Researchers have discovered a novel way to spy on conversations that are happening in houses from almost a hundred feet away. The hack stems simply from a lightbulb hanging in the home.
The hack, dubbed “lamphone,” is performed by analyzing the tiny vibrations of a hanging lightbulb, which are caused by nearby sounds. All an attacker would need is a laptop, as well as a telescope and an electro-optical sensor (altogether costing less than $1,000). They would also need to set up near the window of a room that contains the hanging lightbulb.
“Fluctuations in the air pressure on the surface of the hanging bulb (in response to sound), which cause the bulb to vibrate very slightly (a millidegree vibration), can be exploited by eavesdroppers to recover speech and singing, passively, externally, and in real time,” said researchers with the Ben-Gurion University of the Negev and Weizmann Institute of Science, in a paper published this week. The research will be further presented at the Black Hat USA 2020 virtual conference in August.
Previous methods to leverage sound frequency in hacks have been uncovered before this. For instance, in November, researchers discovered a new way to hack Alexa and Siri by pointing a laser light beam at the smart speakers’ microphones to send them remote, inaudible commands. Even beyond these electro-optical based hacks, other ways to eavesdrop exist that include planting electronic bugs in a room, or compromising mobile devices with spyware.
However, Ben Nassi, one of the researchers who discovered “lamphone,” argued that unlike the new lightbulb-based hack, these previous attacks either could not be applied in real time, or they were not passive (meaning that they require the attacker to direct the laser beam at the speaker, for instance).
Testing ‘Lamphone’
Researchers tested the hack by placing multiple telescopes around 80 feet away from the lightbulb in a target office (with lens diameters of 10, 20 and 35 centimeters). They then used a Thorlabs PDA100A2 electro-optical sensor placed on the telescopes’ eye piece. The target lightbulb was a 12-Watt LED bulb.
The lightbulb in the room would give off tiny vibrations in reaction to sound, including, for instance, music playing on the radio or someone speaking. These vibrations were reflected in the light signals picked up by the electro-optical sensor.
Researchers then utilized an analog-to-digital converter, and converted the electrical signals from that sensor into digital information. Finally, researchers processed the signals through software to filter out noise, using the Google Cloud Speech API to recover human speech and apps like Shazam or SoundHound to identify songs. The video below walks through the proof-of-concept (PoC) hack:
Through this experiment, researchers were able to glean various noises in the room – including two well-known songs – “Let it Be” by the Beatles and “Clocks” by Coldplay – as well as President Donald Trump’s “We will make America great again” speech.
While researchers performed the hack from 80 feet away from the target bulb, they said that the range can be amplified with proper equipment – such as a bigger telescope or a different analog-to-digital converter.
Mitigations
Countermeasures for “lamphone” are limited. One approach would be to reduce the amount of light emitted by lightbulb, researchers said. That’s because the hack is less effective when there’s less light being captured by the electro-optical sensor. Another mitigation would be to use heavier lightbulbs in the home. That’s because there is less vibration from a heavier lightbulb that could be captured by attackers.
That said, the attack still comes with limitations. It only works if an attacker can view light emitted from a hanging lightbulb that happens to be on, when a victim happens to be home and having a conversation. So, the simplest mitigation would merely be to turn off the lights, or close your shades.
Regardless, researchers stressed that leveraging electro-optical sensors in privacy-busting hacks will continue to undergo innovation in future attacks, making it even easier to eavesdrop in on sensitive conversations behind closed doors.
“As a future research direction, we suggest analyzing whether sound can be recovered via other light sources,” they said. “One interesting example is to examine whether it is possible to recover sound from decorative LED flowers instead of a light bulb.”
FREE Webinar: Are you on top of the shifting insider threats within your business? On June 24 at 2 p.m. ET, join Threatpost and our panel of experts for a complimentary webinar, “The Enemy Within: How Insider Threats Are Changing.” Get exclusive insights on how remote working has increased the risk of insider threats, and how to gain visibility into employee behavior while striking the right balance between privacy and ease of use. Please register here for this webinar.