How to Turn a Coke Can into an Eavesdropping Device



Black Hat Asia – According to a team of researchers from Ben-Gurion University of the Negev, if an attacker can see the object, then a soda can, smartphone stand, or any bright, light desk decoration, there is a danger of eavesdropping even in a soundproofed room. could. ,

At the Black Hat Asia security conference on Thursday, and aiming to expand on previous research into optical speech eavesdropping, the research team demonstrated that audio conversations at the volume of a typical meeting or conference call can be captured at up to 35 meters, or about could. 114 feet away. The researchers used a telescope to collect reflected light from an object near the speaker and a light sensor — a photodiode — to sample changes in light as the object vibrates.

A light object with a shiny surface reflects the signal with enough fidelity to recover the audio, said Ben Nassi, an information security researcher at the university.

“Many bright, light objects can serve as optical implants that can be used to recover speech,” he said. In some cases, they are completely innocuous objects, such as a smartphone stand or an empty drink can, but all of these devices because they share the same two characteristics, they are light and shiny when there are If there is enough light it can be used to hide.”



The eavesdropping experiment isn’t the first time researchers have attempted side-channel attacks that pick up audio from nearby objects.

Improvements to previous optical eavesdropping
In 2016, for example, researchers demonstrated ways to reconfigure the audio-out jack on a computer into an audio-in jack and thereby use the speaker as a microphone. In 2014, a group of MIT researchers discovered a way to use potato chip bags to capture sound waves. And in 2008, a group of researchers created a process to capture typed keys on a keyboard based on their sound and the time between keystrokes.

The MIT research is similar to the technique adopted by Ben-Gurion University researchers, except that the exploit requires a more restrictive location of the reflecting object and sufficient processing power to recover the audio, said Ben-Gurion. Raz Swissa, a researcher at the university, said. Negev.

“it [older] The method cannot be implemented in real time because it requires a lot of computational resources to recover the sound of only a few seconds.” And other well-known techniques, such as laser microphones, need to be employed. Requires a detectable light signal.

The researchers thus focused on creating a process that could be accomplished with everyday objects already in the target area and using readily available equipment. Using 25-centimeter objects about 10 inches from the speaker, the researchers could capture fluctuations in the light reflected by them up to 35 meters away. The recovered speech was quite clear at 15m and somewhat understandable at 35m.

Overall, the experimental setup, which the researchers call the Little Seal Bug, could be used to capture audio with everyday objects.

Great Seal, Little Seal and Beyond
The Little Seal Bug is a nod to a well-known early espionage phenomenon, known as the Great Seal Bug. In 1945, the Soviet Union presented the US ambassador with a crimson, embossed eagle celebrating US-Soviet cooperation to defeat Nazi Germany. Yet the Great Seal also had a hidden audio recorder that allowed Soviet spies to monitor high-level conversations at the embassy.

Similarly, the Little Seal Bug can use common objects around the office to capture audio through reflected light. In addition, most mobile devices come with a photosensor that does not require special permissions to be accessed. While the researchers have not come up with a chain of attacks using sensors, such a resource could very well be exploited by future attackers.

However, there are many more potential threats to espionage attacks, Nassi said. From compromising systems with malware and capturing audio that way, to using microphones already embedded in Internet of Things devices, such as AI assistants and video cameras, our world is quickly filling up with potentially eavesdropping devices. Is.

A smartphone, a laptop, an IP camera and a smart watch are probably more risky in terms of privacy than these devices or objects, he said.

Source



Related News

Marvel’s Avengers will lose support on September 30. Square Enix moves away from the high-profile comic production

It's been more or less 2.5 years since the debut of Marvel's Avengers and what is actually the easiest thing to identify with production is hope. Before the

“BCLK” overclocking is completely locked out in Intel 13th Gen Non-K CPUs

It looks like Intel has completely disabled overclocking on non-K 13th Gen CPUs which is bad news for motherboards that support BCLK overclocking.

Intel Unison, the new tool so you can control your mobile from your PC

With the arrival of Windows 11, Microsoft has decided to integrate a little more with Android and in this case it has done so by improving its software that

The first ARM Chromebook with the new Android 11 ARCVM container is finally on the way

To say that the transition to the new Android container on Chromebooks (ARCVM) has been a long, painful journey would be a huge understatement. Started well

Samsung Galaxy A53 vs Xiaomi Redmi Note 11 Pro Plus, differences, comparison and which is better

Two of the most attractive mid-range models of the moment are the Samsung Galaxy A53 and Xiaomi Redmi Note 11 Pro Plus. Both are also one of the most advanced