Recent studies have suggested various side-channel attacks for eavesdropping sound by analyzing the side effects of sound waves on nearby objects (e.g., a bag of chips and window) and devices (e.g., motion sensors). These methods pose a great threat to privacy, however they are limited in one of the following ways: they
(1) cannot be applied in real time (e.g., Visual Microphone),
(2) are not external, requiring the attacker to compromise a device with malware (e.g., Gyrophone), or
(3) are not passive, requiring the attacker to direct a laser beam at an object (e.g., laser microphone).
In this paper, we introduce "BadVibes," a novel side-channel attack for eavesdropping sound; this attack is performed by using a remote electro-optical sensor to analyze a hanging light bulb's frequency response to sound.We show how fluctuations in the air pressure on the surface of the hanging bulb (in response to sound), which cause the bulb to vibrate very slightly (a millidegree vibration), can be exploited by eavesdroppers to recover speech and singing, passively, externally, and in real time.We analyze a hanging bulb's response to sound via an electro-optical sensor and learn how to isolate the audio signal from the optical signal. Based on our analysis, we develop an algorithm to recover sound from the optical measurements obtained from the vibrations of a light bulb and captured by the electro-optical sensor. We evaluate our attack's performance in a realistic setup and show that it can be used by eavesdroppers to recover human speech (which can be accurately identified by the Google Cloud Speech API) and singing (which can be accurately identified by Shazam and SoundHound) from a bridge located 25 meters away from the target room containing the hanging light bulb.
Dr. B. Zadov was born in 1978. He received B.Sc. degree in Electrical and Electronics Engineering from the Sami Shamoon College of engineering, Israel (2007), MSc. in Electrical & Computer Engineering from Ben-Gurion University of the Negev (2011). Ph.D Electrical & Computer Engineering in Ben-Gurion University of the Negev (2018).
He is currently a Postdoctoral researcher in the Department of Software and Information Systems Engineering , Ben-Gurion University of the Negev.
Yaron Pirutin is a security researcher at BGU’s Cyber Security Research Center. He holds a B.Sc. degree in electrical engineering from BGU. His primary research interests are sound recovery, cyber security and privacy.