By developing a prototype code that uses a unique form of malware, Israeli security researchers from Ben Gurion University demonstrated how software could convert headphones into microphones to eavesdrop on the user.

Headphone speakers convert electromagnetic signals into sound waves through a membrane’s vibrations.

The malware works by programming these membranes to work in reverse and convert the vibrations in the air back into electromagnetic signals to capture the audio of someone using a headset from across a room.

Using this experimental method, which they have subsequently named “Speake(a)r”, the researchers were able to show how it’s possible to hijack a device to record audio even when its microphones have been disabled, or even completely removed.

“People don’t think about this privacy vulnerability,” says Mordechai Guri, the research lead of Ben Gurion’s Cyber Security Research Labs told Wired.

“Even if you remove your computer’s microphone, if you use headphones you can be recorded.”

The Ben Gurion researchers were able to make this a possibility due to a vulnerability in RealTek audio codec chips - the stuff that makes your computer software compatible with the audio hardware - to retask the computer’s output channel as an input channel, allowing the malware to record audio even when the headphones don’t even have a microphone channel on their plug, or are connected to an output-only audio jack.

As the RealTek chips are very common in most modern desktops and laptops, the researchers claim their prototyped attack will work on practically any computer, be it Windows or MacOS.

“This is the real vulnerability,” says Guri. “It’s what makes almost every computer today vulnerable to this type of attack.”

This story first appeared on The Sun.