Lamphone Attack

Lamphone Attack

A novel side-channel attack method that lets attackers spy and listen to private conversations in the victim’s room by watching an overhead hanging light bulb from a distance has been revealed.

Overview – Remotely Listen to Conversations by Watching Light Bulb

A group of researchers have discovered a novel side-channel attack method that lets attackers spy and listen to private conversations in the victim’s room by watching an overhead hanging light bulb from a distance.

The researchers (Ben Nassi, Yaron Pirutin, Adi Shamir, Yuval Elovici, and Boris Zadov) from the Israeli’s Ben-Gurion University of the Negev and the Weizman Institute of Science called this novel side-channel attack as “Lamphone Attack”.

As stated in the published academic paper of the researcher, any sound from a targeted room can be recovered with no requirement to hack anything and no device in the room, except for a clear line of sight to a hanging bulb.

The Lamphone Attack works by capturing microscopic sound waves via an electro-optical sensor focused at a hanging light bulb, and converting the captured data back to the original sound by reverse engineering. The attack can be realized in practice by using a laptop together with affordable technical equipment (a telescope, an electro-optical) that cost less than a thousand dollars.

How does Lamphone Attack Work?

The attack is fundamentally based on identifying vibrations from hanging bulbs as an effect of air pressure variations caused by sounds in a room.

Quote by Tim Berners Lee
Quote by Tim Berners Lee

A hacker to me is someone creative who does wonderful things.

Tim Berners-Lee

Read more educational and inspirational cyber quotes at our page 100+ Best Cyber Security & Hacker Quotes.

Set-up for the attack requires a telescope to capture a close-up view of the hanging bulb in targeted room and an electro-optical sensor installed on the telescope to transform the light into an electrical current. The obtained analog signal of vibration from the bulb is then converted to a digital signal using an analog-to-digital converter. For the last piece of the set-up, the transformed digital signal signal is fed to a laptop to analyze the collected sound data.

The researcher published an academic paper to explain the technical details of the attack, in addition to a quick summary of the attack shared on Ben Nassi’s home page. They have also released a video, that is shared below, to explain the details of the attack properly.

For the demonstration, the attackers captured a replayed statement (from a distance of 25 meters) made by the US President Donald Trup, that is, “We will make America great again.” They also captured the audio of the Beatles’ “Let It Be” and Coldplay’s “Clocks” and showed that the regenerated sound is clear and smooth enough to be recognized by anyone and the Shazam application.

Evaluation of the Lamphone Attack

What makes the Lamphone Attack more dangerous than the previously known side-channel attacks, is that it doesn’t involve malware to leak information from the target (victim).

The capability to spy on victims from long distances is another advantage that makes this attack viable.

Though this attack can be exercised practically with inexpensive equipment, there are some limitation though.

Firstly, a direct line of sight to the bulb is need to conduct the attack successfully. To state it differently, curtains on the windows or decorative covers on the bulbs can hinder or limit the success of the Lamphone Attack.

Secondly, the sound to be captured in the room needs be loud enough to cause vibration on the bulb. However, with more advanced equipment, it could be possible to capture sounds even with lower volumes.

Thirdly, the bulb glass should not be too thick to prevent or reduce vibrations due to sound waves in the room.

Lastly, since attack depends on the light emitted from the bulb, it should be bright enough to be captured. Again, with more advanced equipment, this might not be a limitation.


You could also read our popular articles What is a Security Vulnerability? or What is Vulnerability Scanning?