The researchers managed to use SPEAKE(a)R to retask a computer’s outputs to inputs, then to record audio when the headphones were in the output-only jack. It’s not just Realtek, though other codec manufacturers also support jack retasking. In fact, the researchers say the RealTek chips are so common that the attack works on practically any desktop computer, whether it runs Windows or MacOS, and most laptops, too, as Wired reports.
In a paper (PDF), they note that the reprogramming option is available on audio chipsets from Realtek, which are embedded in a wide range of modern PC motherboards. The vulnerability – called “jack retasking”- was reported by researchers at Ben-Gurion University of the Negev’s Cyber Security Research Center.
In this scenario, an eavesdropper doesn’t even need to get at your earbuds: they can switch your output port into an input port and record you even without a mic attached to the PC. Computers often have two audio jacks: one for sound input when you record something or talk on a Skype call and one for plugging in your headphones to listen to tunes, play games or whatever other noises you’ve got coming from it.Īnybody who’s looked at the YouTube tutorials on how to turn headphones into microphones knows that the microphones in your earbuds or headphones are two-way streets: it’s simple to switch them from devices you listen with into devices that listen to you.Īll you have to do is plug the earbuds or headphones into the microphone jack instead of the headphone jack, start up a recording app, and you’re good to go with picking up whatever sounds your earbuds-used-as-mics can hear.īut it turns out that there’s a hack that spares you that whole switching-jacks thing: instead, you can go behind the scenes to switch the audio ports’ function invisibly, by malicious reprogramming.
0 kommentar(er)
