Security researchers from the Ben Gurion University in Israel seem to have a knack for coming up with nifty espionage methods. Two years ago they presented a method to steal data from PCs using FM radio waves, last year they showed off a way to wirelessly transmit data via any USB flash drive from an airgapped PC, and now they illustrate how it's possible to record sound by turning the speakers in your headphone into microphones.
Using a piece of code they dubbed “Speake(a)r”, the researchers managed to record audio from computers even when the device's microphones have been entirely removed or disabled. The method works by reversing how your headphones work. Sound is generated by turning electromagnetic signals into sound waves through a speaker's membrane vibrations, but speakers can also absorb sound vibrations and convert them into electromagnetic signals that can be recorded by your computer. This is not exactly a secret, but the Ben Gurion researchers figured out a way to exploit this behavior.
The real vulnerability here is a relatively unknown feature of the RealTek audio codec chips, which is so ubiquitous it's found in almost every PC or laptop. The RealTek audio chips makes it possible to retask a computer's output channel into an input channel, so if you can put a piece of malware on someone's computer you can eavesdrop via a channel most people don't even realize exists.
As Wired points out, quite a number of people of people in the tech community are concerned about microphones, but it seems headphones are just as dangerous if you want to eliminate the risk of someone eavesdropping on you:
To be fair, the eavesdropping attack should only matter to those who have already gone a few steps down the rabbit-hole of obsessive counter-intelligence measures. But in the modern age of cybersecurity, fears of having your computer’s mic surreptitiously activated by stealthy malware are increasingly mainstream: Guri points to the photo that revealed earlier this year that Mark Zuckerberg had put tape over his laptop’s microphone. In a video for Vice News, Edward Snowden demonstrated how to remove the internal mic from a smartphone. Even the NSA’s information assurance division suggests “hardening” PCs by disabling their microphones, and repair-oriented site iFixit’s Kyle Wiens showed MacWorld in July how to physically disable a Macbook mic. None of those techniques—short of disabling all audio input and output from a computer—would defeat this new malware. (Guri says his team has so far focused on using the vulnerability in RealTek chips to attack PCs, though. They have to determine which other audio codec chips and smartphones might be vulnerable to the attack, They have to determine which other audio codec chips and smartphones might be vulnerable to the attack, but believe other chips and devices are likely also susceptible.)
The Ben Gurion researchers report the trick works well, they found that with a pair of Sennheiser headphones they could record sound from as far as 20 feet (6 meters) away.