Stories
Slash Boxes
Comments

SoylentNews is people

posted by janrinok on Tuesday August 10, @11:12PM   Printer-friendly [Skip to comment(s)]
from the bright-idea dept.

New “Glowworm attack” recovers audio from devices’ power LEDs:

Researchers at Ben-Gurion University of the Negev have demonstrated a novel way to spy on electronic conversations. A new paper released today outlines a novel passive form of the TEMPEST attack called Glowworm, which converts minute fluctuations in the intensity of power LEDs on speakers and USB hubs back into the audio signals that caused those fluctuations.

Although the fluctuations in LED signal strength generally aren't perceptible to the naked eye, they're strong enough to be read with a photodiode coupled to a simple optical telescope. The slight flickering of power LED output due to changes in voltage as the speakers consume electrical current are converted into an electrical signal by the photodiode; the electrical signal can then be run through a simple Analog/Digital Converter (ADC) and played back directly.

Researcher's web page which has links to: download the paper, download pictures, and to play test samples and resulting captures.


Original Submission

This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
(1)
  • (Score: 3, Funny) by SomeGuy on Tuesday August 10, @11:38PM (1 child)

    by SomeGuy (5632) on Tuesday August 10, @11:38PM (#1165621)

    So that's the real reason "modern" electronics have blazing bright blue LEDs on them. And "modern" PC cases are covered with an entire rainbow of them for more bandwidth. Not just because consumertards love them.

    • (Score: 0) by Anonymous Coward on Tuesday August 10, @11:53PM

      by Anonymous Coward on Tuesday August 10, @11:53PM (#1165623)

      All about the glowies, Terry A Davis knew!

  • (Score: 0) by Anonymous Coward on Wednesday August 11, @12:17AM (1 child)

    by Anonymous Coward on Wednesday August 11, @12:17AM (#1165627)

    Can't they just use their Intel IME to access the data?

    • (Score: 0) by Anonymous Coward on Wednesday August 11, @01:02AM

      by Anonymous Coward on Wednesday August 11, @01:02AM (#1165635)

      It's always good to have a backup.

  • (Score: 2, Interesting) by Anonymous Coward on Wednesday August 11, @12:18AM (4 children)

    by Anonymous Coward on Wednesday August 11, @12:18AM (#1165628)

    This same technique works with old analog modems that have TX/RX LEDs on them. ISTR that some network switches are also vulnerable, if a bit more fussy., and that there was research done on older hard drives that had built in activity lights. In all of those cases the offending LED was wired directly to the data line while this is an actual side band attack but the interception technique is the same.

    • (Score: 2, Interesting) by GreatScott2001 on Wednesday August 11, @01:21AM (3 children)

      by GreatScott2001 (14964) on Wednesday August 11, @01:21AM (#1165637) Journal

      So the absence of blinky lights on USB devices doesn't make you safe?

      Taking stock here:
      From the front, you can see the master power LED, and a master disk activity LED. There are more than 1 disks hooked to that activity indicator.
      From the back, you can see the glow from LEDs on each of two ethernet plugs - you can't see the lights directly unless you're lying on the floor within about 10 or 12 feet. Is such a machine vulnerable?

      • (Score: 1, Informative) by Anonymous Coward on Wednesday August 11, @02:42PM

        by Anonymous Coward on Wednesday August 11, @02:42PM (#1165747)

        On modern computers the power LED is powered by the master power management controller on the motherboard. It shouldn't be connected to anything sensitive but it could reveal sudden changes in system power draw. Power supply acoustic noise already reveals this to a finer degree but isn't very useful.
        The master disk activity LED isn't wired directly to the hard drive's write circuit like was common for individual drive activity lights back in the 80's, so it is safe.
        The Ethernet activity lights are possible exfiltration points depending on how they are wired. If they maintain a steady blink rate while the line is at full load then they aren't directly wired to the line and should be okay. This is easy to test: Just transfer a large file over the network. If the light maintains a steady blink rate then it is fine.
        Another common exfiltration point is analog video ports. They transmit an easily detected and decoded RF signal, and not all machines turn them off when they aren't in use. VGA, DVI-A and DVI-I ports are vulnerable. DVI-D uses a scrambler that theoretically makes it harder to decode. I'm not sure how secure HDMI's encryption actually is but like DVI-D it is a low power parallel signal over a shielded cable, so that helps a lot.

      • (Score: 0) by Anonymous Coward on Saturday August 14, @01:50PM (1 child)

        by Anonymous Coward on Saturday August 14, @01:50PM (#1166889)
        Instead of using the cameras etc they've installed to watch my hardware LEDs the spies should use them to figure out the passwords I typed instead.
        • (Score: 0) by Anonymous Coward on Sunday August 15, @12:30AM

          by Anonymous Coward on Sunday August 15, @12:30AM (#1166996)

          Yes, you are a sneaky one. You use two passwords. 123456789 and password. If you ever use a different one, we'll turn the cameras on again.

  • (Score: 0) by Anonymous Coward on Wednesday August 11, @12:38AM

    by Anonymous Coward on Wednesday August 11, @12:38AM (#1165632)

    Israel gave Negev back to Egypt for peace treaty.

    Anyone wanna enlighten us how the school's name came about?

  • (Score: 1, Funny) by Anonymous Coward on Wednesday August 11, @01:42AM (1 child)

    by Anonymous Coward on Wednesday August 11, @01:42AM (#1165641)

    I mean if they really want to snoop on my Grateful Dead audio, they are welcome...but there are higher fidelity ways to get the same content.

    • (Score: 2) by maxwell demon on Wednesday August 11, @11:38AM

      by maxwell demon (1608) on Wednesday August 11, @11:38AM (#1165729) Journal

      Can that technology also decode the watermarks embedded in the music? If so, the MPAA might be interested.

      --
      The Tao of math: The numbers you can count are not the real numbers.
  • (Score: 2) by Freeman on Wednesday August 11, @01:29PM (1 child)

    by Freeman (732) on Wednesday August 11, @01:29PM (#1165737) Journal

    Despite Glowworm's ability to spy on targets without revealing itself, it's not something most people will need to worry much about. Unlike the listening devices we mentioned in the section above, Glowworm doesn't interact with actual audio at all—only with a side effect of electronic devices that produce audio.

    https://arstechnica.com/gadgets/2021/08/new-glowworm-attack-recovers-audio-from-devices-power-leds/ [arstechnica.com]

    So, it only eavesdrops on you, if you're talking into a microphone that is giving audio feedback through the speakers. Otherwise, it will just be picking up whatever audio is coming through your speakers. I guess it could be useful to someone at some point, but I'd be kind of skeptical as to the quality of the reception.

    --
    Forced Microsoft Account for Windows Login → Switch to Linux.
    • (Score: 0) by Anonymous Coward on Wednesday August 11, @02:49PM

      by Anonymous Coward on Wednesday August 11, @02:49PM (#1165748)

      It also eavesdrops on anything said to you, which can be bad enough on its own depending on the content or even just who is speaking, and being passive it is completely undetectable to the target. Powered headphones may be vulnerable as well.

  • (Score: 0) by Anonymous Coward on Wednesday August 11, @04:40PM

    by Anonymous Coward on Wednesday August 11, @04:40PM (#1165788)

    As usual.

  • (Score: 0) by Anonymous Coward on Saturday August 14, @01:10AM

    by Anonymous Coward on Saturday August 14, @01:10AM (#1166778)

    LOL @ "new." I PoC'ed this in 2009 or 2010 based on a demo at blackhat. Old emitters included capslock LED, case LEDs, mobo LEDs.

    Also this is way less interesting than the "make the mobo vibrate/not from thermal effects for 0/1, and use a tuned directional mic to receive" from a few years back.

    I could keep complaining but "kids with no experience think they're invented the wheel" can only make me blab so much.

(1)