2

Not sure if there is a more proper stackexchange for this... I have heard vaguely of problems with usb devices being insecure for obvious reasons, but what about headphone jacks? Can they impersonate devices like keyboards, send data such as keystrokes to the machine? I am trying to imagine a scenario like the in-line microphone housing a gsm broadcaster/receiver, which would receive power from the port. So a malicious device wouldn't necessarily have to interface with the computer/phone in an obtrusive manner, but just sit there and suck up all audio within range and transmit it across a cellular network? Is this feasible? Also, do fbi agents sneak into my room at night and move things around in a subtle way in an effort to "gaslight" me? Just kidding about the last question.

Edit to explain difference from "can headphones transmit malware": What about the other scenario I described where only power is transmitted TO the headphones and the inline microphone houses wifi or cellular transmitter/receiver?

Edit for clarification: A lot of interesting points have been brought up, but I feel like I must not have described this well, since answers range from Van-Eck phreaking scenarios, to alteration of the laptop's hardware. The laptop has nothing to do with what I am describing. Assume the laptop (hardware and software) is known to be completely clean and trusted. I am talking about a malicious set of headphones with inline microphone (the little box on one of the wires to the headphones). Inside the inline microphone box is a transmitting device (ideally it would be a cellular transmitter). The inline microphone would be always on, and transmitting all data to some malicious actor over the cellular transmitter. The inline microphone and headphones would still function as normal from the users perspective. The transmitter would receive power from the 3.5mm jack.

crazyfox
  • 45
  • 1
  • 4
  • "So a malicious device wouldn't necessarily have to interface with the computer/phone in an obtrusive manner, but just sit there and suck up all audio within range and transmit it across a cellular network?" -- Yes, hidden microphones have been around for 60+ years. That sounds like a run of the mill bug/wire, except for the transmitting to cellular network and drawing power from the laptop – Robert Fraser Nov 16 '16 at 05:55
  • 1
    "Also, do fbi agents sneak into my room at night and move things around in a subtle way in an effort to "gaslight" me?" -- On that subject, [make sure you have a carbon monoxide detector](https://np.reddit.com/r/legaladvice/comments/34l7vo/ma_postit_notes_left_in_apartment/cqvrdz6/?context=3). – Xiong Chiamiov Nov 16 '16 at 06:04
  • I sleep in a sterilized clean room with various sensors. Some of which are calibrated to detect compounds not yet known to earth-people. I just don't like the idea of fbi agents getting dirt everywhere. – crazyfox Nov 16 '16 at 06:15
  • @techraf: How is this a duplicate of the post referenced? Is there anything about malware or transmission of anything other than power through the headphone jack? This has absolutely nothing to do with malware. – crazyfox Nov 17 '16 at 02:01
  • "Duplicate question" does not mean the question is literally the same. Instead, it means the answers under the other question pertain to this question. Did you read the answers? They do answer your question. – techraf Nov 17 '16 at 02:03
  • @techraf: I don't see anything about the 3.5mm being used to power a device in the inline microphone. – crazyfox Nov 17 '16 at 02:18

3 Answers3

5

No. The FBI agents thing is more likely; that's at least possible to imagine a scenario whereby it could occur.

The 3.5mm port is an analog port for audio. A malicious device can't impersonate anything, because it has no way to identify itself as anything (fraudulently or otherwise). Anything sent down to the computer would just be received as... microphone input. The vast majority of laptops and many desktops have microphones that are connected 24/7, and send signals whenever there's powerful-enough sound waves to create a detectable electrical impulse. Nothing comes of it.

The scenario you describe is not relevant to the 3.5mm port; that's about the question of "could somebody build a malicious device into a microphone" and has nothing to do with the jack, per se (mics can also connect via USB, Lightning, Bluetooth, and a bunch of other stuff). The answer to that is, technically, yes, but they could do the same thing with your mouse, your monitor, your case, your flashdrive, your webcam (most of which have mics, not that this matters), your DVD drive, and anything else. Ironically, it would not work the way you describe it; the computer doesn't push any power out the audio jack unless it's trying to play audio out that jack, so your device wouldn't get any juice most of the time!

CBHacking
  • 42,359
  • 3
  • 76
  • 107
  • Thanks, that answers the first part of the question. But can power be drawn for a device besides a microphone within the inline housing that is common on many new headphones? – crazyfox Nov 16 '16 at 05:56
  • A) No, and I already answered that (not unless your computer is emitting a constant tone to its non-existent speakers, for some reason). B) That's a really silly question (do you have any idea how speakers *work*?), considering how much easier it is to get power from practically anything else you connect to a computer. Like, you chose the only kind of port (on most computers) that doesn't *have* power pins. – CBHacking Nov 16 '16 at 06:01
  • So the computer would have complete control over if it was sending any power to the jack, and power could in no way be requested from a device plugged into the jack? – crazyfox Nov 16 '16 at 06:03
  • I am finding information where it seems low amounts of power CAN be transmitted from a headphone jack. I am not sure how reliable it is yet as I search other sources:https://www.quora.com/Can-a-headphone-jack-used-to-be-a-power-output – crazyfox Nov 16 '16 at 06:11
  • If it was playing audio to what it thinks is headphones, then it's outputting a small amount of power (to drive said headphones). A malicious device could intercept that easily enough, but it couldn't really cause the device to play audio. – SomeoneSomewhereSupportsMonica Nov 16 '16 at 06:17
  • @SomeoneSomewhere: Do you mean that if the power being output for playing sound, if hijacked, would cause the sound to not be heard (or be degraded) through the headphones? – crazyfox Nov 16 '16 at 06:21
  • It would certainly be quieter, but I'm not certain whether the quality could/would be affected. I was more thinking of having the device instead of headphones, not in addition to. – SomeoneSomewhereSupportsMonica Nov 16 '16 at 06:25
  • @SomeoneSomewhere: What I am describing would be a device that appears to be a normal set of headphones with inline microphone. The difference being that inside the mic housing, perhaps a cellular receiver/transmitter exists that is charged by power from the 3.5mm jack. So as far as the computer knows, it is just sending power and analog signal as usual. The microphone records as usual, but instead of only transmitting back to the jack, it transmits data from the mic housing using some wireless technology. – crazyfox Nov 16 '16 at 06:34
  • The power and the analogue signal are the same thing - it's a high-power analogue signal, and you can derive power from that. However, it's likely also sending a separate power feed for the mic, as most mics require a DC voltage IIRC. – SomeoneSomewhereSupportsMonica Nov 16 '16 at 06:35
  • Okay that answers the most relevant part of my question, which seems to be "yes, it is possible", especially if a mic is powered separately rather than from the analog signal. If you would care to frame this commentary in the form of an answer, I will accept. – crazyfox Nov 16 '16 at 06:41
  • @CBHacking: If the port is only an analog port for audio, how would you explain the "square credit card reader"? It is obviously doing more than receiving an analog audio signal. – crazyfox Nov 17 '16 at 02:04
  • The square device comes in a couple forms. The original one was a simple passive device connecting a magnetic read head to the mic line. The signal's power came from the physical movement of the card. The newer ones have an encryption IC inside, and the app plays a tone to power it. The IC returns the data over the mic line by modulating the signal. – Reid Rankin Nov 17 '16 at 04:13
  • @crazyfox: Nope, the Square reader just sends an analog audio signal. It is up to the Square *app* to perform an analysis of the received audio and derive meaning (data) from it. To the device, the Square reader is just another headset; if any app other than Square is using the audio jack, all it gets back is a chirp (kind of like a brief part of a dial-up modem). – CBHacking Nov 17 '16 at 04:22
1

Being able to transmit sound is possible to any object bit enough to contain a microphone, a transmittor and a battery. All of those are now small enough to fit in a pen without any problem. So yes headphones or even a microphone connected to a jack can be used to spy you.

Using the energy from a headphone jack is more tedious. Of course small electric current is involved to transmit the sound information, but AFAIK, it will be hard to use that, and anyway it will only work when you actually use the headphone. As it is much more easy to use an internal battery, I do not think that this is really the problem.

But there can be another source of insecurity. Short circuits in the device or injection of out of range current can permanently damage the computer where it is connected. Depending on the intensity level, you could damage only the interface or more... Remember what happened in the old time where we used internal modem to send faxes or to connect to the internet when the thunder clashed on the telephone line : at best the modem was to replace, at worse only the PC case survived, and everything else (memory, processor, disk, power supply, etc.) was destroyed.

Serge Ballesta
  • 25,952
  • 4
  • 42
  • 84
  • What about an internal battery that is intermittently recharged when headphones are receiving power? Regarding "only receiving power when in use", another commenter pointed out that they thought the mic would receive power separately from the headphones receiving sound input, thoughts? I am mostly lost on the last paragraph, I used a modem once or twice to play warcraft 2 and dukenukem, but I have no idea what would happen in the case of lightning on the lines. – crazyfox Nov 16 '16 at 08:22
  • @crazyfox I sometime forget that younger people seldom used modems... Post edited. – Serge Ballesta Nov 16 '16 at 08:29
  • I am not so young, but I was very stupid for a long time. Now I am only uneducated. – crazyfox Nov 16 '16 at 08:49
1

Some security researchers found a way to silently send voice commands via intentional electromagnetic interference on the jack port with headphones plugged in. This attack targets Siri on iPhones, so I don't think this can be ported to a laptop without software listening for audio commands.

https://www.wired.com/2015/10/this-radio-trick-silently-hacks-siri-from-16-feet-away/

To sum up, headphones can only receive "sound". If nothing interprets this sound, you'll be fine.

A. Hersean
  • 10,173
  • 3
  • 29
  • 42