If you thought hackers being able to make use of any ordinary light bulb to spy on your conversations from 80 feet away was ingenious, wait until you see what they have come up with now.
Hackers exploit new passive attack method to eavesdrop from a distance
Security researchers from the cyber unit at the Ben-Gurion University of the Negev in Israel have a good track record of leftfield thinking regarding eavesdropping on your conversations. Forget breaching your privacy by compromising passwords to access your networks, or the use of vulnerabilities in your software or operating system. And if you thought that physical access to your smart speakers, or most any speaker, was required to listen in to the audio being transmitted, you’d be wrong there as well.
A new twist on an old spying technique
As first reported by Ars Technica, these hackers have developed a new twist on the old military technique, known by the National Security Agency codename of TEMPEST, of spying through the use of leaking emanations. Of these, the ability to eavesdrop by way of a laser microphone beamed onto a window as used during the Cold War era is perhaps the most well-reported.
This has the drawback of being an active attack, with that laser beam having to illuminate the surface and so being open to easy detection. The newly reported surveillance methodology, however, is passive in nature.
How does a Glowworm spy attack work?
The researchers claim that Glowworm is a new class of TEMPEST attack: one with the ability to recover sound by the analysis of ‘optical emanations’ from the LED power indicator of a device. The invisible to the naked eye flickering of power LEDs, minute fluctuations in the intensity of that light caused by tiny voltage variations to speakers or the USB hubs they are connected to, during audio output. The methodology was tested on smart speakers and dedicated PC speakers with success where the LEDs were connected directly to the power line without any measures to counter the correlation between LED intensity and power consumption.
To pull off this privacy-busting attack ‘simply’ requires the use of an electro-optical sensor attached to a telescope. Once this is pointed at the target power LED, from distances of up to 100 feet away, the optical signal can be sampled. Then, an optical-audio transformation (OAT) process recovers the original acoustic signal and the conversation itself.
Well, one side of it, at least.
You can see the Glowworm attack in action in the video below.
Mitigating the dangers of a Glowworm LED attack
Glowworm can only eavesdrop on audio output from the speaker itself, not any other audio in the same room. While the passive nature of Glowworm certainly makes it hard to detect, the usual electronic sweeps would not reveal an attack in progress; the one-sided nature of this eavesdropping is just one of the downsides to this otherwise fascinating research project.
You’ve probably already jumped to the most obvious mitigation conclusion: as Glowworm requires a clear line of sight to the power LED, closing the curtains, turning speakers around to face away from any window or sticking a piece of, oh the irony, electrical tape over the LED will all kibosh it.
Don’t get me wrong; I love this kind of research. It gets me out of bed in the morning and keeps me interested in what I do. But no matter how clever, fantastical, Glowworm is, what it isn’t is something you need to worry about. There are far easier ways of breaching your privacy with far greater chances of success than this.