Connect with us

Hi, what are you looking for?


Data Protection

New Eavesdropping Technique Relies on Light Bulb Vibrations

A group of security researchers has devised a new technique for eavesdropping on conversations that relies on the analysis of a light bulb’s frequency response to sound.

A group of security researchers has devised a new technique for eavesdropping on conversations that relies on the analysis of a light bulb’s frequency response to sound.

Called Lamphone, the novel side-channel attack demonstrates that fluctuations in the air pressure on the surface of the hanging bulb can be exploited to recover speech and singing in real time, using a remote electro-optical sensor placed externally.

Researchers from the Ben-Gurion University of the Negev and Weizmann Institute of Science came up with an algorithm to recover sound from the optical measurements of the vibrations of a light bulb.

In a real-world test scenario, Lamphone successfully recovered both human speech (which can be identified by the Google Cloud Speech API) and singing (accurately identified by Shazam and SoundHound) from a bridge 25 meters (82 feet) away from the target room where the light bulb was hanging.

The researchers tested Lamphone by targeting an office room located on the third floor of an office building. A hanging E27 LED bulb (12 watt) was in the room and curtain walls would cover the entire building, thus reducing the amount of light emitted from the offices.

On a pedestrian bridge 25 meters away, the researchers mounted an electro-optical sensor (the Thorlabs PDA100A2, an amplified switchable gain light sensor that converts light to electrical voltage) on telescopes with different lens diameters (10, 20, 35 cm) — the sensor was mounted on one telescope at a time.

“The voltage was obtained from the electro-optical sensor via a 16-bit ADC NI-9223 card and was processed in LabVIEW script that we wrote. The sound that was played in the office during the experiments could not be heard at the eavesdropper’s location,” the researchers explain.

Using this setup, the researchers managed to successfully recover two songs and one sentence played via speakers in the office, using optical measurements that were obtained from a single telescope.

Advertisement. Scroll to continue reading.

Because sound can be recovered using an electro-optical sensor that outputs information at a low resolution (a one pixel sample), Lamphone can be applied in real-time scenarios, the researchers say.

They also claim that the new technique brings numerous advantages compared to previously identified eavesdropping methods that would require device compromise, proximity to the victim, or functionality that can’t be used in real-world scenarios without being immediately detected (such as laser beams).

While they only managed to recover sound from 25 meters away, the researchers argue that better equipment (bigger telescope, 24/32 bit ADC, etc.) would allow an attacker to extend that range.

Related: Power Supply Can Turn Into Speaker for Data Exfiltration Over Air Gap

Related: Hackers Can Exfiltrate Data From Air-Gapped Computers Via Fan Vibrations

Related: Air-Gapped Computers Can Communicate Through Heat: Researchers

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join us as we delve into the transformative potential of AI, predictive ChatGPT-like tools and automation to detect and defend against cyberattacks.


As cybersecurity breaches and incidents escalate, the cyber insurance ecosystem is undergoing rapid and transformational change.


Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.


The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.

Data Protection

The cryptopocalypse is the point at which quantum computing becomes powerful enough to use Shor’s algorithm to crack PKI encryption.


A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Artificial Intelligence

The CRYSTALS-Kyber public-key encryption and key encapsulation mechanism recommended by NIST for post-quantum cryptography has been broken using AI combined with side channel attacks.


The three primary drivers for cyber regulations are voter privacy, the economy, and national security – with the complication that the first is often...

Malware & Threats

The NSA and FBI warn that a Chinese state-sponsored APT called BlackTech is hacking into network edge devices and using firmware implants to silently...

Mobile & Wireless

Infonetics Research has shared excerpts from its Mobile Device Security Client Software market size and forecasts report, which tracks enterprise and consumer security client...