[HN Gopher] Spies can eavesdrop by watching a light bulb's vibra... ___________________________________________________________________ Spies can eavesdrop by watching a light bulb's vibrations Author : lelf Score : 146 points Date : 2020-07-26 22:22 UTC (1 days ago) (HTM) web link (www.wired.com) (TXT) w3m dump (www.wired.com) | imglorp wrote: | The article involves a remote device watching the light bulb but | it would also make sense to think about devices in the room as | well. | | Your device might have its microphone disabled, in hardware even, | but I wonder if the ambient light sensor has enough gain to see | audio frequency variations in room lighting. We already know hard | drives and speakers and whatever else can act like mics for | exfiltration... | [deleted] | codezero wrote: | In college for a project I wanted to encode messages over small | brightness variations in light bulbs. It's a pain to deal with | AC, so I ended up doing it with a laser pointer. It turned out to | be stupidly easy with a laser pointer and photodiode attached | almost directly to a pair of PC speakers. All these devices have | a +5v DC signal. I could attach my iPod headphones to the laser | pointer directly, then the photodiode to the speakers, and boom, | music at about 100 yards, with almost no quality decrease, though | I didn't do anything quantitative :) | | I've always wondered what places communication started getting | hidden since we went online and no longer rely on things like | numbers stations or drop boxes (though I assume dead drops still | exist) | miahi wrote: | You can also send the sound via the laser directly to a MEMS | microphone, if it's exposed: | https://www.wired.com/story/lasers-hack-amazon-echo-google-h... | amatecha wrote: | K what? That's amazing! Apparently I need to learn more about | lasers.... haha :) I guess it's pretty "fragile" since the | slightest misalignment of the source laser & destination sensor | would mean a total loss of signal, right? | wonderlg wrote: | You'll probably also need to debug it often on warm summer | evenings. | dwohnitmok wrote: | Given that the laser forms a spot, minor misalignments are | very easy to debug (just line up the red spot with the sensor | again). Also given a laser with sufficiently wide spread, | minor misalignments would manifest themselves as volume loss. | | Not great if you don't have easy access, but reliable enough | for e.g. a dorm room or a living room. | | This was a lab we did in an intro EE class in college and it | worked wonders as a "whoa cool" demonstration with very basic | EE knowledge required. | codezero wrote: | The other commenter is right, store bought lasers have a | descent spread over a few dozen or hundreds of feet. And the | signal is still pretty readable to the receiving photodiode. | rorykoehler wrote: | You should find out how the starlink network will communicate | if you're worried about accuracy. | panda88888 wrote: | A long time ago back in college our team designed a free space | optical gigabit digital link via laser diode and photodiode. We | were transmitting I think 1 Gbps easily over maybe 50 meters. | We didn't have enough time to polish the system or test faster | speed because the sponsoring corporation took our design back | to their RD group. | dkarl wrote: | Twenty years ago I worked at a place that had offices in | buildings across the street from each other and had a laser | network link between them in case the link through our ISP | stopped working. I don't recall if we ever had to rely on it | while I was working there, but I remember the guy in charge | of monitoring it used to complain that it didn't work on | foggy mornings. One end of the link was on the 21st floor, | and we got fog at that level a lot more often at that height | than at ground level. | codezero wrote: | I bet this was a microwave dish, super common to connect | buildings with line of site., and prone to fog and weather | :) | vt240 wrote: | The Wikipedia entry for FSO networking is pretty | misleading. There have been commercial products on the | market for quite a while. | 2OEH8eoCRo0 wrote: | Didn't anyone watch or read Clear and Present Danger? Laser | microphone. This has been done for the past 40 years or so. | kainer wrote: | Those stories keep fascinating me, ever since I talked about | side-channel attacks during my study times. | | Re-creating CRT images through walls, listening in on keystrokes | through the electric wires of a building or learning about | traffic patterns while observing network interface flashing LEDs. | | Just a fascinating world when you leave aside what they are aimed | towards. | helios_invictus wrote: | This technology and technique has been known for a number of | decades. Intelligence agency use a variety of counters to avoid | this issue. SCIFs don't have windows for a reason. The standoff | distance for intel buildings are far, and well monitored for | similar reasons. Some facilties use double insulated glass with a | randomized noise maker in the frame. Some corporate board rooms | use similar technology and safe guards. | Jestar342 wrote: | A friend of mine had a side-gig at an electronics factory that | used to fit/repair government printers, telegram, and fax | machines in the 80s. When he first started he noted that the | schematics said to double up the number of capacitors. When he | raised this as a potential error in the schematic with his boss, | he was told that it was quite deliberate and was there to stop | giving away what was being printed by anyone measuring the power | fluctuations. Feels kinda obvious now but when I first heard it I | had a mini-mind-blown moment. | polishdude20 wrote: | That seems like a good way to make a piece of equipment just | not work. The stuff inside the printers also probably relies on | proper capacitor values. | jstanley wrote: | Seems unlikely. It's probably ~all digital, so I expect the | capacitors are literally only there for filtering the power | supply. | monadic2 wrote: | Pretty sure state intelligence has been doing this for decades, | and we all know the laser-off-the-window pane trick by now. | | I'm much less worried about spies than I am about the powers | directly around me, namely my own state and the large | corporations that run society. | | I have no clue who greenlit this article but it seems starved for | context not spoon-fed by the research team itself. | kanobo wrote: | Tomorrow's news: Privacy Lightbulbs that vibrate pre-recorded | messages to throw these pesky spies off their trail is invented. | turbonaut wrote: | Whilst the suggestion is clearly not serious, having pre- | recorded or even repeated random noise is akin to re-using a | one time pad. Continued 'listening' - even long after the | relevant conversation - could first be used to extract the fake | noise and then from this the signal. | kerkeslager wrote: | Yeah. You can't just produce random white sound[1] to cover | the signal either, because speech has enough redundancy to | still communicate over a static-y soundscape. The term here | is that white noise lacks "diffusion"--analogous to the ECB | vulnerability (see the picture of the encrypted Linux penguin | image on this page[2]). I can't think of a good way to | provide diffusion for sound--a better cover might be to | provide alternate signals, i.e. a few layers of random human | sounds spoken in a deepfake-d version of the voice of the | person speaking. | | I'm skeptical even this wouldn't have vulnerabilities | however, as history has shown us that cryptography which has | not been formally proven is often broken. | | [1] I'm using the word "sound" here to differentiate the | noise in the auditory sense from noise in the "signal versus | noise" sense. | | [2] https://en.wikipedia.org/wiki/Block_cipher_mode_of_operat | ion... | kanobo wrote: | Would it be possible to use the tech in noise-cancelling | headphones and put a tiny speaker that phase-cancels audio | it hears to solve this issue? I'm asking as someone who | knows very little about this. | kerkeslager wrote: | Well, it's definitely possible to do that but I'll make | no claim that it would actually provide security. There's | definitely some bleed-through with noise canceling (i.e. | the beginning of sounds don't get canceled because the | noise-canceling has a "reaction time"). It's probably | better than nothing, but I would guess that a | sophisticated-enough attacker could get around it. | | Again, I have no proof of concept here, so take with a | grain of salt. | dasudasu wrote: | Then you can hijack the noise canceling device and obtain | the original signal. Also the canceling effect is likely | never perfect, so there would still remain part of it | going through. | [deleted] | matham wrote: | What if you use one random source to contentiously change | the white noise parameters (mean, std). | | E.g. use something like a illuminated disco ball that | continuously randomly changes the source light angle and | intensity. | kerkeslager wrote: | I think it would be very difficult to escape from | diffusion problems. | kanobo wrote: | I'm going to put on my pop-science-fiction hat on and revise | the Privacy Bulb to include a geiger-muller vibrating tube | and a dollop of uranium for random vibrations. I was a fan of | spy vs. spy as a child and I am full of bad ideas right now. | hinkley wrote: | We've known each other, for so long... | SilasX wrote: | Since you mention it, I got to thinking about whether we can | have a microphone equivalent to the physical covers for webcams | -- that is, a physical means that ensures the device can't | detect anything usable, even if an attacker was able to turn it | on without you knowing. | | Something like, a vibrating module that you don't really notice | but which clouds out any sounds the microphone would pick up | (or, to go your route, injects fake audio). You turn it on when | you want to be sure the microphone isn't listening, just like | you can cover the webcam. | plutonic wrote: | You mean something like this [0]? You could use this to trick | your computer/phone into using the audio jack for its | microphone, but since the mic-lock passes no usable signal, | you'll be better protected. It doesn't otherwise incapacitate | the internal microphone, though. | | [0] https://www.amazon.com/Mic-Lock-Microphone-Blocker-Pack- | Surv... | SilasX wrote: | It would need to block the microphone itself that picks up | ambient noise -- I don't think there's anything on e.g. a | MacBook Air that you could plug that into and block sound. | kanobo wrote: | Some offices employ white noise privacy machines, you can | find them on amazon. And the Japanese have the Sound Princess | for flush noise privacy at the toilet. I have yet to find a | product where you don't notice that it's on though, would be | a great invention if possible. | spockz wrote: | Or you could turn on the shower and faucets in the bathroom | and talk there. Or does that only work in the movies? | briandear wrote: | It does work, but you can have filters that can remove that | noise electronically enough to get some actual voice | signal. Faucets along with whispering directly in the ear | would work. But a better choice is to simply write on a | piece of paper instead of talking. | [deleted] | feralimal wrote: | Sorry - but that sounds like BS. Think about it - a hanging light | bulb vibrates when you speak... Really? I don't see any movement, | and I'm right there. | | But yet, that can be picked up 25m away by a telescope? With | equipment that costs less than $1000? No way. | | Sounds like some phony story to me, that's meant to make us think | spies have superpowers, or even that we're all being spied on. | (Which we are, but not like this.) | jamesgeck0 wrote: | > Think about it - a hanging light bulb vibrates when you | speak... Really? I don't see any movement, and I'm right there. | | I don't see any movement on my computer speakers or mic when | they're emitting or receiving sound, but they wouldn't function | if vibration wasn't happening. You can measure the vibrations | from a short distance away with a laser setup that costs about | $300 IIRC. | | So the basic concept is sound. After that it's just a question | of what kind of measurement setup a government agency with | absurd amounts of time and money could cook up. | meritganset wrote: | I can't tell if this is serious or not. You realize that not | all vibrations are visible by eye, right? In fact, the vast | majority aren't. | feralimal wrote: | Do you really think a telescope can pick up the reflected | vibrations from a lightbulb, using a telescope 25m away? | bbbobbb wrote: | Here similar experiment, 6 years ago: | https://www.youtube.com/watch?v=FKXOucXB4a8 | | If you think that actual government agency cannot do even | more easily with better equipment in 2020 you're kidding | yourself. | feralimal wrote: | I watched the video. I'm sorry, but its inane. This is | the worst sort of science magic. In fact its just | trickery. | | Do you seriously think that you have been provided | evidence in that video? All that happened is that I ended | up looking at a leaf and packets of things that weren't | moving at all. That's not evidence! | | It says that they are picking up vibrations from a leaf | or bag of crisps. But they don't show you those | vibrations. They just give you a bunch of graphics and | fuzzy sounds and tell you that they have done something. | | You do see that this is could be very simple video | trickery right? As with the initial article - there's a | claim, but nothing to really be able to use to verify | that claim. Just a graphic, and references to Shazam. | Perhaps this is guerrilla marketing for Shazam? Its a | more viable thesis anyway, given the evidence! | thebean11 wrote: | You should discredit the Wired article | feralimal wrote: | Well, ok. | | Firstly, note that it provides no evidence. It has a | claim, and shows a fancy graphic. That's it. Its not | evidence. Anyone can make that sort of thing up. How can | one differentiate this from a story I just made up? | | Digging in, it says: "LED bulbs also offer a signal-to- | noise ratio that's about 6.3 times that of an | incandescent bulb and 70 times a fluorescent one." | | Why? Why are LEDs better for this noise reflection stuff, | than incandescent or fluorescent ones? They're all in | glass. The heat of the glass is stable. The LED itself | surely can't help. | | Why does Shazam feature in these tests, at all?! | | It also says: "Researchers have known for years that a | laser bounced off a target's window can allow spies to | pick up the sounds inside. Another group of researchers | showed in 2014 that the gyroscope of a compromised | smartphone can pick up sounds even if the malware can't | access its microphone." | | Right. Are we meant to believe that this is what spies | do? I mean, a spy just has to access whatever systems are | already at his or her disposal and listen to your calls. | They don't need to do any of that! | | And: "Still, Nassi says the researchers are publishing | their findings not to enable spies or law enforcement, | but to make clear to those on both sides of surveillance | what's possible. "We want to raise the awareness of this | kind of attack vector," he says. "We're not in the game | of providing tools."" | | So, they even say that this article is about raising | awareness of this kind of attack vector. They are raising | awareness. Thanks spies! | | The article is a joke. At best this is a puff piece for a | spy agency, or more likely just to increase paranoid | awareness amongst those in tech. Be scared, danger | everywhere! There are spy agencies listening to you | everywhere - they're not using your phone, they use light | bulbs and leaves!! | x2f10 wrote: | The video is a simple demonstration. If you want more | details, there's an accompanying website and white paper | published by MIT [1]. | | 1. http://people.csail.mit.edu/mrub/VisualMic/ | feralimal wrote: | PS, at what point would alarm bells ring for you, re this | story. If they had said that they could pick up voices | from a lightbulb with a telescope that was 50m away? | 100m? 1000m?!? | | I suspect that alarm bells wouldn't ring at all.... | feralimal wrote: | And why should some skepticism of an article relating to the | purported tools of spycraft be downvoted? Its ok to expect more | than a simple schematic, surely? | deadmetheny wrote: | It's because you're point-blank wrong and keep doubling down | on it instead of taking the L. | Dahoon wrote: | Of course it is Israeli.. | fortran77 wrote: | @dang -- this seems like an unproductive comment. | partiallypro wrote: | I'm not sure on the cost, but I know it's common to use lasers at | an angle on windows to spy on conversations via a laser | microphone. That requires less of a line of sight. Is this a | cheaper method? | ravenstine wrote: | One way you can do this without another light source is to bounce | a laser beam off a window or other things that are reflective. | | In fact, the same principle can be achieved with radio. The | Russians once planted a device in a wooden seal they gave to a US | ambassador as a gift which, when a focused radio beam was aimed | at it, would reflect and oscillate that beam due to vibrations in | the air. | | https://en.wikipedia.org/wiki/The_Thing_%28listening_device%... | perch56 wrote: | Leon Theremin was a genius that also created one of the first | electronic instruments carrying his name now. | | https://en.wikipedia.org/wiki/Theremin | mhh__ wrote: | In any building spies had access to there was a game of cat and | mouse as (for example) spies would see people with radio | equipment scouring rooms through the window as they heard their | bugs go pop one by one. | | Peter Wright (who wrote spycatcher) was the one who first got | to look at The Thing; He actually broke it and had to make a | new membrane for the microphone. He also invented (within MI5 | at least) their technique for detecting superhet receivers | (RAFTER), at one point they apparently were parked next to the | soviet receiver. | russellbeattie wrote: | I remember in the 1990s I was doing contracting work in SoCal | and got a job at one of the big defense contractors near LAX. | (Trying to remember which one... Hughes?) I lasted only one | week as the building was totally secure - no windows at all. | Life is waaaaaay to short to work in a hole like that. | | Maybe someone with more info can fill in the details, but if I | remember correctly, when Nokia changed their Silicon Valley | offices to downtown Sunnyvale almost a decade ago, they were | worried because Apple had offices in the adjacent building. If | I remember correctly Nokia put in a bunch of security glass to | prevent spying from vibrations in the windows. (There's some | irony there, I know...) | panda88888 wrote: | Yup. It's fairly standard. For classified work the rooms and | entry/exit protocols have to meet certain security | requirements based on the classification level. No windows | and no electronics are standard. No walls that is exposed to | the exterior. I've been in room within a room setup when it | was warranted. | acidburnNSA wrote: | Back in the 90's I found an old cardboard box full of | radioshack electronics components and a paper schematic of how | to put it together. I asked my dad what it was. He had been | into an electronics hobby in the 1980s and told me that it was | a amplifier to receiving laser light bounced off of a window | for spy stuff. I couldn't believe it. The kit became my first | significant soldering project. I got it all together and put my | beloved laser pointer on a tripod and tried bouncing it in. I | never did get it to the point that I could hear voices but boy | could I ever hear cool vibration noises when I tapped the | window. | | It was extremely fun and I've been soldering things here and | there ever since. | balls187 wrote: | Most of my office windows at Boeing had little ultrasonic | buzzers on them to prevent such an attack. | | On my offices was actually in a large farad cage to | reduce/eliminate EMF leaks from workstations. | SEJeff wrote: | I take it you work on some "government" projects? I wonder if | that is all TEMPEST grade shielding. | akamia wrote: | When I worked at Boeing, we even had them on the windows of | offices that weren't being used for government projects. | The company's commercial business was also a target for | spying so they were very protective in general. | | To this day, the company's laptops don't have cameras and | they have a whole process that you have to go through to | use a camera anywhere on company property. | balls187 wrote: | Yeah, used to work for Boeing's defense groups. | acidburnNSA wrote: | Wow. That's super interesting. So it was considered a | credible threat. | | Huh you can actually buy such things on Amazon. | | https://www.amazon.com/Shomer-Tec-SHLSD-Laser- | Surveillance-D... | | Edit: yikes, those reviews... | spitfire wrote: | Woah. Check out the recommendations on that page. There's | some great stuff in there. | ravenstine wrote: | It's basically a 555 timer, some resisters, and a piezo | buzzer. Hardly worth 50 bucks! You can build one yourself | for a mere fraction of that. | freehunter wrote: | For a big business like Boeing, buying one at $50 would | be far more palatable than building one from parts. | ravenstine wrote: | Dang, you're right! _This is a business I need to get | into._ | zszugyi wrote: | I'm sure getting vetted to be a vendor for DoD/Government | projects is super easy. | jascii wrote: | Ultrasonic buzzers? I kinda fail to see how that would help, | shouldn't be too hard to filter out the ultrasonic range | noise. | Zenst wrote: | Basically drowns out the room vibrations upon the window as | it is a in direct contact. You can make your own with piezo | discs and small circuit to drive them. That and high | frequency will not cause added noise noticeable to humans. | noir_lord wrote: | Not if it's random. | | It's the vibrations from sound on glass they want and those | are tiny by comparison to the input. | GhostVII wrote: | Important caveat: | | _The voice and music recordings they used in their | demonstrations were also louder than the average human | conversation, with speakers turned to their maximum volume_ | | I can clearly see vibrations in glass near loud speakers with my | naked eye, but when someone is speaking I generally can't see any | vibrations. Still really cool that they were able to reproduce | sounds this way, but it's not like you can spend 1k and be able | to actually listen to conversations using this method. | lostmyoldone wrote: | If their chart is correct, the 30cm mirror show a 20db | improvement in SNR at 200Hz compared to 20cm, same curve but | 20db lower gain. | | That is an absolute crazy scaling, I'm not entirely sure how | that's possible, though I have a suspicion. If it's an actual | scaling law that can be exploited, I would expect you can | extend this to entirely practical audio volumes on a shoestring | budget. | Puts wrote: | Apparently this is 1947-tech: | https://en.wikipedia.org/wiki/Laser_microphone | | I even remember there where schematics for a laser-microphone | circulating on the early 2000s internet that could translate the | vibrations of windows into sound. | OkayPhysicist wrote: | I built one of those in college. Hardware's super simple, but | actually getting it alligned is a total PITA. | mdturnerphys wrote: | Previous discussion of source: | https://news.ycombinator.com/item?id=23498185 | wallacrw wrote: | I've always wondered -- if I used this on the board room window | to listen into public company earnings meetings, is that inside | information? Technically, the information is "public" in that | anyone could do what I'm doing... | pmoriarty wrote: | Along similar lines, I've wondered about how often restaurant | and bar owners have bugged their own premises. | | There's probably a lot of valuable information discussed in | such establishments.. especially, say, around Wall St. | | Regarding the legal aspects, I'm not sure how much of a legal | expectation of privacy one has in a "public" place such as a | restaurant or bar, and we've pretty much already accepted | ubiquitous video surveillance in such places (even if such | videos are often without sound). | | Someone could potentially infer speech just by lipreading | soundless videos, but if someone did decide to use audio | surveillance on their own property in a bar, restaurant, or | other place of business, is there any law against that? | | Quite apart from the legal and ethical objections that might | arise against doing this, I'm sure some business owners are not | above giving in to the temptation to spy on their patrons, | especially if there's a big profit motive (like getting access | to inside information by spying on Wall St execs gossiping over | drinks or dinner). | | That's not to mention dirt that might be revealed in | conversations considered to be "private", which could be used | to blackmail people or for other nefarious purposes. | | The technology to perform such spying has been around for a | long time, and in a bar or restaurant the owner (or rogue | employee, or customer even) wouldn't have to resort to exotic | techniques such as this light bulb trick. A simple microphone | would suffice. | jeffdubin wrote: | Some Dunkin Donuts stores in the New England area were | (decades ago) accused of listening to their customers by | having microphones at seats where customers ate. Not sure if | that was intentional or part of their security system as they | claimed. [0] | | [0] https://apnews.com/d7e29ace8f0cfdd8e4377e70ef26eff8 | briandear wrote: | > Along similar lines, I've wondered about how often | restaurant and bar owners have bugged their own premises. | | In a few select Houston strip clubs.. all the time, or at | least ten years ago some did, the ones owned by certain | organizations. I haven't been around that scene for a decade, | so I can't speak to now. I know of a few other places that | seemed to magically never have trouble with city officials or | permitting. Another such place, an after hours club, was | frequented by the mayor's "party-oriented" daughter, never | had trouble with police raids, or fire marshals. The venue | survived unscathed until the next mayor took over and such | leverage became unavailable. The Texas Alcoholic Beverage | Commission was the only real challenge, but often the local | cops would be knowledgeable about pending raids and would | graciously provide some advance notice. It certainly helped | that many of those cops were paid as off duty private | security by the venue. DEA was another frequent adversary, | but those folks aren't as undercover as they thought they | were. I might suggest that the DEA was (or maybe still is,) | one of the more sketchy law enforcement agencies in the | government. | | Just under the surface of "normal," there is some really | fascinating stuff that goes on. | ColanR wrote: | I'm sure that one way or the other, that question has been | dealt with exhaustively. My guess, the information you obtain | is considered definitely not public, even though it's possible | for a member of the public to obtain. | oh_sigh wrote: | Yes - Economic Espionage Act of 1996 | | It is not public because there is a reasonable expectation of | privacy. | pier25 wrote: | This is only for incandescent lightbulbs, right? | Romanulus wrote: | All cool tech aside, I'll be sure to update the single light-bulb | hanging from a thread in my interrogation room now. | irontinkerer wrote: | I was expecting to be dissapointed (I thought this was going to | be a test in the same room, with perfectly calibrated equipment) | but I was wrong. Very impressive that you can do this at that | distance and with affordable ($400) equipment. I wonder how long | intelligence agencies have been using this capability. | hinkley wrote: | I knew someone who started building one of the laser based | units in the fall of 1990, in high school. So that's 17 or 18? | | By the end of the decade or beginning of the next, we had | telecom hardware companies filtering the signal to the activity | LED so that you couldn't read packet info out of the | flickering. | | Odds are good that someone combined those ideas a lot earlier | than we might like to think. | helios_invictus wrote: | I believe since the 80's | draw_down wrote: | To defeat this, don't you just do what the mobsters in movies do? | Play music or make some other loud noise and then whisper or talk | softly close to each other? ___________________________________________________________________ (page generated 2020-07-27 23:00 UTC)