Eavesdropping By LED

If you ever get the feeling someone is watching you, maybe they are listening, too. At least they might be listening to what’s coming over your computer speakers thanks to a new attack called “glow worm.” In this novel attack, careful observations of a power LED on a speaker allowed an attacker to reproduce the sound playing thanks to virtually imperceptible fluctuations in the LED brightness, most likely due to the speaker’s power line sagging and recovering.

You might think that if you could see the LED, you could just hear the output of the speaker, but a telescope through a window 100 feet away appears to be sufficient. You can imagine that from a distance across a noisy office you might be able to pull the same trick. We don’t know — but we suspect — even if headphones were plugged into the speakers, the LED would still modulate the audio. Any device supplying power to the speakers is a potential source of a leak.

On the one hand, this is insidious because, unlike more active forms of bugging, this would be pretty much undetectable. On the other hand, there are a variety of low-tech and high-tech mitigations to the attack, too. Low tech? Close your blinds or cover the LED with some tape. High tech? Feed a random frequency into the LED to destroy any leaking information. Super spy tech? Put fake speakers in front of your real speakers that silently playback misinformation on their LEDs.

The video plays samples of recovered speech and, honestly, it was clear enough but not great. We wondered if a little additional signal processing might help.

Passive bugs are hard to find. Even a fancy junction detector won’t tell you if your speakers are compromised by glow worm.

 

 

23 thoughts on “Eavesdropping By LED

  1. “Three people can keep a secret so long as two of them are dead.” Originally attributed to Benjamin Franklin. If you’re concerned about people listening to your LEDs, there really are better things you could be doing with your time.

    1. I once worked on the 20-sometheenth floor of a building in a major city for a well known financial institution. My cubicle had a window with an exciting view of other tall buildings. Because of that, I was required to have my monitors not visible from the window specifically to reduce the risk of corporate espionage. Granted, this could have made reading my lips easier, but what was on my screen would have been much more valuable to the competition than anything I happened to say while in a position where someone across the way could read my lips.

  2. Erm… their demo works with the crappy external PC speakers which were popular in the 90s / early 00s but I’ve probably not seen in 20 years. No surprise that their unregulated power supplies can’t handle their own requirements and so sag. But even a half-decent set of external speakers should prevent this. Very much doubt this works with built-in speakers on a modern laptop, where the PSU is significantly more powerful and regulated.

    1. Most of them contained what was essentially a single cheap transformer as a power supply together with a couple of capacitors in parallel with the speakers to direct the frequencies enough to take away most of the distortion and that was pretty much it bar a variable resistor for the volume and a mechanical push button for power. Not an smd component in sight.

  3. My imaginary portable handheld BS meter is reading way into the red on this one.They refer to a USB hub which I’m presuming has an external power supply? It would be a very shabby power supply that wouldn’t fully filter midrange audio. I think I’d like a second opinion of the actual mechanism of the modulated light. Maybe to use one of the speakers with the speaker replaced by a resistor and test it that way.

  4. Since this is a spying thread… Havana Syndrome, eh? Antipersonel attack, or computer security related? What frequency do you suppose they are using? Phased array or what?

    I’m not saying it was the Russians, but it was the Russians…

  5. I tend to wear headphones most of the time when working.
    The LED on my Jetstream speakers is behind the grille.
    If someone wants to hear the sounds of Star Trek Online, have at it.

    1. Technically:

      Cool! Side channel attacks are always interesting; this one is no exception. There are a lot of attacks that a telescope can facilitate (including shiny plastic wrappers modulating audio as they reflect a laser); this one is extra cool because it’s completely passive.

      Personally:

      More than once I’ve had to enter my credit card number on the DTMF keypad of a phone. That’s probably as sensitive as I get with electronic speaker sounds in my house.

      On the eavesdropper side of things, those dual-tone beeps are specifically designed to be picked up amidst a heavy noise floor. If you’re trying to distance hack sensitive data, that’s about the best target you could hope for.

      But as far as a personal risk calculation goes, the number of times I’ve had to do enter a card number is vanishingly small; I’ve severed the POTS line so everything’s now on a mobile phone; and I’m pretty sure my neighbors don’t have telescopes on my speakers 24x7x365 on the minuscule chance that I might Touch Tone a credit card sometime this year. So this is not an attack I’m likely to do anything to mitigate. I’ll mark this as “Risk Accepted” and move on to the next thing.

  6. I found the article illuminating (no pun intended) as a heretofore unrecognized side-channel attack. The only context in which I see/hear “sensitive“ information audibly is during the equivalent of Zoom-like sessions or other video encounters which are prominent these days thanks to the pandemic. As this method does not involve laser bounce, the method seems something to be considered.

  7. Just like the Engine Repair light, black electrical tape will do the trick.
    P.S. My mechanic showed me the code, the dealership wants ***triple*** the oney to redo the check and tell me what is wrong. Car for Sale. Wanted: 1070’s GMC or Ford truck or International Scout.

  8. I think that the key takeaway from this is that it is an ingenious side channel attack, on hardware which had been cost optimised as far as it could go.
    Even though this hardware is now pretty much obsolete, it was once ubiquitous in the days of cheap CRT monitors without built-in speakers.
    The electromagnetic spectrum is always capable of leaking useful data. It is just a matter of finding the frequency, and the design flaw which lets it leak.

Leave a Reply

Please be kind and respectful to help make the comments section excellent. (Comment Policy)

This site uses Akismet to reduce spam. Learn how your comment data is processed.