Ben Nassi

**Name of the Vulnerable Software and Affected Versions** MIRACASE MHUB500 USB splitters through 2021-08-09 **Description** The issue allows remote attackers to recover speech signals from an LED on the device via a telescope and an electro-optical sensor, also known as a "Glowworm" attack. This occurs when the device supplies power to audio-output equipment. The power indicator LED's intensity is correlative to the device's power consumption, which is affected by the sound played by connected speakers. By analyzing measurements from an electro-optical sensor directed at the power indicator LED, it is possible to recover the sound played by the connected speakers. **Recommendations** For MIRACASE MHUB500 USB splitters through 2021-08-09, consider disabling the power indicator LED or restricting the use of the USB splitter to minimize the risk of exploitation until a fix is available. Avoid using the USB splitter to supply power to audio-output equipment that may handle sensitive information. As a temporary workaround, use an alternative power source for audio-output equipment to prevent the correlation between power consumption and sound output. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** TP-Link UE330 USB splitter devices through 2021-08-09 **Description** The issue allows remote attackers to recover speech signals from an LED on the device, via a telescope and an electro-optical sensor, also known as a "Glowworm" attack. This occurs when the device supplies power to audio-output equipment, such as speakers. The power indicator LED of the USB splitter is connected directly to the power line, and its intensity is correlative to the device's power consumption. The sound played by the connected speakers affects the USB splitter's power consumption, which in turn affects the light intensity of the LED. By analyzing measurements from an electro-optical sensor directed at the power indicator LED, it is possible to recover the sound played by the connected speakers. **Recommendations** For TP-Link UE330 USB splitter devices through 2021-08-09, consider disabling the power indicator LED or restricting access to the device to minimize the risk of exploitation, until a fix is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Sony SRS-XB33 and SRS-XB43 devices through 2021-08-09 **Description** The issue allows remote attackers to recover speech signals from an LED on the device, via a telescope and an electro-optical sensor, also known as a "Glowworm" attack. The power indicator LED of the speakers is connected directly to the power line, resulting in the intensity of the device's power indicator LED being correlative to the power consumption. The sound played by the speakers affects their power consumption and is also correlative to the light intensity of the LEDs. By analyzing measurements obtained from an electro-optical sensor directed at the power indicator LEDs of the speakers, it is possible to recover the sound played by them. **Recommendations** For Sony SRS-XB33 and SRS-XB43 devices through 2021-08-09, consider disabling the power indicator LED to minimize the risk of exploitation, as it is directly connected to the power line and its intensity is correlative to the power consumption. Restrict access to the device's power indicator LED to prevent remote attackers from using an electro-optical sensor to recover speech signals. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Raspberry Pi 3 B+ and 4 B devices through 2021-08-09 **Description** The issue allows remote attackers to recover speech signals from an LED on the device, via a telescope and an electro-optical sensor, in certain specific use cases where the device supplies power to audio-output equipment. The power indicator LED of the Raspberry Pi is connected directly to the power line, and its intensity is correlative to the power consumption. The sound played by the speakers affects the Raspberry Pi's power consumption and is also correlative to the light intensity of the LED. By analyzing measurements obtained from an electro-optical sensor directed at the power indicator LED of the Raspberry Pi, it is possible to recover the sound played by the speakers. **Recommendations** For Raspberry Pi 3 B+ and 4 B devices through 2021-08-09, consider restricting the use of the power indicator LED or taking measures to prevent the correlation between power consumption and LED intensity, such as using a separate power supply for audio-output equipment, until a fix is available. As a temporary workaround, consider disabling the power supply to audio-output equipment when not in use to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** CREATIVE Pebble devices through 2021-08-09 **Description** The issue allows remote attackers to recover speech signals from an LED on the device via a telescope and an electro-optical sensor, known as a "Glowworm" attack. This is possible because the power indicator LED of the speakers is connected directly to the power line, making the intensity of the device's power indicator LED correlative to the power consumption. The sound played by the speakers affects their power consumption, which is also correlative to the light intensity of the LEDs. By analyzing measurements from an electro-optical sensor directed at the power indicator LEDs, it is possible to recover the sound played by the speakers. **Recommendations** For CREATIVE Pebble devices through 2021-08-09, consider disabling the power indicator LED to minimize the risk of exploitation until a patch is available. Restrict access to the device to prevent potential attackers from using a telescope and an electro-optical sensor to capture the LED signals. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Logitech Z120 and S120 speakers through 2021-08-09 **Description** The issue allows remote attackers to recover speech signals from an LED on the device, via a telescope and an electro-optical sensor, also known as a "Glowworm" attack. The power indicator LED of the speakers is connected directly to the power line, and its intensity is correlative to the power consumption. The sound played by the speakers affects their power consumption, which is also correlative to the light intensity of the LEDs. By analyzing measurements obtained from an electro-optical sensor directed at the power indicator LEDs of the speakers, it is possible to recover the sound played by them. **Recommendations** For Logitech Z120 and S120 speakers through 2021-08-09, consider disabling the power indicator LED to minimize the risk of exploitation until a fix is available. Restrict access to the area where the speakers are used to prevent potential attackers from using a telescope and an electro-optical sensor. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** JBL Go 2 devices through 2021-08-09 **Description** The issue allows remote attackers to recover speech signals from an LED on the device via a telescope and an electro-optical sensor, also known as a "Glowworm" attack. This is possible because the power indicator LED of the speakers is connected directly to the power line, making the intensity of the device's power indicator LED correlative to the power consumption. The sound played by the speakers affects their power consumption, which is also correlative to the light intensity of the LEDs. By analyzing measurements obtained from an electro-optical sensor directed at the power indicator LEDs of the speakers, it is possible to recover the sound played by them. **Recommendations** For JBL Go 2 devices through 2021-08-09, consider disabling the power indicator LED to minimize the risk of exploitation until a fix is available. Restrict access to the device's power line to prevent unauthorized measurement of power consumption. Avoid using the device in environments where it can be easily monitored with a telescope and an electro-optical sensor. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Winner (aka ToneWinner) desktop speakers through 2021-08-09 **Description** The issue allows remote attackers to recover speech signals from the power-indicator LED via a telescope and an electro-optical sensor, also known as a "Glowworm" attack. This attack exploits the power-indicator LED to potentially capture sensitive information. **Recommendations** For Winner (aka ToneWinner) desktop speakers through 2021-08-09, consider disabling the power-indicator LED as a temporary workaround to minimize the risk of exploitation. Restrict access to the area where the speakers are used to prevent potential attackers from using a telescope and an electro-optical sensor. At the moment, there is no information about a newer version that contains a fix for this vulnerability.