researchers in Israel have managed to turn the combination headphone and microphone input jacks that are present on most laptops into an eavesdropping device. (Paper here as PDF, with an obligatory demo video on YouTube, embedded below.) Speake(a)r is a neat proof-of-concept and a horrid pun.
There’s almost no exploit here; the just ask the codec chip to dump its output to an input channel, and listen in. The audio is weak, but they fully characterize what they can get out of it, and that includes voice or up to 1 Kbps of bandwidth. And the fact that this exfiltration capability is sitting around in almost every office environment just waiting to be (ab)used is reason for concern.
Of course, you could just unplug the earphones, and this makes us think about cell phones with their built-in hardware. The exploit assumes that the malware has access to your audio devices, so if you’ve got a microphone in your laptop, the game would be already over. Discuss this hack amongst yourselves in the comments.
via TechCrunch, and thanks for the tip from [bthy]!