New “Glowworm attack” recovers audio from devices’ power LEDs
A new class of passive TEMPEST attack converts LED output into intelligible audio.
Researchers at Ben-Gurion University of the Negev have demonstrated a novel way to spy on electronic conversations. A new paper released today outlines a novel passive form of the TEMPEST attack called Glowworm, which converts minute fluctuations in the intensity of power LEDs on speakers and USB hubs back into the audio signals that caused those fluctuations.
The Cyber@BGU team—consisting of Ben Nassi, Yaron Pirutin, Tomer Gator, Boris Zadov, and Professor Yuval Elovici—analyzed a broad array of widely used consumer devices including smart speakers, simple PC speakers, and USB hubs. The team found that the devices' power indicator LEDs were generally influenced perceptibly by audio signals fed through the attached speakers.
Although the fluctuations in LED signal strength generally aren't perceptible to the naked eye, they're strong enough to be read with a photodiode coupled to a simple optical telescope. The slight flickering of power LED output due to changes in voltage as the speakers consume electrical current are converted into an electrical signal by the photodiode; the electrical signal can then be run through a simple Analog/Digital Converter (ADC) and played back directly.
. . .
The strongest features of the Glowworm attack are its novelty and its passivity. Since the approach requires absolutely no active signaling, it would be immune to any sort of electronic countermeasure sweep. And for the moment, a potential target seems unlikely to either expect or deliberately defend against Glowworm—although that might change once the team's paper is presented later this year at the CCS 21 security conference.
The attack's complete passivity distinguishes it from similar approaches—a laser microphone can pick up audio from the vibrations on a window pane. But defenders can potentially spot the attack using smoke or vapor—particularly if they know the likely frequency ranges an attacker might use.
Glowworm requires no unexpected signal leakage or intrusion even while actively in use, unlike "The Thing." The Thing was a Soviet gift to the US Ambassador in Moscow, which both required "illumination" and broadcast a clear signal while illuminated. It was a carved wooden copy of the US Great Seal, and it contained a resonator that, if lit up with a radio signal at a certain frequency ("illuminating" it), would then broadcast a clear audio signal via radio. The actual device was completely passive; it worked a lot like modern RFID chips (the things that squawk when you leave the electronics store with purchases the clerk forgot to mark as purchased).
Accidental defense
Despite Glowworm's ability to spy on targets without revealing itself, it's not something most people will need to worry much about. Unlike the listening devices we mentioned in the section above, Glowworm doesn't interact with actual audio at all—only with a side effect of electronic devices that produce audio.
This means that, for example, a Glowworm attack used successfully to spy on a conference call would not capture the audio of those actually in the room—only of the remote participants whose voices are played over the conference room audio system
READ MORE > https://arstechnica.com/gadgets/2021/08/new-glowworm-attack-recovers-audio-from-devices-power-leds/
No comments:
Post a Comment