A group of security researchers has devised a new technique for eavesdropping on conversations that relies on the analysis of a light bulb’s frequency response to sound.
Called Lamphone, the novel side-channel attack demonstrates that fluctuations in the air pressure on the surface of the hanging bulb can be exploited to recover speech and singing in real time, using a remote electro-optical sensor placed externally.
Researchers from the Ben-Gurion University of the Negev and Weizmann Institute of Science came up with an algorithm to recover sound from the optical measurements of the vibrations of a light bulb.
In a real-world test scenario, Lamphone successfully recovered both human speech (which can be identified by the Google Cloud Speech API) and singing (accurately identified by Shazam and SoundHound) from a bridge 25 meters (82 feet) away from the target room where the light bulb was hanging.
The researchers tested Lamphone by targeting an office room located on the third floor of an office building. A hanging E27 LED bulb (12 watt) was in the room and curtain walls would cover the entire building, thus reducing the amount of light emitted from the offices.
On a pedestrian bridge 25 meters away, the researchers mounted an electro-optical sensor (the Thorlabs PDA100A2, an amplified switchable gain light sensor that converts light to electrical voltage) on telescopes with different lens diameters (10, 20, 35 cm) — the sensor was mounted on one telescope at a time.
“The voltage was obtained from the electro-optical sensor via a 16-bit ADC NI-9223 card and was processed in LabVIEW script that we wrote. The sound that was played in the office during the experiments could not be heard at the eavesdropper’s location,” the researchers explain.
Using this setup, the researchers managed to successfully recover two songs and one sentence played via speakers in the office, using optical measurements that were obtained from a single telescope.
Because sound can be recovered using an electro-optical sensor that outputs information at a low resolution (a one pixel sample), Lamphone can be applied in real-time scenarios, the researchers say.
They also claim that the new technique brings numerous advantages compared to previously identified eavesdropping methods that would require device compromise, proximity to the victim, or functionality that can’t be used in real-world scenarios without being immediately detected (such as laser beams).
While they only managed to recover sound from 25 meters away, the researchers argue that better equipment (bigger telescope, 24/32 bit ADC, etc.) would allow an attacker to extend that range.
Related: Power Supply Can Turn Into Speaker for Data Exfiltration Over Air Gap
Related: Hackers Can Exfiltrate Data From Air-Gapped Computers Via Fan Vibrations
Related: Air-Gapped Computers Can Communicate Through Heat: Researchers

More from Ionut Arghire
- Information of 2.5M People Stolen in Ransomware Attack at Massachusetts Health Insurer
- US, South Korea Detail North Korea’s Social Engineering Techniques
- High-Severity Vulnerabilities Patched in Splunk Enterprise
- Enzo Biochem Ransomware Attack Exposes Information of 2.5M Individuals
- Google Temporarily Offering $180,000 for Full Chain Chrome Exploit
- Toyota Discloses New Data Breach Involving Vehicle, Customer Information
- Adobe Inviting Researchers to Private Bug Bounty Program
- Critical Vulnerabilities Found in Faronics Education Software
Latest News
- In Other News: Government Use of Spyware, New Industrial Security Tools, Japan Router Hack
- OpenAI Unveils Million-Dollar Cybersecurity Grant Program
- Galvanick Banks $10 Million for Industrial XDR Technology
- Information of 2.5M People Stolen in Ransomware Attack at Massachusetts Health Insurer
- US, South Korea Detail North Korea’s Social Engineering Techniques
- High-Severity Vulnerabilities Patched in Splunk Enterprise
- Idaho Hospitals Working to Resume Full Operations After Cyberattack
- Enzo Biochem Ransomware Attack Exposes Information of 2.5M Individuals
