56 matches found
CVE-2021-38544
The CVE-2021-38544 entry concerns Sony SRS-XB33 and SRS-XB43 speakers. Reported as a Glowworm/firefly-style attack, remote attackers can recover spoken audio by analyzing LED power indicator emissions with an electro-optical sensor; the LED is tied to the power line so LED brightness correlates w...
CVE-2021-38545
Raspberry Pi 3 B+ and 4 B devices through 2021-08-09, in certain specific use cases in which the device supplies power to audio-output equipment, allow remote attackers to recover speech signals from an LED on the device, via a telescope and an electro-optical sensor, aka a "Glowworm" attack. We...
CVE-2021-38545
CVE-2021-38545 concerns Raspberry Pi 3 B+ and 4 B devices, up to 2021-08-09, where powering an audio output in certain use cases creates a side channel. The LED power indicator is tied to the power line, so LED light intensity correlates with overall power consumption; the sound played by connect...
CVE-2021-38546
The CVE-2021-38546 entry covers Creative Pebble devices affected by a Glowworm-style attack. According to redhat and NVD records, remote attackers can recover spoken audio by measuring power-indicator LED emissions with an electro-optical sensor and telescope. The underlying issue links LED outpu...
CVE-2021-38546
CREATIVE Pebble devices through 2021-08-09 allow remote attackers to recover speech signals from an LED on the device, via a telescope and an electro-optical sensor, aka a "Glowworm" attack. The power indicator LED of the speakers is connected directly to the power line, as a result, the intensit...
CVE-2021-38547
The CVE-2021-38547 entry concerns Logitech Z120 and S120 speakers (through 2021-08-09) where the power indicator LED is connected to the power line. The underlying issue is that the LED’s light intensity correlates with the device’s power consumption, and the audio content affects that consumptio...
CVE-2021-38547
Logitech Z120 and S120 speakers through 2021-08-09 allow remote attackers to recover speech signals from an LED on the device, via a telescope and an electro-optical sensor, aka a "Glowworm" attack. The power indicator LED of the speakers is connected directly to the power line, as a result, the...
CVE-2021-38548
JBL Go 2 devices through 2021-08-09 allow remote attackers to recover speech signals from an LED on the device, via a telescope and an electro-optical sensor, aka a "Glowworm" attack. The power indicator LED of the speakers is connected directly to the power line, as a result, the intensity of a...
CVE-2021-38548
CVE-2021-38548 affects JBL Go 2 devices up to 2021-08-09. A remote attacker can recover spoken audio by analyzing measurements from an electro-optical sensor aimed at the device’s power-indicator LED, which is directly tied to the power line; the LED brightness mirrors power use, which varies wit...
CVE-2021-38549
MIRACASE MHUB500 USB splitters through 2021-08-09, in certain specific use cases in which the device supplies power to audio-output equipment, allow remote attackers to recover speech signals from an LED on the device, via a telescope and an electro-optical sensor, aka a "Glowworm" attack. We...
CVE-2021-38549
The CVE-2021-38549 entry concerns MIRACASE MHUB500 USB splitters (affected through 2021-08-09) in specific configurations where the device powers audio-output equipment. The vulnerability arises because the power indicator LED is tied to the power line, making LED brightness correlate with power ...
CVE-2021-38365
Winner aka ToneWinner desktop speakers through 2021-08-09 allow remote attackers to recover speech signals from the power-indicator LED via a telescope and an electro-optical sensor, aka a "Glowworm" attack...
Code injection
Winner aka ToneWinner desktop speakers through 2021-08-09 allow remote attackers to recover speech signals from the power-indicator LED via a telescope and an electro-optical sensor, aka a "Glowworm" attack...
CVE-2021-38365
Winner aka ToneWinner desktop speakers through 2021-08-09 allow remote attackers to recover speech signals from the power-indicator LED via a telescope and an electro-optical sensor, aka a "Glowworm" attack...
CVE-2021-38365
The connected documents identify CVE-2021-38365 as affecting ToneWinner (Winner) desktop speakers. The vulnerability allows a remote attacker to recover speech signals from the power-indicator LED using a telescope and an electro-optical sensor, a classically described Glowworm attack. The descri...
‘Glowworm’ Attack Turns Light Flickers into Audio
Virtual meetings are vulnerable to a new, exotic attack called Glowworm, which measures an audio output device’s LED power light changes and converts them to audio reproductions — allowing cyberattackers to listen to sensitive conversations. As an increasing amount of business is being conducted...