SPEAKE(a)R: Turn Speakers to Microphones for Fun and Profit
This addresses a cybersecurity problem for users and organizations by revealing a novel eavesdropping vulnerability even when microphones are disabled.
The paper tackles the threat of covertly turning headphones into eavesdropping microphones via software, demonstrating that SPEAKE(a)R can achieve this on most PCs and laptops, with measurements of signal quality and effective distance.
It is possible to manipulate the headphones (or earphones) connected to a computer, silently turning them into a pair of eavesdropping microphones - with software alone. The same is also true for some types of loudspeakers. This paper focuses on this threat in a cyber-security context. We present SPEAKE(a)R, a software that can covertly turn the headphones connected to a PC into a microphone. We present technical background and explain why most of PCs and laptops are susceptible to this type of attack. We examine an attack scenario in which malware can use a computer as an eavesdropping device, even when a microphone is not present, muted, taped, or turned off. We measure the signal quality and the effective distance, and survey the defensive countermeasures.