Security Researchers Turn Fibre Optic Broadband Lines into Spying Microphones
A team of security researchers from Hong Kong have demonstrated a covert way of turning standard fibre optic broadband cables, such as those used to connect homes (FTTP), into passive and undetectable microphones, which can be used to eavesdrop on conversations people may be having inside a property (house, office etc.).
Firstly, it’s important to remember that the idea of using optical fibre cables, which transmit data using pulses of laser light, to detect and monitor nearby events is nothing new. Scientists have already found ways of turning such cables into Earthquake and Tsunami monitors (here and here), which work by detecting changes in the polarization of light as it moves through the cable.
More recently we’ve also seen these fibre sensing technologies being improved and adapted to detect other things, such as cases of sabotage against vital subsea cables (here), while Openreach are separately helping to trial an approach for helping to locate water and gas leaks (here). So far, so positive.
Advertisement
The catch is that this same sort of technology could also potentially be used for more worrying purposes, which has just been demonstrated at the Network and Distributed System Security (NDSS) Symposium 2026 in San Diego, California – under the title: “Hiding an Ear in Plain Sight: On the Practicality and Implications of Acoustic Eavesdropping with Telecom Fiber Optic Cables” (here).
Summary of the Research Paper
Optical fibers are widely regarded as reliable communication channels due to their resistance to external interference and low signal loss.
This paper demonstrates a critical side channel within telecommunication optical fiber that allows for acoustic eavesdropping. By exploiting the sensitivity of optical fibers to acoustic vibrations, attackers can remotely monitor sound-induced deformations in the fiber structure and further recover information from the original sound waves.
This issue becomes particularly concerning with the proliferation of Fiber-to-the-Home (FTTH) installations in modern buildings. Attackers with access to one end of an optical fiber can use commercially available Distributed Acoustic Sensing (DAS) systems to tap into the private environment surrounding the other end. However, because the optical fiber alone is not sensitive enough to airborne sound, we introduce a “Sensory Receptor” that improves acoustic capture.
Our results demonstrate the ability to recover critical information, such as human activities, indoor localization, and conversation contents, raising important privacy concerns for fiber-optic communication networks.
Now before everybody jumps into panic mode, it’s worth noting that the Internet Protocol (IP) based data connectivity that normally runs over such cables is already something that can be much more problematic than this for your average home broadband connection (e.g. hackers taking control of your router/network/computer or Amazon’s Alexa listening in on your conversations).
In fact, it would probably be a lot easier for hackers to snoop on you digitally via the internet than to try and directly convert the physical optical fibre cable that connects your home into an acoustic vibration sensing Microphone. In addition, the method demonstrated can currently only recover 80% of speech at a source-to-receptor distance of 2 metres, which is rather limiting but may be improved.
The team were also able to use this method to identify a person’s location, with a strong degree of accuracy, within a building. On top of that they could also identify other activities, such as typing, coughing or alarms etc.
Advertisement
Depending on the setup, the attacker themselves could be as much as 50 metres away, while requiring no line of sight to the victim’s environment, and the method is also resistant to commercial ultrasonic jammers. But the commercial kit required to make all this work is highly specialised and very expensive, often costing many thousands of pounds. Deploying this method also risks breaking the cable.
In short, the team have demonstrated that it’s possible, which is a first step and today’s limitations may well be overcome in the future. But for now, an enterprising hacker can probably find many other ways to snoop on your activity by breaching your home network or device via the internet, and they could be half a world away while doing all that instead of just 50m.
Mark is a professional technology writer, IT consultant and computer engineer from Dorset (England), he also founded ISPreview in 1999 and enjoys analysing the latest telecoms and broadband developments. Find me on X (Twitter), Mastodon, Facebook, BlueSky, Threads.net and Linkedin.
« Lenders Take Control of Rural UK Full Fibre Broadband ISP Gigaclear UPDATE
Advertisement
Leave a Reply
Privacy Notice: Please note that news comments are anonymous, which means that we do NOT require you to enter any real personal details to post a message and display names can be almost anything you like (provided they do not contain offensive language or impersonate a real person's legal name). By clicking to submit a post you agree to storing your entries for comment content, display name, IP and email in our database, for as long as the post remains live.
Only the submitted name and comment will be displayed in public, while the rest will be kept private (we will never share this outside of ISPreview, regardless of whether the data is real or fake). This comment system uses submitted IP, email and website address data to spot abuse and spammers. All data is transferred via an encrypted (https secure) session.
If I’m not misunderstanding this still requires a ‘sensory receptor’ (i.e. a bug) to be installed in the victim’s premises. If so, doesn’t seem like much of a threat to households although I guess businesses might need to be on the look out for these kind of attacks in the not too distant future.
I’m not entirely sure they do. I could have sworn they were using fibre optic acoustic monitoring 20+ years ago to monitor major construction works near fibre optic cables
I worked for a company remotely involved in the industry at the time (copper and fibre optic maintenance), they were talking about 30+ km detection of fibre optic cable vibrations with a specially injected optical pattern monitored for backscatter
The passive receptor is a variant of this:
https://en.wikipedia.org/wiki/The_Thing_(listening_device)
Which is likely still more effective than a fibre optic alternative, although a fibre optic alternative is less expected and currently less likely to show up on electromagnetic security sweeps.
Of course the receptor (optical or electromagnetic) could be incorporated into the in-house ONT/fibresocket on initial install or anytime later (unobserved access to the property) and not be noticed
Other non-invasive and more effective optical eavesdropping is possible e.g. pointing a infrared laser at a window from a nearby building or vehicle and detecting vibrations bounced back. Standard inducstrial/scientific measuring equipment (laser doppler vibrometer) can be used for this kind of eavesdropping. This kind of eavesdropping is well known and why you see radios being placed near windows in spy films.
I’m told by an Openreach engineer that the Splitter [ODN] won’t be directly connected to the Customer promises [ONU] rather an intermediate multi tap is used to service groups of properties meaning that the Splitter has no direct access to sample the light, as described in this paper.
Obviously the physical security of the actual last few meters is critical and often overlooked, though not always..
I would not spread this information if I were you. Why feed the trolls and conspiracy theorists?