Virtual meetings are vulnerable to a new, exotic attack called Glowworm, which measures an audio output device’s LED power light changes and converts them to audio reproductions — allowing cyberattackers to listen to sensitive conversations.
As an increasing amount of business is being conducted over platforms like Microsoft Teams, Zoom, Skype and others, the findings present an entirely new attack vector for such
electronic communications.
A team of researchers at Ben-Gurion University have published a paper on the
Glowworm vector, which is technically known as a Telecommunications Electronics Material Protected from Emanating Spurious Transmissions (
TEMPEST) attack — the U.S. National Security Agency designation for unintentional digital signals which can be picked up and used to compromise data security.
Federal agencies are required to
protect classified information from TEMPEST attacks.
In this case, the spurious transmission is a nearly imperceptible flicker on a speaker, USB hub, splitters or microcontroller LED power.
“By exploiting imperceptible changes in the intensity of a device’s power indicator LED, which are caused by the changes in the device’s power consumption, Glwowworm is capable of recovering speech,” the team explained in a video accompanying the release of their paper.
“Our experiments show that many products of various manufacturers are vulnerable to the Glowworm attack,” the team explained.
threatpost.com
