Microphones Leak EM Signals Carrying Audio: A 93%-Accurate Side-Channel Attack on MEMS Mics

Executive Summary

Almost every voice-bearing device in 2026 — phones, laptops, smart speakers, video-conferencing endpoints, hearing aids — uses a MEMS microphone that pushes its sampled audio out as a Pulse Density Modulation (PDM) bitstream toward a host SoC. Onishi et al. show, in “Sound of Interference” (USENIX Security 2025), that the PDM clock and data lines radiate enough unintended electromagnetic energy that an attacker with a passive antenna can recover the original audio. The kicker is the hardware: the authors’ antenna is built from ordinary copper-foil tape, and the demonstrated effective range is 2 m through a 25 cm concrete wall. Inside that setup they hit 93% speaker-recognition accuracy — a TEMPEST-class result on consumer-grade microphones.

The Substack pointer by Denis Laskov is short on purpose: the substantive write-up is the USENIX paper itself. The reason it’s worth amplifying is that “side-channel audio recovery without acoustic access” has historically required CRT-era leakage (TEMPEST), laser microphones bouncing off windows, or expensive RF lab gear. Onishi et al.’s contribution is to show the same outcome with hobbyist-budget hardware against the digital interface that every modern microphone uses — which means the threat model is no longer “state actor with a van outside.” It is “anyone with a $20 SDR, foil tape, and the next room.”

What “Sound of Interference” actually does

The MEMS-microphone wire interface (PDM) doesn’t carry analog audio. It carries a 1-bit, very-high-rate stream whose density of ones encodes the instantaneous amplitude. That bitstream is then digitally filtered down to PCM by the host SoC. From an EM perspective, PDM is broadband — the transitions on the clock and data lines have sharp edges and radiate at frequencies far above the actual audio. The original audio waveform is, in the strict information-theoretic sense, “still in there” in the time-domain density of the radiated bitstream.

Onishi et al. exploit exactly that. A passive antenna (the paper uses copper foil tape near or behind a wall) picks up the radiated PDM transitions; a software-defined radio captures the broadband emission; a signal-processing pipeline reconstructs the underlying density envelope; and a final classifier turns the recovered audio into speaker identity or, at higher SNR, intelligible content. The number that made the rounds is the 93%-accurate speaker-recognition figure at 2 m through 25 cm of concrete.

Why this is structurally hard to fix

Three properties of PDM make this difficult to mitigate at the design level:

• PDM is broadband by design. The signal’s value to the host SoC is the high-rate transition density. You cannot slow it down without losing audio bandwidth or signal-to-noise ratio.
• The wires are inside consumer products. Shielding a microphone-to-SoC trace inside a phone is not free — cost, weight, and antenna routing make full EM containment a real engineering trade-off.
• Replacement by analog or I²S doesn’t obviously help. Analog mic lines are even more vulnerable to inductive eavesdropping at close range; I²S still carries the audio as edge-rate transitions, just at a lower clock rate.

The realistic mitigations are physical: better shielding around the microphone module and its trace, careful PCB routing that minimises antenna-like geometries, and (in high-assurance environments) Faraday-cage enclosures or active EM jamming. None of those are free, and none of them retrofit cleanly into a fleet of consumer devices already in users’ hands.

Threat-model footprint

The result moves several previously-academic attack patterns into the practical column:

• Office adversary in the next room. 2 m through a 25 cm concrete wall covers a substantial fraction of real office partitions.
• Hotel and conference-room collection. Any high-value meeting whose participants brought devices with MEMS microphones (i.e., all of them) is now a potential collection target through an adjacent room.
• Standoff collection against video-conferencing endpoints in SCIF-adjacent or visitor-access spaces.
• Hearing-aid intercept — modern hearing aids use MEMS mics with PDM, and they sit on a person all day.

The cup-to-the-wall acoustic technique that has been around for a century gets you maybe 30–50% intelligibility through a thin wall. This is a different class of attack: it doesn’t rely on acoustic transmission at all, so heavier walls don’t help proportionally, and white-noise generators — the traditional acoustic-eavesdropping countermeasure — are useless because the leaked channel isn’t acoustic.

Key Takeaways

• MEMS microphones radiate. Their PDM digital interface is broadband and edge-rate-rich; a passive antenna can capture the leakage.
• 93% speaker-recognition accuracy was demonstrated by Onishi et al. at 2 m through 25 cm of concrete using a copper-foil-tape antenna.
• White-noise countermeasures don’t help. The leaked channel is electromagnetic, not acoustic.
• PDM cannot be slowed down without sacrificing audio fidelity. The fix has to be physical (shielding, routing, Faraday containment).
• Threat model shifts. Standoff audio collection from an adjacent room is no longer a state-actor capability; it is approachable with hobbyist budgets.
• Compare with prior baselines: a cup against a wall gets you ~30–50% intelligibility; this attack gets near-perfect speaker recognition through a thicker wall.

Defensive Recommendations

• For sensitive meeting spaces, treat MEMS-microphone leakage the same way you treat HDMI or USB TEMPEST: assume devices brought into the room are radiating audio, and use Faraday-shielded enclosures or dedicated SCIF construction where the threat warrants it.
• RF spectrum monitoring on the perimeter of sensitive rooms is cheap relative to the cost of compromise. The radiated PDM signature is in a defined band per the paper — that’s a detection opportunity.
• For device manufacturers, prioritise EM shielding of the MEMS-to-SoC trace; minimise antenna-like geometries; and consider differential-pair routing where the design budget allows.
• For high-assurance handsets and conference endpoints, evaluate active EM countermeasures (broadband jamming inside an enclosure) for the time windows when sensitive audio is captured.
• For policy teams, update your physical-security training so that “a thick wall and no line of sight” is no longer treated as adequate against audio collection.
• For researchers, the paper’s SDR pipeline and antenna geometry should be reproducible — replication studies and follow-on work measuring real-world consumer device emissions are likely high-impact.
• For procurement, ask MEMS-mic vendors what shielding posture their reference designs assume, and what their measured radiated-emissions floor is at PDM clock harmonics.

Conclusion

“Sound of Interference” is the latest in a long line of works showing that “air-gapped” and “not listening to me” are softer guarantees than we want them to be: the digital interface that every modern microphone uses radiates the audio it carries, and the cost of capturing that radiation has fallen to where a hobbyist with copper foil and a software-defined radio can do it through a concrete wall. The Substack post by Denis Laskov is worth following for the regular tip-offs into the academic side-channel literature; the underlying USENIX paper is worth reading in full if you build, certify, or threat-model devices that carry sensitive audio.

This article is an independent English-language rewrite of “Microphones leak EM signals carrying audio” by Denis Laskov, originally published in the Eye on Cyber Substack newsletter on May 24, 2026, surfacing the underlying academic paper «Sound of Interference: Electromagnetic Eavesdropping Attack on Digital Microphones Using Pulse Density Modulation» by Onishi et al. (USENIX Security 2025). Please cite Onishi et al. for the technical research and Eye on Cyber for surfacing it.