Leaving earbuds plugged into your PC could soon be a security threat.
Fun fact: If you’re in a pinch and need a microphone, a spare pair of headphones can do the job. Not so fun fact? A group of researchers at Israel’s Ben Gurion University just figured out that those headphones can be hijacked to spy on you. Yeah — 2016 is scary.
Technically, the group’s work doesn’t so much hack headphones as it hacks a PC. Researchers created a piece of malware that exploits the audio-jack retasking function of RealTek codecs, the audio technology that comes with most PC motherboards. An attacked computer can remotely be configured to swap the headphone jack for the microphone jack, allowing any headphones that might potentially be plugged in to serve as a microphone — making it possible to use them as an eavesdropping device. The audio is pretty good, too: in tests done with a pair of Sennheiser headphones, recorded conversation was understandable from up to 20 feet away.
The group’s software, called ‘Speake(a)r’ isn’t actually malicious, and was only used to test a theory — but researchers say the threat is very real. “People don’t think about this privacy vulnerability,” research lead Mordechai Guri told Wired. “Even if you remove your computer’s microphone, if you use headphones you can be recorded.”
So far, the group has only replicated the results in PCs using RealTek audio, but it’s possible that tablets, smartphones and other devices with audio jacks could be vulnerable to a similar attack. There’s no evidence that any such malware exists in the wild, either. Still, better safe than sorry: if you’re worried about being spied on, unplug your headphones when you’re not using them.