Lamphone attack lets threat actors recover conversations from your light bulb

Academics record light variations in a light bulb to recover the sound waves (speech, conversations, songs) from a room 25 meters (80 feet) away.

lamphone-1.png

In a research paper published this week, academics detailed a novel method of recovering conversations and audio recordings by observing vibrations in a light bulb.

The technique, which they named Lamphone, revolves around the principle that objects vibrate when soundwave hits their surface.

When this happens in a light bulb, academics say the vibrations also create small flickers in light emissions. They say that by using powerful sensors, they can record the light variations and reverse-engineer the sound waves that hit the light bulb's surface.

But like any novel surveillance technique, Lamphone has its advantages and limitations.

The most obvious is that attackers need a direct line of sight to the light bulb in a room or public space. Light bulbs protected by decorative covers or other constructs are safe from this attack, and so are conversations that take place in rooms without windows.

However, once a line of sight to a light bulb is available, academics say an attacker can use tools like a telescope and an electro-optical sensor to record light variations in the light bulb from large distances and don't necessarily have to be close to their targets.

In experiments they carried out for their paper, they said they successfully recovered sound and conversations from 25 meters (82 feet) away.

"This range can be amplified with proper equipment (bigger telescope, 24/32 bit ADC, etc.)," the research team said.

lamphone-2.png

In their experiment, the research team said it was successful in recovering both human speech and room effects -- such as music played in the background (see demo below for an example).

A disadvantage is that conversations need to be loud enough to generate vibrations, or speakers need to be close enough to the light bulb.

However, having the ability to eavesdrop on corner offices from tens of meters away with nothing but a telescope and a video recorder is a huge feat, and a dangerous scenario for many companies.

But Lamphone is not the first attack of its kind. Other techniques have been explored in the past, such as Gyrophone (using mobile device sensors to recover speech from gyroscope signals) and Visual Microphone (using video recordings to recover passive sound).

Nonetheless, the research team says Lamphone has an advantage over these attacks because it's passive and doesn't require infecting a victim's device with malware (unlike Gyrophone) and works in real-time and doesn't need access to vasts computational resources to process its recorded data (unlike Visual Microphone).

The research team says that all an attacker needs to process Lamphone data is something as simple as a laptop, which, in turn, allows threat actors to use Lamphone to follow conversations in real-time.

A disadvantage is that the attack doesn't work against all types of light bulbs and that results may vary, depending on the light bulb's make, model, and technical characteristics, such as its outer glass thickness or light emission capability.

Additional details are available in the research team's academic paper, entitled "Lamphone: Real-Time Passive Sound Recovery from Light Bulb Vibrations" [PDF]. The research team's work will be presented in August at the Black Hat security conference.

Academics from the Ben-Gurion University of the Negev and the Weizmann Institute of Science have contributed to this work.