Speake(a)R: Turn speakers to microphones for fun and profit

Mordechai Guri; Yosef Solewicz; Andrey Daidakulov; Yuval Elovici

Speake(a)R: Turn speakers to microphones for fun and profit

Mordechai Guri, Yosef Solewicz, Andrey Daidakulov, Yuval Elovici

Department of Software and Information Systems Engineering

Research output: Contribution to conference › Paper › peer-review

17 Scopus citations

Abstract

It's possible to manipulate the headphones, earphones, and simple earbuds connected to a computer, silently turning them into a pair of eavesdropping microphones. This paper focuses on the cyber security threat this behavior poses. We introduce 'SPEAKE(a)R,' a new type of espionage malware that can covertly turn the headphones, earphones, or simple earbuds connected to a PC into microphones when a standard microphone is not present, muted, taped¹ or turned off. We provide technical background at the hardware and OS levels, and explain why most of the motherboards and audio chipsets of today’s PCs are susceptible to this type of attack. We implemented a malware prototype and tested the signal quality. We also performed a series of speech and recording quality measurements and discuss defensive countermeasures. Our results show that by using SPEAKE(a)R, attackers can record human speech of intelligible quality and eavesdrop from nine meters away.

Original language	English
State	Published - 1 Jan 2017
Event	11th USENIX Workshop on Offensive Technologies, WOOT 2017, co-located with USENIX Security 2017 - Vancouver, Canada Duration: 14 Aug 2017 → 15 Aug 2017

Conference

Conference	11th USENIX Workshop on Offensive Technologies, WOOT 2017, co-located with USENIX Security 2017
Country/Territory	Canada
City	Vancouver
Period	14/08/17 → 15/08/17

ASJC Scopus subject areas

Computer Networks and Communications
Hardware and Architecture
Information Systems
Software

Cite this

@conference{d1bd4161d0ba4b468942ff81b1a718c5,

title = "Speake(a)R: Turn speakers to microphones for fun and profit",

abstract = "It's possible to manipulate the headphones, earphones, and simple earbuds connected to a computer, silently turning them into a pair of eavesdropping microphones. This paper focuses on the cyber security threat this behavior poses. We introduce 'SPEAKE(a)R,' a new type of espionage malware that can covertly turn the headphones, earphones, or simple earbuds connected to a PC into microphones when a standard microphone is not present, muted, taped1 or turned off. We provide technical background at the hardware and OS levels, and explain why most of the motherboards and audio chipsets of today{\textquoteright}s PCs are susceptible to this type of attack. We implemented a malware prototype and tested the signal quality. We also performed a series of speech and recording quality measurements and discuss defensive countermeasures. Our results show that by using SPEAKE(a)R, attackers can record human speech of intelligible quality and eavesdrop from nine meters away.",

author = "Mordechai Guri and Yosef Solewicz and Andrey Daidakulov and Yuval Elovici",

note = "Publisher Copyright: {\textcopyright} 2017 USENIX Association. All rights reserved.; 11th USENIX Workshop on Offensive Technologies, WOOT 2017, co-located with USENIX Security 2017 ; Conference date: 14-08-2017 Through 15-08-2017",

year = "2017",

month = jan,

day = "1",

language = "English",

}

TY - CONF

T1 - Speake(a)R

T2 - 11th USENIX Workshop on Offensive Technologies, WOOT 2017, co-located with USENIX Security 2017

AU - Guri, Mordechai

AU - Solewicz, Yosef

AU - Daidakulov, Andrey

AU - Elovici, Yuval

PY - 2017/1/1

Y1 - 2017/1/1

N2 - It's possible to manipulate the headphones, earphones, and simple earbuds connected to a computer, silently turning them into a pair of eavesdropping microphones. This paper focuses on the cyber security threat this behavior poses. We introduce 'SPEAKE(a)R,' a new type of espionage malware that can covertly turn the headphones, earphones, or simple earbuds connected to a PC into microphones when a standard microphone is not present, muted, taped1 or turned off. We provide technical background at the hardware and OS levels, and explain why most of the motherboards and audio chipsets of today’s PCs are susceptible to this type of attack. We implemented a malware prototype and tested the signal quality. We also performed a series of speech and recording quality measurements and discuss defensive countermeasures. Our results show that by using SPEAKE(a)R, attackers can record human speech of intelligible quality and eavesdrop from nine meters away.

AB - It's possible to manipulate the headphones, earphones, and simple earbuds connected to a computer, silently turning them into a pair of eavesdropping microphones. This paper focuses on the cyber security threat this behavior poses. We introduce 'SPEAKE(a)R,' a new type of espionage malware that can covertly turn the headphones, earphones, or simple earbuds connected to a PC into microphones when a standard microphone is not present, muted, taped1 or turned off. We provide technical background at the hardware and OS levels, and explain why most of the motherboards and audio chipsets of today’s PCs are susceptible to this type of attack. We implemented a malware prototype and tested the signal quality. We also performed a series of speech and recording quality measurements and discuss defensive countermeasures. Our results show that by using SPEAKE(a)R, attackers can record human speech of intelligible quality and eavesdrop from nine meters away.

UR - http://www.scopus.com/inward/record.url?scp=85084164159&partnerID=8YFLogxK

M3 - Paper

AN - SCOPUS:85084164159

Y2 - 14 August 2017 through 15 August 2017

ER -

Speake(a)R: Turn speakers to microphones for fun and profit

Abstract

Conference

ASJC Scopus subject areas

Other files and links

Fingerprint

Cite this