-
23rd November 2016 23:57
Link to Post #1
Supposedly 'new' security risk, speakers and headphones on one's PC turned into mikes
I've looked at various computer circuits, the boards on Dell computers for instance, using the RealTek chipset talked about in the article - https://arxiv.org/ftp/arxiv/papers/1611/1611.07350.pdf
The researchers at BenGurion University, Israel, published that PDF sometime(?) they don't state when they published the article.
Reading it closely, pulling up the ReakTek audio chipsets datasheets and schematics (used in a LOT of computers for audio handling both input and output) I can verify that the ALs262 codecs (the audio chipsets), do have BI-DIRECTIONAL audio ports (connections)..
This BenGurion University article has created a bit of a 'firestorm' on various reporting websites, citing 'with special code even your speaker, or headphone speaker(s) can be used to spy on you'
In this Bengurion article, they go at LENGTH to try to prove that microphones can be made out of speakers.. (that has been known since the time of Edison).. and they go at length talking about certain demonstration codecs being reconfigured and connected up to speakers to RECORD AUDIO..
Here is the reality though...
One's PC (personal computer) uses the codec (the device that changes computer signals into audio, and audio (from your mike or line input) back into digitized computer code..
From the CODEC OUTPUT (the audio output line), for one's speakers, such goes to an OUTPUT ONLY amplifier chip (takes the very low current signals from the codec's output and converts it to be able to drive the PC's speakers). MEANING the path is ONE WAY, from the chip to the AMP to the SPEAKER(s)..
There is no back feed from the PC's speakers to any INPUT on the RealTek codec..
If one plugs one's headphone into the MIKE input of the PC, the PC's normal recording feature, called MIKE will be able to serve as a very poor response microphone. Nothing special there..
What the article alludes to is IF the heaphone speaker is LEFT plugged into the AUDIO OUTPUT jack for the PC, that the HEADPHONE can be used as a mike, by RETASKING the AUDIO OUTPUT jack into an audio INPUT JACK..
Well.. I pulled a DELL PC Schematic and took a close look at the RealTek codec, the amplifier chips for dedicated OUTPUT for both the internal speakers AND the HEADPHONE - there are NO INPUTs re-connected to the OUTPUTS..
ONE can create a software BRIDGE loop where the INPUT is connected PRIOR to the output amplifier.. meaning a low level loop is able to be created, but, the SPEAKER and the HEADSET (speaker) is electrically ISOLATED by the 'output amplifier'.. There is NO WAY to bridge the actual output back to the input circuit, or to have in some way a ONE WAY audio output amplifier act in REVERSE..
So my feeling is the article really is more mis-leading creating FEAR-PORN that one's plugged in headphone can be reverse tasked to be a mike when plugged into it's normal AUDIO OUTPUT jack, or that one's internal PC speakers can be a mike by messing with software drivers for the Codec.
Attached are the references to the PC schematic, showing the Codec, and OUTPUT and INPUT jacks, speakers and the driving AMPLIFIER..
Also are the references to some of the other websites which picked up the "fear porn" or misrepresentation article created by Ben-Gurion's researchers doing the 'experiments'.
Where the exaggeration happened, is from this - the CHIPSET by REALTEK allows for retasking inputs to be outputs, and outputs to be inputs. In CODE one says what the chip's PIN does. So that is where the article builds ALL its claims from.. BUT in reality, manufacturers HAVE TO ADD buffering and isolation amplifiers, which are ONE WAY, not TWO WAY.. MEANING because how in reality PC's are built, there is NO security issue about one's headphone jack (OUTPUT) being able to become a spyware mike, and certainly no way for one's built-in speakers able to be spyware mikes...
ON some motherboards, there are discrete AUDIO INPUTS and OUTPUTS which can be reconfigured, but they are LOW LEVEL signals, incapable of driving speakers.. No one will be plugging a speaker into one of those low level signal jacks. Can a mike be plugged into one of those reconfigured Jacks? No doubt.. but the point of the article is one's speakers OR headphones can be re-configured to be spyware (poor quality mikes)..
So, in the minimum - fear porn, or sensationalism to exploit a particular chipset's I/O (input output pins).
Are there some specific motherboards which will allow one to bypass and reconfigure buffer amplifiers? That is to be seen. Why anyone would configure their PC to be setup that way doesn't make any sense.
On the DELL schematic I didn't see a way to bypass the buffer/isolation amplifiers..
References -
Ben-Gurion article - https://arxiv.org/ftp/arxiv/papers/1611/1611.07350.pdf
RealTek Codec - http://datasheet.datasheetarchive.co...LD00003436.pdf
Dell computer schematic - showing the coded wiring, jack wiring, etc - http://www.informaticanapoli.it/down...%20diagram.pdf
http://www.bleepingcomputer.com/news...nd-spy-on-you/ - bleeping computer, headphones can be used to record nearby audio and spy on you
Digital trends article about turning speakers into mikes - http://www.digitaltrends.com/music/h...e-for-hackers/
Summary - hardly likely to be of any concern... IF a speaker is plugged in, into any jack that can be reconfigured, the speaker has to be AMPLIFIED, using a ONE WAY device, audio can't go back in across a one way OUT device..
IF one has a LIST Of computers which DO have a way to bypass the audio driver AMP(s) for both the headphone and/or speakers, please by all means post a LIST HERE. Those computers potentially could pose a risk for having a properly plugged in HEADPHONE on the side jack of the PC to become a poor quality mike..
IF there is a concern about some unknown PC having the headphone jack re-configured, simply UNPLUG the headphone. The built-in speaker circuit because of the ONE WAY amplifier, can't be reverse used as a mike.
Last edited by Bob; 24th November 2016 at 00:14.
-
9th February 2017 17:21
Link to Post #2