Likelihood of a Headphone/Speaker-to-Microphone Exploit?

ironwindow

Hello, I recently read that it's possible for an audio output device, such as a pair of headphones or a speaker, to be used as a microphone, since they both have a very similar internal structure. It was done as a proof-of-concept by a group of Isreali security researchers a while back.

So then my question is:
How easy would it be for an app/website/virus, on a Graphene phone, to perform such an exploit?
Does it only require the ability to output audio on the device, or would it need far more escalated privileges? Is it the sort of thing that would set off GrapheneOS's verified boot mechanism?

Oggyo

We did this in physics lab classes a long time ago, I mean using the speaker as a microphone. Yes, indeed the structure of both are very similar. At least back in time headphone (wired) models. Not sure how this is applicable to earbuds, etc.

But, you need to understand that before that starts working you need to reverse the output connection to the input one.
Recent Pixel devices have no 3.5 mm jack. If you need to connect wired headphones you have to use USB-A to 3.5 mm female jack adapter. So, unless you use any specially modified USB-C DAC (digital to analog converter) I don't see how this is possible. Even the USB-C DAC has "smart" firmware which allows swapping the input and output I don't see how the random wild exploit will be able to utilize it.

ironwindow

Oggyo
Ah, I see. So the input/output would have to be swapped on the firmware level of the USB-C DAC. I assume that would first require getting system privileges to access/modify the firmware?
In that case, it wouldn't seem like a viable attack vector at all.

[deleted]

ironwindow I assume that would first require getting system privileges to access/modify the firmware?

I don't think someone can modify the firmware without unlocking the bootloader

ironwindow

[deleted]
I meant the firmware of the USB-C DAC, if it has one.