Kaseya decryption key leakedĬloud-based IT management company Kaseya was the victim of a ransomware attack last month, but after its attackers vanished, the decryption key turned up online. “It could be used by some intelligence agency, but it has a number of limitations that prevent it from becoming a worthy attack vector.” For more on this story, see Ars Technica. “Fortunately, even though the attack works, for once this is something we mere mortals do not need to be concerned about,” Avast Security Evangelist Luis Corrons reassured us. That signal was then run through an Analog/Digital Converter (ADC) and played back as sound. To play out the Glowworm attack, a photodiode was used to convert the perceived electrical current into an electrical signal.
After testing a wide array of consumer devices including smart speakers, simple PC speakers, and USB hubs, the team concluded that the power indicator LEDs on the devices were generally influenced by the audio signals coming through the unit’s speakers. Researchers at Ben-Gurion University of the Negev published a paper this week in which they outline how a passive form of the TEMPEST attack, called Glowworm, can reconstruct the sound passing through a computer’s speakers by analyzing the minute and nuanced fluctuations of that computer’s power indicator LED light.
