Recently, researchers at Israel’s Ben-Gurion University have devised a way to turn any computer into an eavesdropping device by surreptitiously getting connected headphones or earphones to function like microphones. This is made possible by reconfiguring an audio jacks from line-out to line-in. The malware takes advantage of the manner that some audio chipsets in motherboards and soundcards support a little-used jack re-mapping or a jack re-tasking option for changing the function of the audio ports from line-in to line-out via software. The fact that audio jacks can be programmatically switched from output only to input jacks creates a vulnerability that allows attackers be able to turn any computer into an eavesdropping device. A good news is that researchers also said that this was not easy to conduct this attack using the malware because it requires attackers to have full access to the computer and anti-malware tools would also likely spot and block the malware from working. However, to a company, the vulnerability on headphones should be paid attention as an important security risk. In this case, external attacks would be hard, but internal attacks are not. A resentful employee may get physical access to a manager’s computer and thus be able to install the malware that turns the computer into an eavesdropping device for monetary reason or revenge.
Leave a Reply
You must be logged in to post a comment.