Shhh!!! Your Speake(a)r can listen


I’ve not blogged in years so let’s dust off the rust and get something good going. Security is the flavour of the month. We know that the more moving parts something has, the higher the chance of something bad happening, right? The internet was designed keeping the good guy in mind and security (SSL, TLS, authentication, … ) was added layer by layer to counter the nasty fellows who kept getting under the covers.

Systems are getting smart but hackers are getting smarter — and as the IoT gains momentum we find interesting situations. As in the case of cops investigating a murder asking Amazon’s Alexa if she heard something. We can get to that later.

With more and more powerful and intrusive hardware, everyone knows you should always cover your laptop camera/webcam with tape — even if you’re not using it. Case in point. Done !!

But did you know that baddies can now listen in on you without you knowing? How?

Let’s start with the headphone jack — ever noticed the little black rings at the end of your headphones/earphones? That’s where the magic begins. It fits into the sound card of your device.

Security researchers have managed insert malware into a laptop that converts the output channel of the sound card into an input signal that can hear sounds from nearly 20 feet away (yup — putting the laptop into the closet or loft ain’t gonna help), compress the sound and send it to the malware creator. So what can you do? Disable your microphone? Unplug your earphones? Nope.

Run a good root kit malware cleaner everyday. Keep track of which app is sending data out (use packet sniffers like Charles). Or don’t talk when your laptop is on.

Let’s remember its called “Speake(a)r” for a reason. And there’s no currently available fix for this problem.

More fun news to come !!!