Even if you've ripped out your laptop's mic, hackers can listen in through your headphones


#1

Originally published at: http://boingboing.net/2016/11/22/even-if-youve-ripped-out-you.html


#2

I’ve used headphones as microphones for decades. Old school trick.

Surely this only works if the headphones are not playing back music.


#3

I remember when I learned you could use head phones for a mic - blew my fwagile wittle mind.


#4

This is how you can have one jack that works as a headphone or mic jack. but it cannot do both at the same time.


#5

So I guess you just have to go old school and play the sound of a shower running through your headphones before discussing anything sensitive…


#6

See my Kickstarter for my “Privacy Jack” ™ – a flush stereo plug without the speakers and cables – in gold, of course.


#7

I’ll just use my Apple Plug instead.


#8

The trick here (which is also not new, since this feature has been around for years) is that from the users perspective they aren’t using the headphones as a mic - they’ve plugged them into the headphone jack, but Realtek’s audio hardware lets you use the headphone jack as a mic jack with a software configuration option. And it would work while playing back music, but would be trivially detected, since to do it the attacker would have to switch the mode on the headphone jack to mic, which would stop music coming out (since it now is no longer a headphone jack). I don’t see this attack getting much practical use, in part because of this and in part because now all the paranoid person has to do to negate this attack is unplug their headphones at the same time. If they actively want to use their headphones they’ll automatically be alerted to attempts at executing the attack by way of their headphones suddenly not working. And all of that is assuming that you don’t have that same sensitive data on your computer already anyway, where the attacker could access it without messing around with I/O tricks that only work on some target machines.


#9

An amplifier between the computer and the headphones will solve the problem. A PC vendor could build it in or it could be external. Assembled headphone amps are readily available online, and many makers have the skills to build their own.


#10

The problem is all the unused or used speakers built in most monitors and/or tv’s. The Fact you have your televisions/monitors speakers muted doesn’t matter. And it’ll be used as a mic while you play your music/movies/games over your speaker system. Look at all the speakers and mic’s built into the modern day computer setup. Heck, I’ve seen speakers built into toasters with wifi connectivity. Good idea with the amplifier idea, but a one way circuit being built to put in-line would be more applicable for this kind of hack/amplifiers are more useful though.


#11

Wireless headphones, bluetooth or otherwise, would also do the trick.


#12

The real way around this is to lead a life so seemingly domestic, tame and trivial that the listener will give up after the second or third convo with your 6 yr old


#13

How is that “the problem”?

Are you just making this up? It has nothing to do with any exploit that I’m aware of.

And I would imagine that it would require a A/D chip not present.


#14

This isn’t a rehash of the fact that technically a speaker diaphragm can work like a microphone when rewired correctly - this is a specific case of that issue that occurs because of the capabilities of a piece of Realtek hardware used in laptops and PCs. Given that the types of features in Realtek’s dedicated audio hardware that motivate manufacturers to include them in computers are offputtingly expensive for TV and IoT manufacturers who would prefer to use the absolute cheapest audio controllers on the market, likely baked into cheap SoCs, I don’t think this will be a problem in those devices any time soon. Not to mention that on most PCs with this Realtek hardware the additional step to implement this exploit is to throw a switch in the driver package, whereas on a most likely ARM or MIPS based platform like a smart TV where they’d only have raw support for the parts they use you would have to either port the driver package or reverse engineer that function. The reason WiFi is turning up on everything is because it ticks a box on the feature list that you can convince consumers into seaking, while most of them have no idea what the difference between Realtek dedicated audio and a cheap, bottom of the barrel implementation is, particularly since both tick the “speaker” box.

Much easier to just use the microphones that many of those devices also include, and in many cases are already designed to operate continuously.

No it won’t; because the speakers won’t be attached to the applicable devices in the correct way unless specifically being used. Remember, this is an attack of use in edge cases where a target has already ripped the mics out of all of their internet connected hardware, and you’re using this trick to turn their earbuds plugged into their main computer into microphones. Something tells me that Snowden (one of the examples in the post) has surrounded himself with internet connected devices that are so bloated that they not only have WiFi and speakers they don’t need, they also use a high end PC audio codec instead of a cheap one without this feature.


#15

It’s not about practical it’s about being outraged


#16

Outraged about what? It’s a documented, well publicised feature of those platforms. In it’s default configuration the Realtek driver software actively tells you that the connected device can be configured as a microphone or headphones every time you plug something in. The only response needed to negate this attack is to be aware that leaving your headphones connected when not actively listening to them could let someone who already has complete access to your computer eavesdrop on you.


#17

Of course it makes more sense to combine ADC & DAC functions into one chip and have the function be software selected. And of course the physical mechanism of a speaker & a microphone ore also similar. Doesn’t take a super genius to connect these facts. I’m more amused at the presentation.


#18

I don’t recall if the PC I built has Realtek for audio but the default configuration of the drivers (in Windows 10 at least) is to guess but ask confirmation. Not a whole lot of anything happens until I answer the question so I’d definitely notice.

It doesn’t do that on my Mac but I guess it wouldn’t “just work” if it did.

I’m guessing most people “leak” more sensitive data through their browser history and search terms than what they say out loud these days.


#19

#20

Only saying this since I use a small, cheap tv with my computer instead of a modern monitor. It has Speakers And my computer uses the Realtek hardware to interface with it.