New ‘Glowworm Attack’ Recovers Audio from Device Power LEDs


This three minute video describes how Glowworm works and gives examples of optically recovered audio.

Researchers at Ben-Gurion University in the Negev have demonstrated a new way to spy on electronic conversations. A new paper published outlines today a new passive form of the STORM attack called Glowworm, which converts minute fluctuations in the intensity of the power LEDs on speakers and USB hubs into the audio signals that caused those fluctuations.

the Cyber ​​@ BGU The team, consisting of Ben Nassi, Yaron Pirutin, Tomer Gator, Boris Zadov and Professor Yuval Elovici, analyzed a wide range of widely used consumer devices, including smart speakers, simple PC speakers. and USB hubs. The team found that the power LEDs on devices were usually noticeably influenced by the audio signals transmitted from the connected speakers.

Although fluctuations in the strength of the LED signal are usually not noticeable with the naked eye, they are strong enough to be read with a photodiode coupled to a simple optical telescope. The slight flicker of the power LED output due to voltage changes when the speakers draw electric current are converted into an electric signal by the photodiode; the electrical signal can then pass through a simple analog / digital converter (ADC) and read directly.

A new passive approach

With sufficient knowledge of electronics, the idea that a device’s supposedly solid-lit LEDs “divulge” information about what it does is simple. But to our knowledge, the Cyber ​​@ BGU team is the first to both publish the idea and prove that it works empirically.

The strongest characteristics of the Glowworm attack are its novelty and passivity. Since the approach requires absolutely no active signaling, it would be immune to any sort of electronic countermeasure sweep. And for now, it seems unlikely that a potential target would expect or deliberately defend themselves against Glowworm, although that may change once the team’s document is presented later this year to the CCS 21 security conference.

The utter passivity of the attack sets it apart from similar approaches – a laser microphone can pick up audio from vibrations on a window. But defenders can potentially spot the attack using smoke or steam, especially if they know the likely frequency ranges an attacker could use.

Glowworm does not require any signal leaks or unexpected intrusions, even during active use, unlike “The thing“The Thing was a Soviet gift to the United States Ambassador in Moscow, which required both ‘illumination’ and broadcast a clear signal when illuminated. It was a carved wooden copy of the Great Seal of the USA, and it contained an object which, if you light it up with a radio signal at a certain frequency (“light it up”), would then broadcast a clear audio signal through the radio.The actual device was completely passive; it worked much like modern RFID chips (the things that squeak when you leave the electronics store with purchases the seller forgot to mark as purchased).

Accidental defense

Despite Glowworm’s ability to spy on targets without revealing himself, it’s not something most people will need to worry about much. Unlike the listening devices we mentioned in the section above, Glowworm does not interact with actual audio at all, but only with a side effect of electronic devices that produce audio.

This means that, for example, a Glowworm attack successfully used to spy on a conference call would not capture audio from those who are actually in the room, but only from remote participants whose voices are being played over the room’s audio system. conference room.

Another issue that means most targets will be defended against Glowworm entirely by accident is the need for a clear line of sight. Getting line-of-sight to a glass for a laser microphone is one thing, but getting line-of-sight to the power LEDs of a computer speaker is another.

Humans generally prefer to face the windows themselves for the view and have the LEDs on devices face them. This leaves the LEDs dimmed from a potential Glowworm attack. Lip-reading defenses, such as curtains or drapes, are also effective protections against glowworm, although targets may not really know glowworm can be a problem.

Finally, there is currently no real risk of a Glowworm “replay” attack using video that includes vulnerable LED shots. A close-up video, 4k at 60 fps could barely capture the to fall in a dubstep banger, but it won’t usefully recover human speech, which is between 85Hz-255Hz for vowels and 2kHz-4kHz for consonants.

Turn off the lights

While Glowworm is virtually limited by its need for line-of-sight to LEDs, it works at a significant distance. The researchers recovered intelligible sound from 35 meters away – and in the case of adjacent office buildings with mostly glass facades, it would be quite difficult to detect.

For potential targets, the simplest solution is indeed very simple: just make sure that none of your devices have LEDs facing the window. Particularly paranoid defenders can also mitigate the attack by placing an opaque strip over any LED indicators that could be influenced by audio playback.

On the manufacturer side, beating the Glowworm leaks would also be relatively straightforward – rather than directly coupling a device’s LEDs to the power line, the LED could be coupled via a op amp or the GPIO port of an integrated microcontroller. Alternatively (and perhaps at a lower cost), relatively low-power devices could smooth out fluctuations in the power supply by connecting a capacitor in parallel to the LED, acting as a low pass filter.

For those interested in more details on the glowworm and its effective mitigation, we recommend that you visit the researchers site website, which includes a link to the full 16-page white paper.

List image by boonchai wedmakawand / Getty Images


Source link

Previous BJP National Secretary General Tarun Chugh
Next Samsung Galaxy Book Pro with AMOLED + Wi-Fi 6E Display Approaches Amazon's Lowest From $ 950

No Comment

Leave a reply

Your email address will not be published. Required fields are marked *