How They Can Spy on You Through the LED Light of Your Devices

In recent years, some researchers have shown that it is possible to carry out espionage tasks through the most unsuspected elements. Among them is a group of researchers from Israel dedicated to trying to obtain information from completely isolated computers (air-gapped), since they are often used to store sensitive information. Now, this group of researchers has discovered that it is possible to spy through the LED lights of our devices.

This attack, which has been dubbed the ” Glowworm Attack ” (firefly attack), has been discovered by researchers at the Ben-Gurion University of the Negev. With it, it is possible to spy on conversations and retrieve sounds through optical measurements obtained from electro-optical sensors directed at the LED light of the devices.

Spy on You Through the LED Light of Your Devices

Glowworm: beware of LED lights

The same group of researchers managed to recover elements of a conversation through a similar mechanism, but using a light bulb in a room, in a type of attack known as TEMPEST. Now this attack takes advantage of the way electronic circuits are designed, as LED lights change intensity depending on wattage.

Thus, the attack takes advantage of the optical relationship between the sound that is reproduced by the speakers and the intensity of the LED indicator . Both parts are connected directly to the current, and the intensity of the LED is influenced by the power consumption of the device. Depending on the quality of the equipment used to spy, it is possible to have a higher or lower quality in the final result. In the following video we can see how it works.

As we can see, Trump’s phrase in the final part of the video can be heard almost perfectly, despite the fact that it is captured with a telescope 35 meters away and outside the building where the sound was reproduced. The telescope was aimed at the LED light of a USB hub to which the speakers were connected.

50% of devices are vulnerable

In a real scenario, it is possible to remotely spy on conversations with applications such as Zoom, Skype, Google Meet or Microsoft Teams. The only way to avoid this attack is to put black electrical tape on the LED lights of our devices. The researchers recommend that manufacturers integrate capacitors or amplifiers to eliminate fluctuations in power consumption when a speaker produces sound.

The problem is that adding an electronic element in devices that sell by the thousands and even millions can add a great increase in the costs of the company. This is why many manufacturers, who tend to have the highest possible profit margin , ignore these vulnerabilities in exchange for reducing costs.

According to their tests, 50% of the devices they have tested, which include speakers, USB hubs, and smart speakers, are vulnerable to this attack. Therefore, attacks like Glowworm are not going to go anywhere, and they are going to pose an additional danger when using our devices if we use them in public places. At home, luckily, we are usually quite isolated from this type of espionage.