Remote Audio Recovery Vulnerability in Sony SRS-XB33 and SRS-XB43 Audio Devices
CVE-2021-38544

5.9MEDIUM

Key Information:

Vendor: Sony
Status: Srs-xb33 Firmware
Vendor: CVE Published:; 11 August 2021

What is CVE-2021-38544?

Sony SRS-XB33 and SRS-XB43 speakers are susceptible to a remote attack that exploits their power indicator LEDs. By utilizing a telescope and an electro-optical sensor, attackers can recover audio signals emitted by the devices. The LEDs' brightness correlates with the power consumption of the speakers, which changes in response to the audio being played. This unique interaction allows attackers to infer and reconstruct sound data, leading to potential information leakage.

References

https://www.nassiben.com/glowworm-attack

x_refsource_MISC

CVSS V3.1

Score:

5.9

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 11, 2021
Vulnerability Reserved
Aug 11, 2021