Cyber Security

Spies can eavesdrop by watching a light bulb in the room


It is possible to spy on secret conversations that happen in a room from a nearby remote location simply by observing a light bulb in the room which could be visible from a window and measuring the amount of light it emits.

A novel side-channel attacking technique has been developed and demonstrated by a team of cybersecurity researchers that can be utilized by eavesdroppers to obtain full sound from a victim’s room that has an overhead hanging bulb.

A team of academics—Ben Nassi, Yaron Pirutin, Adi Shamir, Yuval Elovici and Boris Zadov—from the Israeli’s Ben-Gurion University of the Negev and the Weizmann Institute of Science have published their findings in a newspaper and it will be also presented at the Black Hat USA 2020 conference later this August.

The technique for long-distance eavesdropping is called “Lamphone,” and it operates by capturing minuscule sound waves optically through an electro-optical sensor directed at the bulb and using it to recover speech and recognize music.

Working of ‘Lamphone Attack’

The main assumption of Lamphone depends on detecting vibrations from hanging bulbs due to air pressure fluctuations that occur naturally when sound waves hit their surfaces and measuring the tiny changes in the bulb’s output that those small vibrations trigger to get bits of conversations and identify music.

The researchers stated that they assumed a victim located inside a room that has a hanging light bulb. The assumed an eavesdropper as a malicious entity that wants to spy on the victim to collect the victim’s conversations and use the information in the conversation such as stealing the victim’s credit card number.

In order to achieve this, a telescope is set up to get a close-up view of the room containing the bulb from a distance, an electro-optical sensor is mounted on the telescope to convert light into an electrical current, an analog-to-digital converter to transform the sensor output to a digital signal, and a laptop to process incoming optical signals and output the recovered sound data.

Lamphone leverages the advantages of the Visual Microphone (it is passive) and laser microphone methods of recovering speech and singing.

Lamphone Attack Demonstration

The researchers recovered an audible extract of President Donald Trump’s speech that could be transcribed by Google’s Speech to Text API. They also replicated a recording of the Beatles’ “Let It Be” and Coldplay’s “Clocks” that were clear enough to be recognized by song identification services like Shazam and SoundHound.

How the fluctuations in the air pressure on the surface of the hanging bulb (in response to sound) were demonstrated, which caused the bulb to vibrate very slightly (a millidegree vibration), can be exploited by eavesdroppers to recover speech and singing, passively, externally, and in real-time.

The researchers analyzed a hanging bulb’s response to sound via an electro-optical sensor and learned how to isolate the audio signal from the optical signal. They then developed an algorithm to recover sound from the optical measurements obtained from the vibrations of a light bulb and captured by the electro-optical sensor.

The development can be used in many sophisticated techniques that can be leveraged to snoop on unsuspecting users and extract acoustic information from devices that functions as microphones, such as motion sensors, speakers, vibration devices, magnetic hard disk drives etc.

The new technique is applicable at great distances ranging from at least 25 meters away from the target using a telescope and a $400 electro-optical sensor, and can further be amplified with high-range equipment.

Unlike earlier eavesdropping setups, Lamphone side-channel attacks can be applied in real-time scenarios. Also, the attack does not require a malicious actor to compromise any victim’s device.

Since the attack depends mainly on the light output, using a weaker bulb to reduce the amount of light captured by the electro-optical sensor and a curtain to limit the light emitted from a room can be included in the countermeasures. A heavier bulb can also be used to minimize vibrations caused by changes in air pressure.

Priyanka R
Cyber Security Enthusiast, Security Blogger, Technical Editor, Author at Cyber Safe News

    Knoxville IT network shut down after ransomware attack

    Previous article

    Accessories giant Claire’s hit by Magecart attack

    Next article

    You may also like


    Leave a reply

    Your email address will not be published. Required fields are marked *