Lamphone Attack: Spying Using Light Bulbs

Beware, light bulbs in your room may be watching you! Lamphone Attack is the new way to eavesdrop on conversations and breach privacy of people

We have the perception of “hacking” as a practice of compromising “smart” devices. What else hackers could use to breach your privacy and spy on you? It’s valid to worry about vulnerabilities in your smart devices. But what if a hacker uses a “dumb” household essential found in every room- a light bulb? Found in every room, without anybody bothering about its critical susceptibility to a hacker attack. However, researchers at the Ben-Gurion University of the Negev and the Weizmann Institute of Science in Israel, found a new side-channel attacking technique to breach your privacy using an electric bulb- Lamphone Attack.
Though this attack is not unique of it’s kind, its approach and methodology are different. Eavesdropping is usually done using malware and compromising mobile phones. But, last year, it was revealed that Alexa, Google Home and Siri could be exploited using lasers pointed at the device microphones. But this new attack dubbed as Lamphone Attack goes beyond and doesn’t even require any of your “smart” devices, but rather a “dumb” light bulb to spy on you.
Lamphone Attack exploits the vibrations of light waves to spy on potential targets. The sounds in a room trigger fluctuations in the light waves transmitted by a bulb. By using an electro-optical sensor, an attacker can record vibrations and filter audio signals from them. These attackers then reverse-engineer them to obtain the real audio. This attack eavesdrops on conversations going in the room and steals information, without meddling with any of the smart devices.

Performing Lamphone Attack

Lamphone Attack can be executed passively, externally and in real-time. The attack needs a telescope to focus on the target bulb, an electro-optical sensor, and a sound recovery system to convert input signals into audio signals.
The attacker simply focuses on the target light bulb in the victim’s room. When sound hits the bulb it causes vibrations(millidegree vibrations) in the light emitted by the bulb. These vibrations are recorded by the attacker with the use of an electro-optical sensor. This electro-optical sensor is mounted on the eye-piece of the telescope pointing towards the target light bulb. An electro-optical sensor is a detector which converts light or change in light into electrical signals.
These electrical signals are fed into an analogue-to-digital converter to obtain the digital signals of the vibrations. These digital signals are processed through software to reverse-engineer and filter noise and real audio. Google Cloud Speech API is used to recover human speech from the digital signals and Shazam or SoundHound is used to identify music.

Attack Demonstration

The researchers at the Ben-Gurion University of the Negev and the Weizmann Institute of Science in Israel performed the Lamphone Attack. They performed the hack from 80 feet away from the target light bulb (12-watt LED bulb) using a telescope with lens diameters 10, 20 and 30 centimetres. They used a Thorlabs PDA100A2 electro-optical sensor placed on the eye-piece of the telescope.

Arrangement of the lamphone attack by researchers
Arrangement of the Lamphone attack by researchers

Through this experiment, researchers could glean various sounds in the room. The recovered sound included two well-known songs- “Let it Be” by the Beatles and “Clocks” by Coldplay. The sound recovery system could also decipher Donald Trump’s “We will make America great again” speech.

Sound Recovery Algorithm I
Sound Recovery Algorithm
Implementation of Algorithm in MATLAB
Implementation of Algorithm in MATLAB

Researchers stated that the Lamphone Attack poses a tremendous threat to exploitation in real-time. This is because Lamphone Attack does not require any malware or extensive computing to breach privacy. On top of it, the attacker need not be present in the same room, thanks to the telescope. And the range can be amplified by using a bigger telescope and a different analogue-to-digital converter.

The researchers have shared the details of the Lamphone Attack and conclusions of their performed experiment in a research paper.

Mitigations

  • The attacker needs to be in direct line of sight of the target light bulb to perform Lamphone Attack perfectly. So, using decorative items to cover light bulbs can easily prevent the hacker to record vibrations.
  • Since the attack depends upon vibrations of the light source, only loud sounds can produce enough vibrations. So, when talking on a sensitive and confidential matter, it’s always better to keep a low voice. After all, walls have ears too!
  • Dimming the amount of light can also counter the attack. According to the research, a successful Lamphone Attack also depends on the intensity of the light reaching the electro-optical sensor.
  • Bulbs with thick glasses and light emission capability are also immune to the Lamphone Attack. As they produce weaker vibrations.
Unlike, the typical hacking methods which use malware for eavesdropping, the Lamphone Attack is beyond all those methods. However, due to several limitations, the attack can be countered. You just need to be aware and updated regarding the new ways introduced to breach your privacy.

- Advertisement -

Ayush Dubey
Ayush Dubeyhttps://ayush7ad6.wordpress.com/
Ayush Dubey is an engineering student from IIIT Jabalpur. He has a comprehensive background in technology. Cybersecurity being his primary field of interest. He loves to meet people who are always in a hustle to learn new things.

- Advertisement -

Latest articles

Related articles