Researchers from MIT have discovered the dark side of light sensors in smartphones, which could help hackers track a user's movements.
Researchers say your phone's ambient light sensor could be used to spy on you, without turning on the camera at all.
These small sensors adjust the brightness of your screen based on the ambient light. But unlike cameras, apps don't need your permission to access them.
As MIT researchers discovered, this seemingly innocent feature has a dark side, as hackers can exploit these sensors to reconstruct images of what's happening right in front of your screen.
Researchers at the Computer Science and Artificial Intelligence Laboratory (CSAIL) at the Massachusetts Institute of Technology (MIT) discovered that this sensor can also take pictures of your hand gestures and reveal your privacy.
To get a better understanding, imagine this situation: You are browsing a website, completely unaware that every swipe you make is captured, not by the camera, but by the light sensor. Or you are watching a movie with a friend, and you casually place your hand near the screen, it is possible that a hacker is collecting your interactions from afar.
The researchers published a paper in the journal Science Advances earlier this month, proposing a computational imaging algorithm that can restore an image of the environment from the perspective of a display screen using subtle changes in light intensity detected by the sensor.
The MIT team, led by Yang Liu, developed an algorithm that analyzes minute changes in light intensity captured by the sensor when objects touch the screen.
The algorithm reconstructs pixelated images by stitching these fluctuations together, and detecting gestures such as swiping and swiping.
“Many believe that these sensors should always be on,” says lead author Yang Liu, from the Department of Electrical Engineering and Computer Science (EECS) and a PhD candidate in the Computer Science and Artificial Intelligence Laboratory.
The team showed how hackers can use this algorithm to spy on hand gestures, such as swiping or swiping, and infer how you interact with your phone while watching videos.
For example, apps that have access to your screen, such as video players and web browsers, can use this technology to collect your data without permission.
How researchers tested this imaging privacy threat
The researchers applied the scrolling process to three demonstrations using an Android tablet.
In the first test, they placed a doll in front of the device while different hands touched the screen. A human hand pointed at the screen, and then, a piece of cardboard touched the screen. The MIT team revealed physical interactions with the screen in real time based on the light sensor.
In a second test, they showed that hackers could gradually capture how users scrolled, swiped, tapped, etc. through a stronger light sensor that enabled them to follow movements at a rate of one frame every 3.3 minutes.
With a faster ambient light sensor, malicious actors can spy on a user's real-time interactions with their device.
A third test found that users are also at risk when watching video clips such as movies and short clips. A human hand hovered in front of the sensor while scenes from the movie Tom and Jerry were displayed on the screen, with a white panel behind the user reflecting light onto the device. However, the ambient light sensor captured subtle changes in intensity for each video frame, with the resulting images visible to touch gestures.
"This work turns the ambient light sensor and your device's screen into a camera," said Professor Felix Hyde from Princeton University, highlighting the widespread prevalence of this vulnerability and its malicious nature.
He further asserts: “As such, the researchers highlight a privacy threat affecting a comprehensive class of devices that has been overlooked until now.”
While phone cameras have raised privacy concerns for years, the ambient light sensor presents a unique challenge. Not only does it bypass permissions checks, its passive nature makes it virtually undetectable. It is possible to inadvertently broadcast your actions to an intruder even with the camera covered.
The researchers suggest two critical countermeasures:
- Detailed app permissions: Users should have clear control over which apps can access the ambient light sensor, enabling them to decide who can peek into their digital lives.
Downgrading the sensor: Limiting the accuracy and speed of the sensor reduces the information it collects, making it difficult for hackers to collect meaningful data.
Specifications of the SCALP missiles, of which Macron intends to send a new batch to Ukraine
French President Emmanuel Macron announced that the West cannot allow Russia to win the Ukrainian conflict, so France will deliver to Ukraine a new batch of hyper-precision SCALP missiles.
Following Macron's announcement, French media reported, citing a military source, that SCALP missiles had arrived in Ukraine.
It is noteworthy that the SCALP-EG is a joint British-French design, started in 1994, and it is known by the English name Storm Shadow. The missile weighs 450 kg and carries two charges, the first of which explodes before the missile penetrates armor, concrete, or a thick layer of earth. The second charge can explode later, and is intended to hit a target hidden behind a fortified barrier.
Ask what happened to the French SCALP missiles in Syria!
SCALP-EG belongs to the “shoot and forget” class of missiles, meaning that its flight to the target does not have to be tracked because it is self-guided. The missile is installed on the plane and is equipped with high-resolution infrared cameras that can identify the target.
The official exportable version of the missile has an operating range of 250 km/h, and a speed of 1,163 km/h. However, former French President François Hollande had previously announced that the operating range of French and British missiles could reach 400 kilometers. The combat head of the missile weighs 450 kg, and the cost of one such missile is 850,000 euros.
It is noteworthy that the production facility of the British-French company MBDA, which manufactures SCALP-EG missiles, is located in France.
SCALP-EG missiles were used in Libya in 2011, in Iraq in 2015, and in Syria in 2018.
These missiles are in the arsenal of France, Britain, Saudi Arabia, Italy and Greece.
As for the British Storm Shadow missiles, they are used by the Ukrainian army to direct strikes on Russian territory.
Gud
ReplyDeleteInformative
ReplyDelete