CVE-2021-38547 in Z120 (Glowworm)
Summary
by MITRE • 08/12/2021
Logitech Z120 and S120 speakers through 2021-08-09 allow remote attackers to recover speech signals from an LED on the device, via a telescope and an electro-optical sensor, aka a "Glowworm" attack. The power indicator LED of the speakers is connected directly to the power line, as a result, the intensity of a device's power indicator LED is correlative to the power consumption. The sound played by the speakers affects their power consumption and as a result is also correlative to the light intensity of the LEDs. By analyzing measurements obtained from an electro-optical sensor directed at the power indicator LEDs of the speakers, we can recover the sound played by them.
Be aware that VulDB is the high quality source for vulnerability data.
Analysis
by VulDB Data Team • 08/16/2021
The vulnerability described in CVE-2021-38547 represents a sophisticated side-channel attack leveraging the physical characteristics of consumer audio devices. This flaw affects Logitech Z120 and S120 speakers up to a specific firmware revision date, demonstrating how seemingly innocuous hardware components can become security vectors. The attack exploits the direct electrical connection between the power indicator LED and the device's power line, creating a covert communication channel that bypasses traditional network security measures. This type of vulnerability falls under the category of electromagnetic side-channel attacks and aligns with CWE-310, which addresses cryptographic weaknesses in security protocols. The attack methodology involves sophisticated optical recovery techniques that transform light intensity variations into audible signals, representing a novel approach to information disclosure.
The technical exploitation mechanism relies on the fundamental relationship between power consumption and LED brightness within these audio devices. When audio signals are processed by the speakers, they generate varying power demands that directly influence the intensity of the power indicator LED. This correlation creates a temporal mapping between the audio content and the light output, which can be captured and analyzed using electro-optical sensors. The attack requires specialized equipment including telescopic optical systems and sensitive light sensors, but the accessibility of such components makes this threat more realistic than initially apparent. The vulnerability demonstrates how the physical design of devices can create unintended information leakage pathways, particularly when power management components are not properly isolated from security-sensitive operations.
The operational impact of this vulnerability extends beyond simple privacy concerns to encompass potential data exfiltration and surveillance capabilities. Attackers can recover speech signals from considerable distances, potentially enabling eavesdropping on conversations in adjacent rooms or areas where the speakers are located. This represents a significant escalation from typical audio security threats, as it transforms passive listening devices into active surveillance mechanisms without requiring network access or traditional attack vectors. The attack's effectiveness demonstrates how modern consumer electronics often lack adequate physical security measures, particularly regarding electromagnetic emissions and optical side channels. Organizations and individuals using these devices face risks of unauthorized monitoring, particularly in sensitive environments where confidentiality is paramount.
Mitigation strategies for this vulnerability require both hardware and software approaches. Device manufacturers should implement proper isolation techniques between power indicator LEDs and sensitive electrical components, ensuring that LED behavior does not correlate with operational signals. The implementation of noise injection or randomization techniques in power consumption patterns can prevent the correlation necessary for signal recovery. Network administrators should consider physical security measures including optical shielding or placement of devices away from sensitive areas. This vulnerability highlights the importance of considering physical security in device design and aligns with ATT&CK framework techniques related to reconnaissance and credential access through physical means. Regular firmware updates and security audits should be implemented to identify and address similar side-channel vulnerabilities in audio and other consumer electronics. The attack also underscores the necessity of security-by-design principles and the integration of physical security considerations into product development lifecycle processes.