In a new experiment, some researchers have successfully demonstrated that it is possible to track and recover any conversations by closely observing the light bulbs.
The Lamphone attack
Academics from the Ben-Gurion University of the Negev have discovered a new way to reverse engineer and thus hack any conversations or audio recordings being played in a room, by observing the fluctuations of a light bulb in that room.
- This month, a new eavesdropping technique named ‘Lamphone’ was demonstrated, which could record slight variations in a light bulb to recover the sound waves (speech, conversations, songs) within a room.
- When soundwave hits a light bulb, the vibrations create small flickers in the emission of light. By using powerful sensors, the variations in the light can be recorded and the sound waves causing these variations can be recreated.
- During the experiments, academics were successfully able to recover sound and conversations from 25 meters (82 feet) away. And with proper equipment (bigger telescope, 24/32 bit ADC, etc.), this range can be extended further.
Other cyber threats affecting light bulbs
In the recent past, there have been several incidents when vulnerabilities were identified in the smart light bulbs, which could cause a leak of sensitive data.
- In February 2020, a high-severity heap-based buffer overflow vulnerability (CVE-2020-6007) was found in Philips Hue Smart Light Bulbs, which could be exploited over-the-air from over 100 meters away to gain entry into a targeted Wi-Fi network.
- In the same month, a white-hat hacker named ‘LimitedResults’ revealed a vulnerability in the LIFX smart light bulbs, that could be exploited to steal Wi-Fi passwords and the root certificates of the connected network.
To defend against attacks like Lamphone, bulbs can be covered with some fancy decorative items or curtains. Using a low transmittance window glass can also help prevent intruders from peeking inside the rooms. For securing smart light bulbs, keep the devices patched with the latest updates released by the vendor.