A study has revealed that hackers could use an ordinary or “dumb” light bulb to listen in on your conversations from afar. The study conducted by researchers at Ben-Gurion University of the Negev and the Weizmann Institute of Science in Israel shows that a conversation can be eavesdropped from 25 metres away if there is a hanging light bulb in close proximity of where the conversation is taking place. This side-channel attack has been named ‘Lamphone’ and requires a remote electro-optical sensor that analyses a light bulb’s frequency response to sound.
Up till now, studies had shown that side-channel attacks required a compromised device placed in physical proximity of a target or smart home devices such as Google Home or Amazon Alexa. Now, this new study states that a simple “dumb” hanging light bulb could be used to eavesdrop on conversations from as far as 25 metres.
“Lamphone recovers sound optically via an electro-optical sensor which is directed at a hanging bulb,” the study reads. This means, for this type of attack to work, an electro-optical sensor is required. The researchers also pointed out that a telescope and a voice-to-text application like Google Speech are required as well.
Additionally, the range of this attack depends on the microscope and can be increased by using a bigger and more powerful microscope.
Lamphone side-channel attack
When a conversation takes place in close proximity to a light bulb, the sounds gently vibrate the surface of the light bulb. Using the electro-optical sensor and microscope directly pointed at the bulb, these vibrations can be collected by the electro-optical sensor. The researchers developed an algorithm to isolate an audio signal from an optical signal or vibrations obtained from the sensor. This audio signal can then be transcribed using a voice-to-text API like Google Cloud Speech. Recovering sound from an optical signal has been termed as Lamphone.
The researchers pointed out that that method can be used to identify singing as well and they were able to accurately identify the song using Shazam and SoundHound from 25 metres away.
Are all light bulbs vulnerable?
There are several things that will cause this hack to fail. The bulb needs to be hanging and should be clearly visible from where the telescope is aimed at it. If there is a lampshade or curtain in the way, this eavesdropping method will fail. Additionally, the conversation taking place in the room where the light bulb is, or the music playing there needs to be sufficiently loud for the hack to work.
While this does raise some privacy concerns, the Lamphone attack is quite difficult to pull off. As there are multiple caveats to this process increasing the chances of failure, this attack may not be as much of a threat, compared to other hacks like phishing, malware, or DDoS attacks.
Is OnePlus 8 Pro the perfect premium phone for India? We discussed this on Orbital, our weekly technology podcast, which you can subscribe to via Apple Podcasts or RSS, download the episode, or just hit the play button below.