This Malware Turns Headphones Into Microphones

Image: AP
Image: AP

Researchers at Ben Gurion University in Israel have created malware that will turn your plugged in headphones into a microphone.

Now, if you’ve ever plugged old headphones into a standard line in jack, you know that headphones are basically tiny microphones anyway, with vibrations converting themselves into electromagnetic signals. But this malware is a bit different. Dubbed “Speake(a)r,” the malware does the same thing, but through software. Wired explains:

Their malware uses a little-known feature of RealTek audio codec chips to silently “retask” the computer’s output channel as an input channel, allowing the malware to record audio even when the headphones remain connected into an output-only jack and don’t even have a microphone channel on their plug. The researchers say the RealTek chips are so common that the attack works on practically any desktop computer, whether it runs Windows or MacOS, and most laptops, too.


You can see the exploit in action in this video:

Wired says that in their tests, the researchers at Ben Gurion were able to record sound from as far as 20 feet away with a pair of Sennheiser headphones. Apparently, even when the compressing the recording to send over the internet, the recording was still distinguishable.

Moreover, because the chip feature that the researchers are exploiting is working as intended—it switches between line in and line out on one port)—protecting against this kind of proof of concept wouldn’t be easy.

The idea is definitely interesting, but it’s hardly the only way you can get spied on easily. If you have any internet-of-things devices in your house, consider that cameras, lights, home automation hubs, and anything else can be hacked to spy on you too. And don’t forget that we all carry around little spy computers in our pockets every single day, even though something as simple as battery status can give away location.


And to think, we said Mark Zuckerberg was paranoid as fuck for covering up the ports on his computer and his web cam.



Christina is a senior writer at Gizmodo.

Share This Story

Get our newsletter



This is a practically stupid thing to be concerned with.

(a) If someone is hijacking my device to listen to what I’m saying, it seems like the better path is to just go ahead and hijack the built in microphone.

(b) It would be an incredibly interesting micro-switching technique to enable a driver to behave as both a speaker and microphone at the same time. If I’ve got my headphones in, I’m more than likely listening to them, so if the sound starts cutting out - I’m alerted.

This is definitely a solid merit badge for the tin-foil-hat scouts out there though.