A group of Israeli security researchers operating out of Ben Gurion University have created a proof-of-concept app (malware) that can weaponize your computer’s speakers, turning them against you.
The particulars of their code sound like something out of a blockbuster Sci Fi movie script, but it’s all too real, and what’s worse is that it impacts just about every computer in use today. Here’s how it works:
The code borrows audio maker RealTek’s chipset functionality, which allows the code to retask the computer’s output channel as an input channel, without informing the user. What that means is that the malware can turn your earbuds or PC speakers into recording devices, but it gets worse.
Because the code actually converts sound into electromagnetic signals that can travel through the air, your speakers and/or earbuds don’t actually even have to be plugged into the system to work. True, the sound quality the hackers get is lower if the speakers aren’t plugged in, but they can still hear everything you say from a distance of about twenty feet.
Worst of all, there’s no real way to fix this issue. It would require a complete redesign of RealTek’s chipset, and then a global recall that would impact just about every computer in use today, since almost all of them utilize RealTek hardware. It’s just not a practical option.
Sure, the chips can be redesigned, and in ten years or so, when the last of the old gear is out of service for good, the problem will disappear, but that’s forever in computer time.
At any rate, the researchers named their proof of concept code “Speake(a)r,” and published their findings in a paper called “Speake(a)r: Turn Speakers to Microphones for Fun and Profit.” It’s a disturbing read, but highly recommended if you want to stay on top of the latest threats to your firm’s security.