Security Experts:

Connect with us

Hi, what are you looking for?


Malware & Threats

Malware Can Spy on Users via Headphones: Researchers

A team of researchers has showed how a piece of malware can spy on users by silently turning their headphones into a microphone that can capture audio data from a significant distance.

A team of researchers has showed how a piece of malware can spy on users by silently turning their headphones into a microphone that can capture audio data from a significant distance.

In the past years, experts from the Cyber Security Research Center at the Ben-Gurion University of the Negev in Israel disclosed several methods for stealing data from air-gapped computers, including via heat emissions, cellular frequencies, electromagnetic signals emitted by graphics cards, and noise from hard drives and fans.

New research conducted by the experts aims to show how certain types of audio output devices can be abused for spying. The attack method, dubbed SPEAKE(a)R, is based on the fact that microphones and speakers are physically similar but work differently – speakers convert electric signals to sound, while microphones transform sound into electric signals.

If speakers are plugged into a mic jack, they can be used as a microphone and vice versa. The problem is that many of the audio chipsets found in modern PCs (e.g. Realtek sound cards) include a feature that allows changing the functionality of a jack at software level.

A piece of malware can abuse this feature to retask the socket and change the “line out” port to “line in,” effectively turning the speakers into microphones without the victim noticing.

The researchers noted that the attack method works best with headphones and earphones. It also works with passive speakers, but active speakers (i.e. ones that include an amplifier) prevent the attack as the amplifier blocks the signal from passing from the output to the input. Since most modern speakers include an amplifier, the threat is mainly relevant to earphones and headphones.

Experts described two scenarios in which such an attack could be useful. In one scenario, the malware-infected device does not have a microphone or the microphone is turned off, but it does have headphones, earphones or passive speakers connected to it. In the second scenario, the targeted computer has both a microphone and headphones, but the headphones are better positioned for recording the victim.

The experiments conducted by the researchers showed that an intelligible audio transmission can be achieved from several meters.

The experts also proposed a series of software and hardware countermeasures that can prevent such attacks. The hardware countermeasures include banning all audio output devices or allowing only active speakers, and deploying noise emitters or audio jammers.

Software countermeasures include disabling audio hardware from the BIOS/UEFI, and configuring the audio driver to prevent jack retasking. The kernel driver can also be designed to request explicit approval from the user for such retasking operations. However, researchers pointed out that all these measures have both pros and cons.

Related Reading: Hackers Can Disrupt 911 Services With Small Smartphone Botnet

Related Reading: Shazam for Mac Keeps Listening Even When Disabled

Written By

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Expert Insights

Related Content

Malware & Threats

Microsoft plans to improve the protection of Office users by blocking XLL add-ins from the internet.


CISA, NSA, and MS-ISAC issued an alert on the malicious use of RMM software to steal money from bank accounts.


Chinese threat actor DragonSpark has been using the SparkRAT open source backdoor in attacks targeting East Asian organizations.


A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Application Security

Electric car maker Tesla is using the annual Pwn2Own hacker contest to incentivize security researchers to showcase complex exploit chains that can lead to...

Malware & Threats

Cybercrime in 2017 was a tumultuous year "full of twists and turns", with new (but old) infection methods, a major return to social engineering,...

Malware & Threats

Norway‎-based DNV said a ransomware attack on its ship management software impacted 1,000 vessels.


Russia-linked cyberespionage group APT29 has been observed using embassy-themed lures and the GraphicalNeutrino malware in recent attacks.