A new research paper describes a side-channel attack technique that could enable hackers to eavesdrop on a conversation by tracking vibrations in a hanging light bulb.
The technique, which the researchers call "Lamphone," works by intercepting the vibrations in a hanging light bulb caused by the changing air pressure created by sound, according to a report from University of Negev and Weizmann Institute of Science in Israel. The researchers who captured these vibrations and turned them into audio note that they were able to successfully listen to conversations from about 25 meters away.
"We show how fluctuations in the air pressure on the surface of the hanging bulb, which cause the bulb to vibrate very slightly, can be exploited by eavesdroppers to recover speech and singing, passively, externally and in real time," according to the study, "Lamphone: Real-Time Passive Sound Recovery from Light Bulb Vibrations," which will be presented at the Black Hat USA 2020 virtual conference in August.
Although an earlier report showed how attackers could hack Amazon Alexa and Apple Siri using laser light beams to send remote audible commands, this is the first time it's been demonstrated that hackers potentially could convert audio in real time without using an external source, such as malware, according to the new study.
The Lamphone hacking technique relies on three technologies: a telescope, which is placed in the field of view on the hanging bulb from a distance; an electro-optical sensor mounted on top of the telescope; and a sound recovery system to capture the sound and process it, according to the new research report.
When a conversation is taking place in a room, the sound creates fluctuations in in the air pressure on the surface of the blub, causing it to vibrate. The analog electro-optical sensor captures this vibration as an optical signal and processes this using an audio recovery algorithm, the researchers say.
"We evaluate Lamphone's performance in a realistic setup and show that Lamphone can be used by eavesdroppers to recover human speech (which can be accurately identified by the Google Cloud Speech API) and singing (which can be accurately identified by Shazam and SoundHound) from a bridge located 25 meters away from the target room containing the hanging light bulb," the authors of the study write.
In one example, the researchers were able to clearly pick up a pre-recorded speech by President Donald Trump. In another test, to see how the technique could pick up non-speech audio, the researchers used the technique to listen to the Beatles' "Let It Be."
Because the Lamphone hack technique only requires light vibration for capturing the audio, it doesn't require the victims' direct engagement, the researchers note. And it doesn't involve the use of malware or spyware.
One major drawback with Lamphone, however, is that it requires a direct line of sight to the light bulb from within 25 meters. But using telescopes with different lens diameters might allow the technique to function from farther away, the researchers write.
One way to counter a Lamphone attack would be to limit the light captured by the sensor using weaker bulbs that emit less light, according to the report. The other is by reducing the vibration with the help of a heavier bulb.
"There is less vibration from a heavier bulb in response to air pressure on the bulb's surface. This will require eavesdroppers to use better equipment (e.g. a more sensitive ADC, a telescope with a larger lens diameter, etc.) in order to recover sound," the researchers write.
SOURCE: Bank Info Security