As our homes fill with "smart stuff," the threats increase when it comes to security and privacy. Recently, the main websites of half the world were collapsed thanks to an attack in which surveillance cameras connected to the internet were used, like the one many of you will have to monitor your babies' sleep, and see a piece of black tape placed on the computer webcam is now almost commonplace in companies and in many homes. The fact that we are becoming more and more connected implies this increase in possible attacks against us, and the latest threat could come from something as simple as headphones.
And I'm not talking about the more or less advanced headphones with a microphone that are used with smartphones, but rather simple headphones, the kind that are used to listen to music without a built-in microphone but that can be modified by software to capture our conversations without us let us realize it. How can that be? It's very easy, any headphone could be used as a microphone, the audio quality is not great, but more than enough, and you just have to connect it to a mic input instead of an audio output to get it. Researchers have managed to modify the RealTek codecs, present in a large part of the PCs around the world, and turn what is an audio output into a microphone input, with which a connected headphones would capture all our conversations.
It is a test that an investigation group has made, not a real threat, and now that it is known, let's hope that those responsible for RealTek will get down to work and correct this security flaw, but the simple fact that that If possible, it is still as disturbing as that they can capture everything that happens in front of your computer by hacking your webcam. While there is no solution, better to disconnect the headphones when not in use. At the moment the tests have been done only on PCs with that Realtek codec, but it cannot be ruled out that tablets and smartphones may suffer from the same vulnerability.
As a child, I remember fiddling around connecting "things" to the headphone jack of an old radio cassette. From headphones (which effectively recorded the voice on cassette without problems although with very poor quality) to speakers without an amplifier (which naively thought that being larger, they would record better; and no, just as bad). In fact, not too long ago at work they were looking for a microphone to do Skype, and I surprised them saying that they could use a vulgar headset to get out of trouble XD
What I was going to. By this I mean that if the Realtek driver can be hacked so that it changes the «headphone output» to «microphone input» (*), and if what is connected there are some common speakers without an amplifier (for example those incorporated in a monitor, or a Chinese sound bar, etc), the same would be achieved.
(*) And this must be the consequence of allowing software to change what the connectors of the sound cards do, integrated or not, to achieve, for example, change the speaker configuration to 2.1, 4.1, 5.1, etc. and change what happens if something is plugged into the front of the tower or the rear connectors. The funny thing is that with so many years that this has worked like this, no one has thought of it before ... or that it has not come to light until now.
This is not a hack. I am a DJ and many times I went to rooms to play that did not have a microphone, what I did was connect my Sennheiser to the microphone input and speak through the earphone, as if it were a microphone. Obviously it doesn't sound as good, but it does sound 🙂
Let's see ... If a hacker has code execution on our machine, what difference does it make since he can use the "universal jacks" to change the headphones to micro? If you already have access we are screwed anyway.