Researchers at Ben-Gurion University of the Negev (BGU) in Israel have demonstrated SPEAKE(a)R, malware that can turn computers into perpetual eavesdropping machines. Using SPEAKE(a)R, malware can secretly transform headphones into a pair of microphones, according to the researchers. "The fact that headphones, earphones, and speakers are physically built like microphones and that an audio port's role in the PC can be reprogrammed from output to input creates a vulnerability that can be abused by hackers," says BGU professor Yuval Elovici.
The malware can covertly reconfigure the headphone jack from a line-out jack to a microphone jack, making the connected headphones function as a pair of recording microphones and transforming the computer into an eavesdropping device. This technique works even when the computer does not have a connected microphone.
The researchers studied several attack scenarios to evaluate the signal quality of simple off-the-shelf headphones. "We demonstrated it is possible to acquire intelligible audio through earphones up to several meters away," says BGU researcher Yosef Solewicz.
Software-based countermeasures could include completely disabling audio hardware, using an HD audio driver to alert users when microphones are being accessed, or developing and enforcing a strict rejacking policy within the industry, according to the researchers. Anti-malware and intrusion detection systems could also be developed to monitor and detect unauthorized speaker-to-microphone retasking operations and block them.
From Ben-Gurion University of the Negev
View Full Article
Abstracts Copyright © 2016 Information Inc., Bethesda, Maryland, USA
No entries found