Cyber-security researchers at Ben-Gurion University in Israel are very good at looking at situations from a leftfield thinking perspective, recently regarding eavesdropping on your private conversations. Conventional thinking is to breach your privacy by compromising passwords to access your networks, or the use of vulnerabilities in your software or operating system. If you thought that ‘physical access’ to your smart speakers, or most any speaker, was required to listen in to the audio being transmitted, you'd be wrong there as well.
Researcher found new angle on an old spying technique - As first reported by Ars Technica, hackers have developed a new twist on the old military technique, known by the US National Security Agency (NSA) codename of TEMPEST, of spying using leaking releases. Of these, the ability to eavesdrop by way of a laser microphone beamed onto a window as used during the Cold War era is perhaps the most well-reported.[1] This technique has the drawback of being an active attack, with that laser beam having to illuminate the surface and so being open to easy detection. Not the best for spying. The newly reported surveillance methodology, however, is passive in nature.
Glowworm spy attack methods. Israeli researchers assert that Glowworm is a new class of a TEMPEST type attack: one with the ability to recover sound by the analysis of 'optical emanations' from the LED power indicator of a device. The invisible to the naked eye flickering of power LEDs, minute fluctuations in the intensity of that light caused by tiny voltage variations to speakers or the USB hubs they are connected to, during audio output. The methodology was tested on ‘smart’ speakers and dedicated PC speakers with success where the LEDs were connected directly to the power line without any measures to counter the correlation between LED intensity and power consumption.
To pull off this privacy-busting attack 'simply' requires the use of an electro-optical sensor attached to a telescope. Once this is pointed at the target power LED, from distances of up to 100 feet away, the optical signal can be sampled. Then, an optical-audio transformation (OAT) process recovers the original acoustic signal and the conversation itself. Well, one side of it anyway. .
Glowworm attack in action on the video link: https://youtu.be/z4-OFLTHtiw?t=13
Mitigating the dangers of a Glowworm LED attack - Glowworm can only eavesdrop on audio output from the speaker itself, not any other audio in the same room. While the passive nature of Glowworm certainly makes it hard to detect, the usual electronic sweeps would not reveal an attack in progress; the one-sided nature of this eavesdropping is just one of the downsides to this otherwise fascinating research project.
Some may have made the assumption to the most obvious mitigation conclusion: as Glowworm requires a clear line of sight to the power LED, closing the curtains, turning speakers around to face away from any window or sticking a piece of, oh the irony, electrical tape over the LED will all stop the attack. Is this an imminent threat? No matter how ingenious and fantastic Glowworm presents, the immediate ‘threat’ is not a serious reality. There are many easier ways of violating your privacy with far greater chances of success than Glowworm. Yet, it demonstrates the possibilities that bad actors will follow to disrupt governments, companies, and individuals. Original article by: Dave Winder, Forbes.
Red Sky Alliance is a Cyber Threat Analysis and Intelligence Service organization. For questions, comments or assistance, please contact the lab directly at 1-844-492-7225, or feedback@wapacklabs.com
Weekly Cyber Intelligence Briefings:
- Reporting: https://www.redskyalliance.org/
- Website: https://www.wapacklabs.com/
- LinkedIn: https://www.linkedin.com/company/64265941
Weekly Cyber Intelligence Briefings:
REDSHORTS - Weekly Cyber Intelligence Briefings
[1] https://www.forbes.com/sites/daveywinder/2021/08/15/hackers-use-flickering-power-leds-to-spy-on-conversations-100-feet-away/?sh=b96f0d645301
Comments