That's a good point. You would also need to leave your headphones plugged in while not playing sounds (I don't, but others might I suppose). Headphones also make a really crappy mic -- try it out by plugging them into a microphone jack (essentially what this malware emulates) and recording yourself: you'll need to hold them inches from your mouth to be intelligible.

This is an interesting idea and something that the driver software should be more vigilant about, but it's definitely not something that would lead me to conclude the headline.

> Headphones also make a really crappy mic -- try it out by plugging them into a microphone jack (essentially what this malware emulates) and recording yourself: you'll need to hold them inches from your mouth to be intelligible.

The article itself claims two orders of magnitude better reach:

> In their tests, the researchers tried the audio hack with a pair of Sennheiser headphones. They found that they could record from as far as 20 feet away—and even compress the resulting recording and send it over the internet, as a hacker would—and still distinguish the words spoken by a male voice.

One attack vector doesn't need to cover everyone. Developing many attack vectors as possible gives you the greatest chance that one of them will work against a particular target.

As an example, lets say that a particular organization has taken a number of standard precautions to prevent audio from being recorded surreptitiously. They've banned cell phones and chosen computers without internal mics. The ability to record sound via the output jack would be huge.

Besides, I bet beats would work just fine. The reason Sennheiser's worked so well is probably because they have a large speaker, whereas a ear bud has a pretty small speaker. A speaker being used to pick up audio is basically a dynamic mic, which are not very sensitive for a given size. So I'd expect something like Beats, or the cheapo AKGs I have connected to my audio jack right now to work quite well.

> The reason Sennheiser's worked so well is probably because they have a large speaker

The reason I’m singling out beats, and a few other cheap headphones is because those tend to add a DSP to boost the bass.

That’s why it wouldn’t work with them.

Some of the lower end Sennheisers are decidedly crappy.

I have a pair of shitty Sennheizer headphones. Apparently they dilluted their brand a lot.

Which model, and could you be specific about what is so crappy about them?

Pretty sure they are the Sennheiser hd 202 . But mine are gray, not black.

They have no base and sound very muffled. Sure, for 50 $ they are cheapish, but I expected better.

I had 2 pairs of philips before that were even cheaper, but sounded pretty good.

Well, they’re advertised as "cheap DJ headphones".

They have a lot of focus on bass (with having far overpowered bass compared to what high-quality headphones would have), and not much on detail.

Sennheiser produces products for many different categories, if you want accurate sound reproduction, better not buy those marketed for DJs.

These https://www.amazon.com/Sennheiser-HD-518-Headphones-Black/dp... or https://www.amazon.com/Sennheiser-HD-4-30i-White-Headphones/... would have been better for that use case.

Why couldn't you switch between input and output fast enough that you can't hear the difference, prioritizing output, and get low fidelity but viable input?

Producing output requires vibrating the headphone elements. That vibration will completely swamp any vibration induced by the sound in the room. Cutting the output long enough to dampen those vibrations will certainly be noticeable.

If you're looking for the most viable defense, how about unplugging your headphones.