Lamphone: Real-Time Passive Sound Recovery from Light Bulb Vibrations presented at CODEBLUE2020 2020

by Ben Nassi,

Summary : Recent studies have suggested various side-channel attacks for eavesdropping sound by analyzing the side effects of sound waves on nearby objects (e.g., a bag of chips and window) and devices (e.g., motion sensors). However these methods are limited in one of the following ways: they (1) cannot be applied in real time, (2) are not external, requiring the attacker to compromise a device with malware, or (3) are not passive, requiring the attacker to direct a laser beam at an object.In this talk, I introduce "Lamphone," a novel side-channel attack for eavesdropping sound which performed by using a remote electro-optical sensor to analyze a hanging light bulb's frequency response to sound. I show how fluctuations in the air pressure on the surface of the hanging bulb (in response to sound), which cause the bulb to vibrate very slightly (a millidegree vibration), can be exploited by eavesdroppers to recover speech and singing, passively, externally, and in real time. I evaluate Lamphone's performance in a realistic setup and show that Lamphone can be used by eavesdroppers to recover human speech (which can be accurately identified by the Google Cloud Speech API) and singing (which can be accurately identified by Shazam and SoundHound) from a bridge located 25 meters away from the target room containing the hanging light bulb.Explainable malicious domain diagnosisCyber security has been a game of cat-and-mouse recently.Adversaries create techniques for evading detection, then defensive researchers struggle to analyze the evasion and develop detection techniques.However, the adversaries come to identify the detection, then repeatedly create next evasive techniques.The defensive researchers have been in an overwhelming disadvantage situation.Under such the situation, are the developed detection techniques not available if the adversaries identify?That's not true.Adversaries have intention for their activity.Their purpose is often business, then their funds and selected techniques depend on targets, like a particular organization or clients with low security literacy.All adversaries do not always use state-of-the-art techniques.In short, there are differences of clues between targeted attacks and broad ones.SOC operators are always busy coping with a various kind of attacks, then difficult to deal with all alerts.They have to set priority of alerts, sometimes explain the reason why the alerts occur for management or responsible person.They have overwork because of limited time.