Glowworm: An Attack Technique that Recovers Sound via LED

Source: This article was first published on

Security researchers have developed a new attack technique that uses optical emission from a LED of a device. This attack can recover sounds from any external connected device and spy on electronic conversations. This attack can be performed from a distance of 15–35 meters, varying the pick-up quality.

The Glowworm attack

team of academics from the Ben-Gurion University of the Negev divulged the details regarding this attack, also described as an optical TEMPEST attack.

  • Around 50% of devices analyzed by the researchers are exposed to this new attack, including devices from Google, JBL, Sony, CREATIVE, TP-Link, Miracase, Raspberry Pi, and Logitech.
  • Glowworm is a similar attack as Lamphone that allowed the recovery of sound from a victim’s room having a light bulb. It was presented by the same researchers a year ago.
  • Both attacks obtain sound from light via a sensor although having a difference. Glowworm exploits the design of the electrical circuit while Lamphone exploits the bulb’s minuscule vibrations.

The eavesdropping technique

Glowworm attack is based on the optical relationship between the sound that is produced by a connected speaker and the strength of its power indicator LED directly connected to the power line as they are directly proportional.

  • As per reports, an attacker can recover sound by analyzing the optical measurements obtained using an electro-optical sensor directed at the power indicator LED of targeted devices.
  • The quality of the sound acquired will depend on the quality of the equipment used in the attack.
  • In an indirect attack, if the power indicator LED is not clearly visible from outside the room, the attacker can still obtain sound from the power indicator LED of the device providing power to the speaker.
Also Read:  Telegram bots are trying to steal your one-time passwords

In a real-world situation, this attack could be used to target speech generated by participants in a virtual meeting platform such as Google Meet, Microsoft Teams, and Zoom using speakers with LED.

Recommended solutions

As complicated as the Glowworm attack sounds, researchers have suggested an easy and unconventional solution for users by applying black tape on LED indicators of devices. Further, device manufacturers can add a capacitor or operational amplifier to remove fluctuations of power consumption that happen when speakers play sounds.