A new side-channel attack method has been discovered that allows attackers to spy on and listen to private conversations in the victim’s room by observing a light bulb hanging overhead from a distance.
Lamphone Attack Overview
A team of researchers has discovered a new side-channel attack method that allows attackers to spy on and listen to private conversations in the victim’s room by observing a light bulb hanging overhead from a distance.
Researchers Ben Nasi, Yaron Pirutin, Adi Shamir, Yuval Elovichi and Boris Zadov of Israel’s Ben-Gurion University of the Negev and the Weizmann Institute of Science have called this new side-channel attack a “lantern attack.”
As stated in a published academic article by the researcher, any sound from the target room can be restored without the need to hack into anything or any device in the room except for the line of sight of the hanging light bulb.
The attack works by capturing microscopic sound waves with an electro-optical sensor focused on a dangling light bulb and reverse-engineering the captured data back to the original sound.
The attack can be implemented in practice, using a laptop along with available technical equipment – a telescope, an optoelectronic telescope, costing less than a thousand dollars.
How does Lamphone Attack Works ?
The attack is mainly based on recognizing vibrations from hanging light bulbs as an effect of air pressure fluctuations caused by sounds in the room.
Preparing for the attack requires a telescope to see a close-up of a dangling light bulb in the target room, and an electro-optical sensor mounted on the telescope to convert light into electrical current.
The received analog vibration signal from the lamp is then converted to a digital signal using an analog-to-digital converter. In the last step of tuning, the converted digital signal is sent to the laptop for analysis of the collected audio data.
The researcher published a scientific article explaining the technical details of the attack, as well as a summary of the attack posted on Ben Nasi’s home page.
For the demonstration, the attackers filmed a reproduced statement by US President Donald Trump from a distance of 25 meters: “We will make America great again.”
They also recorded the sound of “Let It Be” by the Beatles and “Clocks” Coldplay and showed that the regenerated sound is clear and smooth enough to be recognized by any Shazam user and app.
Evaluation of Lamphone Attack
What makes this attack more dangerous than the previously known side-channel attacks is that it does not use malware to leak information from a target or victim.
The ability to spy on victims from great distances is another advantage that makes this attack viable.
While this attack can be carried out in practice with inexpensive hardware, there are some limitations.
First, a clear line of sight to the lamp is required for a successful attack. In other words, window curtains or decorative light bulbs can interfere with or limit the success of the Lamphone Attack.
Second, the sound in the room must be loud enough for the light to vibrate. However, with more advanced equipment, it would be possible to record sounds even at lower volumes.
Third, the glass of the bulb should not be too thick to prevent or reduce vibration due to sound waves in the room.
Finally, since the attack depends on the light emitted from the bulb, it must be bright enough to be caught. Again, with more advanced hardware, this may not be a limitation.