An Optical Spy Trick Can Turn Any Shiny Object Into a Bug
Credit to Author: Andy Greenberg| Date: Tue, 22 Feb 2022 18:00:00 +0000
To revist this article, visit My Profile, then View saved stories.
To revist this article, visit My Profile, then View saved stories.
The most paranoid among us already know the checklist to avoid modern audio eavesdropping: Sweep your home or office for bugs. Put your phone in a Faraday bag—or a fridge. Consider even stripping internal microphones from your devices. Now one group of researchers offers a surprising addition to that list: Remove every lightweight, metallic object from the room that's visible from a window.
At the Black Hat Asia hacker conference in Singapore in May, researchers from Israel's Ben Gurion University of the Negev plan to present a new surveillance technique, designed to allow anyone with off-the-shelf equipment to eavesdrop on conversations if they can merely find a line of sight through a window to any of a wide variety of reflective objects in a given room. By pointing an optical sensor attached to a telescope at one of those shiny objects—the researchers tested their technique with everything from an aluminum trash can to a metallic Rubik's cube—they could detect visible vibrations on an object's surface that allowed them to derive sounds and thus listen to speech inside the room. Unlike older experiments that similarly watched for minute vibrations to remotely listen in on a target, this new technique let researchers pick up lower-volume conversations, works with a far greater range of objects, and enables real-time snooping, rather than after-the-fact reconstruction of a room's audio.
"We can recover speech from lightweight, shiny objects placed in proximity to an individual who is speaking by analyzing the light reflected from them," says Ben Nassi, the Ben Gurion professor who carried out the research along with Ras Swissa, Boris Zadov and Yuval Elovici. "And the beauty of it is that we can do it in real time, which for espionage allows you to act on the information revealed in the content of the conversation."
The researchers' trick takes advantage of the fact that sound waves from speech create changes in air pressure that can imperceptibly vibrate objects in a room. In their experimental setup, they attached a photodiode, a sensor that converts light into voltage, to a telescope; the longer-range its lenses and the more light they allow to hit the sensor, the better. That photodiode was then connected to an analog-to-digital converter and a standard PC, which translated the sensor’s voltage output to data that represents the real-time fluctuations of the light reflecting from whatever object the telescope points at. The researchers could then correlate those tiny light changes to the object's vibration in a room where someone is speaking, allowing them to reconstruct the nearby person's speech.
The researchers showed that in some cases, using a high-end analog-to-digital converter, they could recover audible speech with their technique when a speaker is about 10 inches from a shiny metallic Rubik’s cube and speaking at 75 decibels, the volume of a loud conversation. With a powerful enough telescope, their method worked from a range of as much as 115 feet. Aside from the Rubik’s cube, they tested the trick with half a dozen objects: a silvery bird figurine, a small polished metal trash can, a less-shiny aluminum ice-coffee can, an aluminum smartphone standard, and even thin metal venetian blinds.
This content can also be viewed on the site it originates from.
The recovered sound was clearest when using objects like the smartphone stand or trash can, and least clear with the venetian blinds—but still audible to make out every word in some cases. Nassi points out that the ability to capture sounds from window coverings is particularly ironic. "This is an object designed to increase privacy in a room," Nassi says. "However, if you're close enough to the venetian blinds, they can be exploited as diaphragms and we can recover sound from them."
The Ben Gurion researchers named their technique the Little Seal Bug in an homage to a notorious Cold War espionage incident known as the Great Seal Bug: In 1945, the USSR gave a gift of a wooden seal placard displaying the US coat of arms to the embassy in Moscow, which was discovered years later to contain an RFID spy bug that was undetectable to bug sweepers of that time. Nassi suggests that the Little Seal Bug technique could similarly work when a spy sends a seemingly innocuous gift of a metallic trophy or figurine to someone, which the eavesdropper can then exploit as an ultra-stealthy listening device. But Nassi argues it's just as likely that a target has a suitable lightweight shiny object on their desk already, in view of a window and any optical snooper.
Nassi's team isn't the first to suggest that long-range, optical spying can pick up vocal conversations. In 2014, a team of MIT, Adobe, and Microsoft researchers created what they called "the Visual Microphone," showing it was possible to analyze a video of a houseplant's leaves or an empty potato chip bag inside a room to similarly detect vibrations and reconstruct sound. But Nassi says his researchers' work can pick lower-volume sounds and required far less processing than the video analysis used by the Visual Microphone team. The Ben Gurion team found that using a photodiode was more effective and efficient than a camera, allowing easier long-range listening with a new range of objects and offering real-time results.
"This definitely takes a step towards something that’s more useful for espionage," says Abe Davis, one of the former MIT researchers who worked on the Visual Microphone and is now at Cornell. He says he's always suspected that using a different sort of camera, purpose-built for this sort of optical eavesdropping, would advance the technique. "It’s like we invented the shotgun, and this work is like ‘We improve on the shotgun, we give you a rifle,'" Davis says.
It's still far from clear how practical the method will be in a real-world setting, says Thomas Ristenpart, another Cornell computer scientist who has long studied "side-channel attacks"—techniques like the Little Seal Bug that can extract secrets from unexpected side effects of communications. He points out that even the 75-decibel words the Israeli researchers detected in their tests would be relatively loud, and background noise from an air conditioner, music, or other speakers in the room might interfere with the technique. "But as a proof of concept, it's still interesting," Ristenpart says.
Ben Gurion's Ben Nassi argues, though, that the technique has already proven to work well enough that an intelligence agency with a budget in the millions of dollars rather than mere thousands his team spent could likely hone their spy method into a practical and powerful tool. In fact, he says, they may have already. "This is something that could have been exploited many years ago—and probably was exploited for many years," says Nassi. "The things we're revealing to the public probably have already been used by clandestine agencies for a long time."
All of which means that anyone with secrets to keep would be wise to sweep their desk for shiny objects that might serve as inadvertent spy bugs. Or lower the window shades—just not the venetian blinds.