Savvy threat actors can recover conversations using lightbulbs
Lightbulb eavesdropping doesn’t even require a smart bulb
Researchers at the Ben-Gurion University of the Negev and the Weizmann Institute of Science have successfully demonstrated it’s possible to track and recover conversations by closely observing lightbulbs. This new eavesdropping technique, which a research group dubbed Lamphone, records slight frequency variations in a lightbulb to recover speech, conversations and songs played within a particular room.
During the experiments, researchers found by using a remote electro-optical sensor to analyze a lightbulb's frequency response to sound, they could recover speech and music. The recovered speech was then accurately transcribed by Google's Speech to Text API while Shazam was able to recognize the singing clips.
The team recovered sounds from 82 feet away using equipment such as a bigger telescope or 24/32 bit analog-to-digital convertor. Researchers say this range can be extended even further.
While analyzing the side effects of sound waves on nearby objects is concerning, researchers claim “they are limited in one of the following ways: they (1) cannot be applied in real time (e.g., Visual Microphone), (2) are not external, requiring the attacker to compromise a device with malware (e.g., Gyrophone), or (3) are not passive, requiring the attacker to direct a laser beam at an object (e.g., laser microphone).”
This isn’t the first time lightbulbs have encroached on users’ privacy. In February, a vulnerability in Philips smart lightbulbs allowed threat actors to access targeted Wi-Fi networks. Tracked as CVE-2020-6007, the vulnerability enabled malicious actors to infiltrate a home or office's computer network over the air to spread ransomware or spyware. A similar vulnerability impacted LIFX smart bulbs in the same month.
There are ways to protect your smart lightbulbs from malicious threat actors, according to Cyware. Cyware recommends using decorative lampshades and curtains to protect lightbulbs. The site also suggests using low-transmittance window glass to prevent intruders from seeing inside of rooms of a home or office.
For smart bulb users, it’s important to keep lightbulbs up to date too. To keep such lightbulbs secure, users should ensure that the bulbs have been patched with the latest security updates released by the lightbulb’s manufacturer.