LightThief: Your Optical Communication Information is Stolen behind the Wall.

Optical Wireless Communication (OWC) is a viable and promising alternative to traditional Radio Frequency (RF) based communication links. Especially for the security issue, since light does not penetrate through opaque objects, OWC is considered gaining certain intrinsic security benefits. The only related work eavesdrops on OWC by detecting the electromagnetic signal leaking from an open-source research platform for OWC. However, electromagnetic compatibility (EMC) regulations require Commercial Off-The-Shelf (COTS) OWC products to minimize electromagnetic leakage, securing OWC from the previous eavesdropping. In this paper, we propose a new class of eavesdropping, LightThief , that can directly convert optical signals into RF signals without complicated baseband processing circuits and power consumption, making it lightweight, unlimited lasting, and easy to disguise. Specifically, LightThief is constructed by coupling a photodiode (PD) to an antenna. Since OWC adopts intensity modulation to transmit data, light intensity change can modify the PD impedance, causing the antenna to reflect different amounts of RF signals to enable data breaches. The attacker outside the room can then detect and decode the RF signals without resistance by EMC regulations. We demonstrate the effectiveness of our attack on a COTS OWC product, which shows successful eavesdropping through physical barriers such as walls. We also discuss potential defense strategies to secure OWC systems from LightThief .