According to the latest studies it is possible to spy on someone using the power indicator LED of a device. While by now you may have a pretty good idea of how cybercriminals could get their hands on your personal information, be it through a malicious file or a link you shouldn’t have clicked.
Now researchers at Ben-Gurion University of the Negev have demonstrated a new way to spy on conversations. Specifically, they talk about a new passive form of the TEMPEST attack called Glowworm. This attack makes it possible to spy on conversations and even retrieve sounds by optical measurements previously obtained from electro-optical sensors directed at the LED light of the devices themselves.
To demonstrate this form of spying, the team of researchers analyzed smart speakers, simple PC speakers and USB hubs. They discovered that the LED indicators of the devices could be perceptibly influenced by audio signals transmitted through the connected speakers.
They say that although these fluctuations in LED signal strength are not perceptible, they are strong enough to be read by a photodiode coupled to an optical telescope. The flickering of the LED output, something that occurs due to voltage changes while they are consuming electricity, is converted at the same time in an electrical signal through the photodiode. This way, the electrical signal can be run through a simple analog/digital converter (ADC) and reproduced directly.
They say that the only way to avoid this attack is to use black insulating tape on the LED lights of the devices. In any case, the recommendation of this team is that the manufacturers of these devices that emit LED lights should include capacitors or amplifiers capable of eliminating fluctuations in energy consumption.