{SPEAKE (a) R}: Turn Speakers to Microphones for Fun and Profit

Mordechai Guri, Yosef Solewicz, Andrey Daidakulov, Yuval Elovici

11th USENIX Workshop on Offensive Technologies (WOOT 17), 2017

It’s possible to manipulate the headphones, earphones, and simple earbuds connected to a computer, silently turning them into a pair of eavesdropping microphones. This paper focuses on the cyber security threat this behavior poses. We introduce’SPEAKE (a) R,’a new type of espionage malware that can covertly turn the headphones, earphones, or simple earbuds connected to a PC into microphones when a standard microphone is not present, muted, taped, or turned off. We provide technical background at the hardware and OS levels, and explain why most of the motherboards and audio chipsets of today’s PCs are susceptible to this type of attack. We implemented a malware prototype and tested the signal quality. We also performed a series of speech and recording quality measurements and discuss defensive countermeasures. Our results show that by using SPEAKE (a) R, attackers can record human speech of intelligible quality and eavesdrop from nine meters away.