Savvy threat actors can recover conversations using lightbulbs

Lightbulb eavesdropping doesn’t even require a smart bulb

Researchers at the Ben-Gurion University of the Negev and the Weizmann Institute of Science have successfully demonstrated it’s possible to track and recover conversations by closely observing lightbulbs. This new eavesdropping technique, which a research group dubbed Lamphone, records slight frequency variations in a lightbulb to recover speech, conversations and songs played within a particular room.

During the experiments, researchers found by using a remote electro-optical sensor to analyze a lightbulb's frequency response to sound, they could recover speech and music. The recovered speech was then accurately transcribed by Google's Speech to Text API while Shazam was able to recognize the singing clips. 

The team recovered sounds from 82 feet away using equipment such as a bigger telescope or 24/32 bit analog-to-digital convertor. Researchers say this range can be extended even further.

While analyzing the side effects of sound waves on nearby objects is concerning, researchers claim “they are limited in one of the following ways: they (1) cannot be applied in real time (e.g., Visual Microphone), (2) are not external, requiring the attacker to compromise a device with malware (e.g., Gyrophone), or (3) are not passive, requiring the attacker to direct a laser beam at an object (e.g., laser microphone).”

This isn’t the first time lightbulbs have encroached on users’ privacy. In February, a vulnerability in Philips smart lightbulbs allowed threat actors to access targeted Wi-Fi networks. Tracked as CVE-2020-6007, the vulnerability enabled malicious actors to infiltrate a home or office's computer network over the air to spread ransomware or spyware. A similar vulnerability impacted LIFX smart bulbs in the same month.

There are ways to protect your smart lightbulbs from malicious threat actors, according to Cyware. Cyware recommends using decorative lampshades and curtains to protect lightbulbs. The site also suggests using low-transmittance window glass to prevent intruders from seeing inside of rooms of a home or office.

For smart bulb users, it’s important to keep lightbulbs up to date too. To keep such lightbulbs secure, users should ensure that the bulbs have been patched with the latest security updates released by the lightbulb’s manufacturer.

Featured Resources

The complete guide to changing your phone system provider

Optimise your phone system for better business results

Download now

Simplify cluster security at scale

Centralised secrets management across hybrid, multi-cloud environments

Download now

The endpoint as a key element of your security infrastructure

Threats to endpoints in a world of remote working

Download now

2021 state of IT asset management report

The role of IT asset management for maximising technology investments

Download now

Recommended

What is hacktivism?
hacking

What is hacktivism?

13 Oct 2020
Microsoft: Iranian hackers are exploiting ZeroLogon flaw
Security

Microsoft: Iranian hackers are exploiting ZeroLogon flaw

6 Oct 2020
The Ritz suffers data breach after hackers pose as staff
data breaches

The Ritz suffers data breach after hackers pose as staff

17 Aug 2020
Russia hacked Liam Fox's personal email to steal trade documents
phishing

Russia hacked Liam Fox's personal email to steal trade documents

4 Aug 2020

Most Popular

Microsoft CEO warns of video call fatigue
video conferencing

Microsoft CEO warns of video call fatigue

7 Oct 2020
Raspberry Pi Compute Module 4 launches with PCIe support
Hardware

Raspberry Pi Compute Module 4 launches with PCIe support

19 Oct 2020
Google blocked record-breaking 2.5Tbps DDoS attack in 2017
Security

Google blocked record-breaking 2.5Tbps DDoS attack in 2017

19 Oct 2020