CVE-2021-38546
 
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
-Decision
Descriptions
CREATIVE Pebble devices through 2021-08-09 allow remote attackers to recover speech signals from an LED on the device, via a telescope and an electro-optical sensor, aka a "Glowworm" attack. The power indicator LED of the speakers is connected directly to the power line, as a result, the intensity of a device's power indicator LED is correlative to the power consumption. The sound played by the speakers affects their power consumption and as a result is also correlative to the light intensity of the LEDs. By analyzing measurements obtained from an electro-optical sensor directed at the power indicator LEDs of the speakers, we can recover the sound played by them.
Los dispositivos CREATIVE Pebble hasta 09-08-2021, permiten a atacantes remotos recuperar las señales de voz de un LED del dispositivo, por medio de un telescopio y un sensor electro-óptico, también se conoce como un ataque "Glowworm". El LED indicador de potencia de los altavoces está conectado directamente a la línea de alimentación, por lo que la intensidad del LED indicador de potencia de un dispositivo es correlativa al consumo de energía. El sonido reproducido por los altavoces afecta a su consumo de energía y, en consecuencia, también es correlativo a la intensidad luminosa de los LED. Al analizar las medidas obtenidas por un sensor electro-óptico dirigido a los LEDs indicadores de potencia de los altavoces, podemos recuperar el sonido reproducido por los mismos
CVSS Scores
SSVC
- Decision:-
Timeline
- 2021-08-11 CVE Reserved
- 2021-08-11 CVE Published
- 2024-08-04 CVE Updated
- 2024-08-04 First Exploit
- 2024-08-14 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
CAPEC
References (1)
URL | Tag | Source |
---|
URL | Date | SRC |
---|---|---|
https://www.nassiben.com/glowworm-attack | 2024-08-04 |
URL | Date | SRC |
---|
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Creative Search vendor "Creative" | Pebble V3 Firmware Search vendor "Creative" for product "Pebble V3 Firmware" | <= 2021-08-09 Search vendor "Creative" for product "Pebble V3 Firmware" and version " <= 2021-08-09" | - |
Affected
| in | Creative Search vendor "Creative" | Pebble V3 Search vendor "Creative" for product "Pebble V3" | - | - |
Safe
|
Creative Search vendor "Creative" | Pebble V2 Firmware Search vendor "Creative" for product "Pebble V2 Firmware" | <= 2021-08-09 Search vendor "Creative" for product "Pebble V2 Firmware" and version " <= 2021-08-09" | - |
Affected
| in | Creative Search vendor "Creative" | Pebble V2 Search vendor "Creative" for product "Pebble V2" | - | - |
Safe
|
Creative Search vendor "Creative" | Pebble Firmware Search vendor "Creative" for product "Pebble Firmware" | <= 2021-08-09 Search vendor "Creative" for product "Pebble Firmware" and version " <= 2021-08-09" | - |
Affected
| in | Creative Search vendor "Creative" | Pebble Search vendor "Creative" for product "Pebble" | - | - |
Safe
|
Creative Search vendor "Creative" | Pebble Plus Firmware Search vendor "Creative" for product "Pebble Plus Firmware" | <= 2021-08-09 Search vendor "Creative" for product "Pebble Plus Firmware" and version " <= 2021-08-09" | - |
Affected
| in | Creative Search vendor "Creative" | Pebble Plus Search vendor "Creative" for product "Pebble Plus" | - | - |
Safe
|