Electro-optical Sound Eavesdropping
Attend in-person
Hack Track
Date
24 NOV
Attend online
HITB VIRTUAL STREAM
Time
13:00

+overview

In this talk, I will discuss electro-optical sound eavesdropping, i.e., how eavesdroppers can convert light to sound passively, externally, and in real time in order to recover speech from physical and virtual conversations by analyzing optical measurements obtained by an electro-optical sensor mounted to a telescope.

In the first part of the talk I will introduce "Lamphone" a novel side-channel attack for eavesdropping sound; this attack is performed by using a remote electro-optical sensor to analyze a hanging light bulb’s frequency response to sound. I show how fluctuations in the air pressure on the surface of the hanging bulb (in response to sound), which cause the bulb to vibrate very slightly (a millidegree vibration), can be exploited by eavesdroppers to recover speech from physical meetings.

In the second part of the talk I will introduce "Glowworm attack"; a novel TEMPEST attack for eavesdropping sound; this attack is performed by using a remote electro-optical sensor to analyze the intensity of a device's power indicator LED. I show how the optical correlation between the sound that is played by speakers and the intensity of their power indicator LED can be  exploited by eavesdroppers to recover speech from virtual meetings.

At the end of the talk, I will discuss the limitations of the attacks, and provide a few insights regarding sound eavesdropping  that will help us to answer the next question: Could it be that while Lamphone and Glowworm attacks were published during the last year, they are actually 30 years old?

+speaker

Ben Nassi
Security Researcher, Cyber@Ben Gurion University

I am PhD student at Ben-Gurion University of the Negev (BGU) and a former Google employee.

My research was presented at top conferences (S&P, CCS, BlackHat, RSA, Ubicomp, DEF CON) and was published in journals (TIFS), and was also covered by international media (Wired, ArsTechnica, Motherboard, Washington Post, Bloomberg, Business Insider).

I presented my work at prestigious venues including BlackHat USA 2020, CCS 2020, 40th IEEE Symposium on Security and Privacy, RSA Conference 2020, CyberTech TLV 2020, and IoT Village at DEF CON 26.

+oTHER PRESENTATIONS IN THIS TRACK

24 NOV
Paid
24 NOV
Hack Talk 2 - TBA
Michael A. Davis
5467
24 NOV,
14:00
Hack Track
24 NOV
Paid
24 NOV
Hack Talk 3 - TBA
TBA
24 NOV,
15:00
Hack Track
25 NOV
Paid
25 NOV
Hack Talk 4 - TBA
Ofir Arkin
4461
25 NOV,
11:00
Hack Track
25 NOV
Paid
25 NOV
Hack Talk 5 - TBA
TBA
25 NOV,
13:00
Hack Track
25 NOV
Paid
25 NOV
Hack Talk 6 - TBA
TBA
25 NOV,
14:00
Hack Track
25 NOV
Paid
25 NOV
Hack Talk 7 - TBA
TBA
25 NOV,
15:00
Booth B, West