What’s the first thing which comes to your mind when you hear hacker or hacking? Privacy, passwords, computer, mobile phone, net-banking, webcam, private conversations, smart devices, and other hundred of things. But these are the things which we have heard and might have a put a safety cork on the same while we are at it. The bad news is that hackers are getting way more innovative than anyone can imagine.
Hackers are now using an ordinary light bulb hanging in your bed room to to eavesdrop on your private conversations and to know your credit card passwords. The hackers are using these ‘dumb’ things from as far as 80 feet (25 meters) away. The worst part is these light bulbs are not even connected to anything.
Lamphone Attack – What is this?
Security researchers based at the Ben-Gurion University of the Negev and the Weizmann Institute of Science in Israe state that a technique called ‘Lamphone Attack’ – a novel side-channel attack for eavesdropping sound; this attack is performed by using a remote electro-optical sensor to analyze a hanging light bulb’s frequency response to sound.
The researchers evaluated Lamphone’s performance in a realistic setup to show that Lamphone can be used by eavesdroppers to recover human speech (which can be accurately identified by the Google Cloud Speech API) and singing (which can be accurately identified by Shazam and SoundHound) from a bridge located 25 meters away from the target room containing the hanging light bulb.
The following primary components:
1) Telescope – This piece of equipment is used to focus the field of view on the hanging bulb from a distance.
2) Electro-optical sensor – This sensor is mounted on the telescope and consists of a photodiode (a semiconductor device) that converts light into an electrical current. The current is generated when photons are absorbed in the photodiode. Photodiodes are used in many consumer electronic devices (e.g., smoke detectors, medical devices).4
3) Sound recovery system – This system receives an optical signal as input and outputs the recovered acoustic signal. The eavesdropper can implement such a system with dedicated hardware (e.g., using capacitors, resistors, etc.). Alternatively, the attacker can use an ADC to sample the electro-optical sensor and process the data using a sound recovery algorithm running on a laptop.
How do they do it?
Fluctuations in air pressure on the surface of the hanging bulb are created by the sound of conversation, or music, and make a hanging bulb vibrate. An analog-to-digital converter makes the conversion from electrical to digital information.
The researchers use an algorithm for the attack method- Lamphone- to “recover sound from the optical measurements obtained from the vibrations of a light bulb.” This is can done remotely and without needing to be in the same room.
How to prevent the attack
1) The hackers need a clean line of sight between their electro-optical sensor-equipped telescope and the hanging light bulb. So, if the curtains or blinds are closed on a window, or the light bulb sits behind a lampshade of some sort, then this eavesdropping method will fail.
2) The light bulb should meet the hacking requirements in terms of either thickness of glass or output of light.
3) The quality of the eavesdropping will depend on how close the people are to the light bulb in question and how loud the conversation is.
4) Lamphone relies on the fluctuations in air pressure on the surface of a hanging bulb which result from sound and cause the bulb to vibrate. One way to reduce a hanging bulb’s vibration is to use a heavier bulb. There is less vibration from a heavier bulb in response to air pressure on the bulb’s surface. This will require eavesdroppers to use better equipment