New 'Glowworm' Attack Spies on Conversations Using Device’s LED Power Indicator

Ben-Gurion University of the Negev researchers have conceived of a new attack method, called the “Glowworm attack,” that leverages optical emanations from a device’s power indicator LED to recover sounds from connected peripherals. This means it can actually spy on electronic conversations.

"We present the Glowworm attack, an optical TEMPEST attack that can be used by eavesdroppers to recover sound by analyzing optical measurements obtained via an electro-optical sensor directed at the power indicator LED of various devices (e.g., speakers, USB hub splitters, and microcontrollers)," write the researchers in their abstract.

"We analyze the response of the power indicator LED of various devices to sound and show that there is an optical correlation between the sound that is played by connected speakers and the intensity of their power indicator LED due to the facts that: (1) the power indicator LED of various devices is connected directly to the power line, (2) the intensity of a device's power indicator LED is correlative to the power consumption, and (3) many devices lack a dedicated means of countering this phenomenon."

The Glowworm attack was tested in a variety of experimental situations. The tests revealed that an attacker could eavesdrop on a conversation by tracking a speaker’s power indicator LED with good intelligibility from a distance of 50 ft (15 meters) and with fair intelligibility from 115 ft (35 meters).

The researchers also revealed that many devices are vulnerable to the Glowworm attack, including Google Home Mini, Google Nest Audio, Logitech – Z120 Speakers, S120 speakers, Sony – SRS-XB33, SRS-XB43, and Raspberry Pi – 3, 4. On the bright side, the attack is fairly simple to resolve simply by placing a black tape over a device’s power indicator LED. However, manufacturers may want to consider this attack when designing their new products to ensure they are Glowworm-safe from the get-go.