Israeli security researchers have developed a method that allows them record sound without a webcam or microphones attached to the computer. They've created malware that is able to record sound through headphones connected to the computer.
Researchers at Israel’s Ben Gurion University have created a proof-of-concept code they call "Speake(a)r, " which demonstrates how a computer can record audio using earbuds or headphones. The method is able to convert vibrations in the air into electromagnetic signals.
It's common knowledge that headphones can function as microphone, as the membrane used in headphones can convert electricity into sound waves but can also work in reverse. The Israeli researchers didn't just use the fact that headphones can convert sound waves into electricity, they also abuse a feature in RealTek audio chips.
These chips allow the computer's output channel to be used as the input channel. This makes that malware can record audio even when the headphones are connected to the audio output-only jack and when there's no microphone attached. The RealTek chips are in so many PCs that the researchers think their method works on the majority of laptops and desktops running either Windows or MacOS.
In their tests, the researchers tried their method with a pair of Sennheiser headphones and found that they could record from as far as 20 feet away.
"It’s very effective," one of the researchers told Wired, "Your headphones do make a good, quality microphone."
There is currently no other fix than unplugging microphones, headphones and making sure the webcam doesn't work to protect yourself against eavesdropping using this or other methods.
