Monday, March 27, 2017

Malware Turns PCs into Eavesdropping Devices

Malware Turns PCs into Eavesdropping Devices
Cadamier Network Security in Denver has recently learned that malware turns PCs into eavesdropping devices even without a microphone according to researchers at Ben-Gurion University of the Negev (BGU). If you’re concerned about this news (and you should be), our experts can make sure this is not happening to you. We are committed to network security protection, detection, and enforcement. We’ve been in business since 2001 and our job is to help business, governments, and organizations keep their information network safe and that includes protecting you from malware. 

According to Science Daily, which reports on research news, the new research paper titled, SPEAKE(a)R: Turn Speakers to Microphones for Fun and Profit, details and demonstrates how most PCs and laptops are vulnerable to this type of malware attack, which lets hackers change your headphones into a microphone and listen to your conversations.

An article in Daily Mail explains researchers have designed a code called 'Speake(a)r, which retasks a computer's outputs to inputs. This means it allows them without your knowledge to record audio even when your headphones are in the output-only jack.

Amazingly, the Ben Guiron University research team used a pair of headphones to capture vibrations in the air and convert them to electromagnetic signals in order to record audio from 20 feet across the room.

With malware, the research team used a common feature in most computers—RealTek audio codec chips. This allows them to get inside the computer and reverse its output function to input, which lets them to secretly hear your conversations.

According to an article at Cornell University Library, the malware can use a computer as an eavesdropping device, even when a microphone is not present, muted, taped, or turned off. A typical computer chassis has a number of audio jacks, in the front panel or in the rear panel or both. The jack is used for input, or for output. The audio chipsets in today’s motherboards and sound cards have an option for changing the function of an audio port with software, sort of like an audio port programming which is called jack retasking or jack remapping.

Professor Yuval Elovici is the director of the BGU Cyber Security Research Center (CSRC) and he is a member of BGU's Department of Information Systems Engineering. Elovici points out that since headphones, earphones, and speakers are physically built like microphones, the audio port in the PC and laptops can be reprogrammed from output to input allowing hackers to gain access to private information without your knowledge.

Several software countermeasures have been suggested, including disabling the audio hardware, using an HD audio driver to let the user know when microphones are being secretly accessed, and creating a rejacking policy within the industry. Another consideration is developing anti-malware and intrusion detection systems to monitor and detect unauthorized speaker-to-mic retasking operations and the block them.

In just another example of how malware can create dangerous information leaks and privacy invasion, researchers at Ben-Gurion University of the Negev (BGU) have shown how malware turns PCs into eavesdropping devices even without a microphone. Cadamier Network Security in Denver can help protect you and your business. Cadamier has provided Security Services for a wide range of clients including the DOD and the FBI and have been instrumental in providing network security reviews to organizations of all sizes. Cadamier continues to work closely with both state and federal regulatory authorities including the NCUA, FFIEC, and the DHHS in order to ensure that our clients are implementing the latest technologies and services to best protect their interests.