Sign In

Communications of the ACM

ACM TechNews

Malware Turns Pcs Into Eavesdropping Devices

View as: Print Mobile App Share: Send by email Share on reddit Share on StumbleUpon Share on Hacker News Share on Tweeter Share on Facebook
sound waves, illustration

Credit: Wallpapers Wide

Researchers at Ben-Gurion University of the Negev (BGU) in Israel have demonstrated SPEAKE(a)R, malware that can turn computers into perpetual eavesdropping machines. Using SPEAKE(a)R, malware can secretly transform headphones into a pair of microphones, according to the researchers. "The fact that headphones, earphones, and speakers are physically built like microphones and that an audio port's role in the PC can be reprogrammed from output to input creates a vulnerability that can be abused by hackers," says BGU professor Yuval Elovici.

The malware can covertly reconfigure the headphone jack from a line-out jack to a microphone jack, making the connected headphones function as a pair of recording microphones and transforming the computer into an eavesdropping device. This technique works even when the computer does not have a connected microphone.

The researchers studied several attack scenarios to evaluate the signal quality of simple off-the-shelf headphones. "We demonstrated it is possible to acquire intelligible audio through earphones up to several meters away," says BGU researcher Yosef Solewicz.

Software-based countermeasures could include completely disabling audio hardware, using an HD audio driver to alert users when microphones are being accessed, or developing and enforcing a strict rejacking policy within the industry, according to the researchers. Anti-malware and intrusion detection systems could also be developed to monitor and detect unauthorized speaker-to-microphone retasking operations and block them.

From Ben-Gurion University of the Negev 
View Full Article


Abstracts Copyright © 2016 Information Inc., Bethesda, Maryland, USA


No entries found

Sign In for Full Access
» Forgot Password? » Create an ACM Web Account