New “Glowworm attack” recovers audio from devices’ power LEDs:
Researchers at Ben-Gurion University of the Negev have demonstrated a novel way to spy on electronic conversations. A new paper released today outlines a novel passive form of the TEMPEST attack called Glowworm, which converts minute fluctuations in the intensity of power LEDs on speakers and USB hubs back into the audio signals that caused those fluctuations.
Although the fluctuations in LED signal strength generally aren't perceptible to the naked eye, they're strong enough to be read with a photodiode coupled to a simple optical telescope. The slight flickering of power LED output due to changes in voltage as the speakers consume electrical current are converted into an electrical signal by the photodiode; the electrical signal can then be run through a simple Analog/Digital Converter (ADC) and played back directly.
Researcher's web page which has links to: download the paper, download pictures, and to play test samples and resulting captures.
(Score: 3, Funny) by SomeGuy on Tuesday August 10 2021, @11:38PM (1 child)
So that's the real reason "modern" electronics have blazing bright blue LEDs on them. And "modern" PC cases are covered with an entire rainbow of them for more bandwidth. Not just because consumertards love them.
(Score: 0) by Anonymous Coward on Tuesday August 10 2021, @11:53PM
All about the glowies, Terry A Davis knew!
(Score: 0) by Anonymous Coward on Wednesday August 11 2021, @12:17AM (1 child)
Can't they just use their Intel IME to access the data?
(Score: 0) by Anonymous Coward on Wednesday August 11 2021, @01:02AM
It's always good to have a backup.
(Score: 2, Interesting) by Anonymous Coward on Wednesday August 11 2021, @12:18AM (4 children)
This same technique works with old analog modems that have TX/RX LEDs on them. ISTR that some network switches are also vulnerable, if a bit more fussy., and that there was research done on older hard drives that had built in activity lights. In all of those cases the offending LED was wired directly to the data line while this is an actual side band attack but the interception technique is the same.
(Score: 2, Interesting) by GreatScott2001 on Wednesday August 11 2021, @01:21AM (3 children)
So the absence of blinky lights on USB devices doesn't make you safe?
Taking stock here:
From the front, you can see the master power LED, and a master disk activity LED. There are more than 1 disks hooked to that activity indicator.
From the back, you can see the glow from LEDs on each of two ethernet plugs - you can't see the lights directly unless you're lying on the floor within about 10 or 12 feet. Is such a machine vulnerable?
(Score: 1, Informative) by Anonymous Coward on Wednesday August 11 2021, @02:42PM
On modern computers the power LED is powered by the master power management controller on the motherboard. It shouldn't be connected to anything sensitive but it could reveal sudden changes in system power draw. Power supply acoustic noise already reveals this to a finer degree but isn't very useful.
The master disk activity LED isn't wired directly to the hard drive's write circuit like was common for individual drive activity lights back in the 80's, so it is safe.
The Ethernet activity lights are possible exfiltration points depending on how they are wired. If they maintain a steady blink rate while the line is at full load then they aren't directly wired to the line and should be okay. This is easy to test: Just transfer a large file over the network. If the light maintains a steady blink rate then it is fine.
Another common exfiltration point is analog video ports. They transmit an easily detected and decoded RF signal, and not all machines turn them off when they aren't in use. VGA, DVI-A and DVI-I ports are vulnerable. DVI-D uses a scrambler that theoretically makes it harder to decode. I'm not sure how secure HDMI's encryption actually is but like DVI-D it is a low power parallel signal over a shielded cable, so that helps a lot.
(Score: 0) by Anonymous Coward on Saturday August 14 2021, @01:50PM (1 child)
(Score: 0) by Anonymous Coward on Sunday August 15 2021, @12:30AM
Yes, you are a sneaky one. You use two passwords. 123456789 and password. If you ever use a different one, we'll turn the cameras on again.
(Score: 0) by Anonymous Coward on Wednesday August 11 2021, @12:38AM
Israel gave Negev back to Egypt for peace treaty.
Anyone wanna enlighten us how the school's name came about?
(Score: 1, Funny) by Anonymous Coward on Wednesday August 11 2021, @01:42AM (1 child)
I mean if they really want to snoop on my Grateful Dead audio, they are welcome...but there are higher fidelity ways to get the same content.
(Score: 2) by maxwell demon on Wednesday August 11 2021, @11:38AM
Can that technology also decode the watermarks embedded in the music? If so, the MPAA might be interested.
The Tao of math: The numbers you can count are not the real numbers.
(Score: 2) by Freeman on Wednesday August 11 2021, @01:29PM (1 child)
https://arstechnica.com/gadgets/2021/08/new-glowworm-attack-recovers-audio-from-devices-power-leds/ [arstechnica.com]
So, it only eavesdrops on you, if you're talking into a microphone that is giving audio feedback through the speakers. Otherwise, it will just be picking up whatever audio is coming through your speakers. I guess it could be useful to someone at some point, but I'd be kind of skeptical as to the quality of the reception.
Joshua 1:9 "Be strong and of a good courage; be not afraid, neither be thou dismayed: for the Lord thy God is with thee"
(Score: 0) by Anonymous Coward on Wednesday August 11 2021, @02:49PM
It also eavesdrops on anything said to you, which can be bad enough on its own depending on the content or even just who is speaking, and being passive it is completely undetectable to the target. Powered headphones may be vulnerable as well.
(Score: 0) by Anonymous Coward on Wednesday August 11 2021, @04:40PM
As usual.
(Score: 0) by Anonymous Coward on Saturday August 14 2021, @01:10AM
LOL @ "new." I PoC'ed this in 2009 or 2010 based on a demo at blackhat. Old emitters included capslock LED, case LEDs, mobo LEDs.
Also this is way less interesting than the "make the mobo vibrate/not from thermal effects for 0/1, and use a tuned directional mic to receive" from a few years back.
I could keep complaining but "kids with no experience think they're invented the wheel" can only make me blab so much.