Shine Little Glowworm, Glimmer, Glimmer; Light Our Audio Secrets, Below, Above
That Power LED Is Spilling Your Friends Secrets!
There is a newly detected vulnerability called Glowworm, which describes the ability for sneaky types to listen to your computer audio via the power LED on your speakers. It turns out that the LED blinks in time with audio, and while imperceptible to the naked eye, a photodiode at the end of a telescope or binoculars can indeed detect the blinking at ranges of up to 35 metres.
The attack is completely passive, there is no way to detect if someone is trying to eavesdrop on you, short of spotting someone in the building across the street suddenly developing an interest in astronomy who is seemingly unsure as to where to find the stars. You can ensure that your speakers are not facing a window or stick some tape over it. The attack was tested not just on speakers, but also speaker phones, USB hubs with audio connected to them and Alexa type devices.
The signal can be fed to an analog/digital converter and the audio will play, just as if you were within earshot of the speaker. It would only capture the audio produced by the speaker, in order to get the audio from those in the room you would need to try to get away with shining a laser microphone on the window, which can be detected. Ars Technica describes that attack as well as the new Glowworm attack.
Hopefully some manufacturers will consider connecting a capacitor in parallel to the LED to dampen the signal enough it is no longer comprehensible.
This means that, for example, a Glowworm attack used successfully to spy on a conference call would not capture the audio of those actually in the room—only of the remote participants whose voices are played over the conference room audio system.