Cyber security news for all

More

    Spies can listen in on conversations using the lightbulb

    There is no end to the methods applied in getting information. The lightbulb is the newest form of spyware. It has been turned into an instrument for spying; people have discovered how to spy on others by simply measuring the amount of light the lightbulb emits.
    Who would have thought that there’s a technique for eaves-dropping?

    A team of cybersecurity researchers has developed and demonstrated a novel side-channel attacking technique that can be applied by eavesdroppers to recover full sound from a victim’s room that contains an overhead hanging bulb.
    A team of academics: Ben Nassi, Yaron Pirutin, Adi Shamir, Yuval Elovici, and Boris Zadov, from the Israeli’s Ben-Gurion University of the Negev and the Weizmann Institute of Science released the findings in a new paper. It will also be presented at the Black Hat USA 2020 conference later this August.

    This technique, termed Lamphone, employs the use of sound waves. It optically captures small sound waves through an electro-optical sensor directed at the bulb; using it to recover speech and recognize music.

    The researchers said, “we assume a victim located inside a room/office that contains a hanging lightbulb. We consider an eavesdropper a malicious entity that is interested in spying on the victim; to capture the victim’s conversations and make use of the information provided in the conversation (e.g., stealing the victim’s credit card number, performing extortion based on private information revealed by the victim, etc.). Lamphone leverages the advantages of the Visual Microphone (it is passive) and laser microphone (it can be applied in real-time) methods of recovering speech and singing.”
    To achieve their goal, the eavesdroppers have a setup which comprises; a telescope, an electro-optical sensor, an analog-digital converter, and a laptop.

    Distance of eavesdropping

    This technique, which is applicable in a real-life scenario, is functional from distances of at least 25 meters. Sound waves are amplified for further listening;with the use of a telescope and electro-optical sensor, soundwaves can be amplified for further listening.

    This attack doesn’t require any threat actor because it is taking place in an external scenario. Since Lamphone depends on light output, a suggestive countermeasure is reducing the amount of light captured and using a curtain to limit emission. The use of a heavier bulb, which minimizes vibrations caused by changes in air pressure, is also advised.

    Demonstrations
    To demonstrate the technique, researchers used an audible extract of Donald Trump’s speech, a recording of Beatles, “Let it Be,” and Coldplay’s “Clock.”
    The researchers outline the demonstration. “We show how fluctuations in the air pressure on the surface of the hanging bulb (in response to sound); which cause the bulb to vibrate very slightly (a millidegree vibration), can be exploited by eavesdroppers to recover speech and singing, passively, externally, and in real-time. We analyze a hanging bulb’s response to sound via an electro-optical sensor;and learn how to isolate the audio signal from the optical signal. Based on our analysis, we develop an algorithm to recover sound from the optical measurements obtained from the vibrations of a light bulb and captured by the electro-optical sensor.”

    “The development adds to a growing list of sophisticated techniques that can be used to snoop on unsuspecting users. And extract acoustic information from devices intended to function as microphones such as; motion sensors, speakers, vibration devices, magnetic hard disk drives, and even wooden tables.”

    Recent Articles

    Hackers send malicious Azure Cloud apps to Microsoft

    Microsoft has banned some Azure Cloud applications from its cloud that the company identified as part of an attack infrastructure. Microsoft describes the approach...

    Vodafone experiences a vulnerability with fatal effects

    The injected JavaScript can access the session cookies from Vodafone website and send them to a server. An attacker can take over the session...

    Maze leaks data on its own platform

    The Maze ransomware has been up to almost a year and a half. This week, security experts warned about the actions of the cyber...

    Emotet to spread the malware behind email archives

    If you find an attached pack to an email these days, you should be particularly careful: the highly developed malware Emotet could be lurking...

    500,000 Activision accounts have been leaked

    Activision has taken a position on the alleged leak. According to the publisher, there has never been a data leak. In some cases it is...

    Related Stories

    Leave A Reply

    Please enter your comment!
    Please enter your name here

    Stay on op - Ge the daily news in your inbox