‘Glowworm’ Attack Turns Power Light Flickers into Audio

silversurfer

Super Moderator
Thread author
Verified
Top Poster
Staff Member
Malware Hunter
Aug 17, 2014
11,114
Virtual meetings are vulnerable to a new, exotic attack called Glowworm, which measures an audio output device’s LED power light changes and converts them to audio reproductions — allowing cyberattackers to listen to sensitive conversations.

As an increasing amount of business is being conducted over platforms like Microsoft Teams, Zoom, Skype and others, the findings present an entirely new attack vector for such electronic communications.

A team of researchers at Ben-Gurion University have published a paper on the Glowworm vector, which is technically known as a Telecommunications Electronics Material Protected from Emanating Spurious Transmissions (TEMPEST) attack — the U.S. National Security Agency designation for unintentional digital signals which can be picked up and used to compromise data security.

Federal agencies are required to protect classified information from TEMPEST attacks.

In this case, the spurious transmission is a nearly imperceptible flicker on a speaker, USB hub, splitters or microcontroller LED power.

“By exploiting imperceptible changes in the intensity of a device’s power indicator LED, which are caused by the changes in the device’s power consumption, Glwowworm is capable of recovering speech,” the team explained in a video accompanying the release of their paper.
“Our experiments show that many products of various manufacturers are vulnerable to the Glowworm attack,” the team explained.

 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top