SoylentNews is people
SoylentNews
Researchers have determined that some light bulbs are suitable for covert data exfiltration from personal devices, and can leak multimedia preferences by recording their luminance patterns from afar. The adversary does not need to attack the internal network of the victim to extract the information. They only need a direct connection between the target device and the lights, and line-of-sight with bulbs during the exfiltration process>
[...] Anindya Maiti and Murtuza Jadliwala from the University of Texas at San Antonio studied how LIFX and Philips Hue bulbs receive their commands for playing visualizations into a room and developed a model to interpret brightness and color modulations occurring when listening to music or watching a video.
During audio-visualization, the brightness level reflects the source sound, while in the case of video visualizations, the modifications reflect the dominant color and brightness level in the current video frame. The associated mobile app controls the oscillations by sending specially formatted packets to the light bulbs. The model created by the two researchers requires the adversary to create a database of light patterns, like a dictionary for songs and videos, they can use as a reference for the profile captured from the target. Extracting information from a personal device is possible under certain conditions. The simple observation of the light pattern is not sufficient in this case.
Light bulbs need to support infrared lighting and should not require authorization for controlling them over the local network. Moreover, the adversary needs to plant malware that encodes private data from the target device and sends it to the smart light bulbs.
The researchers used two observation points to capture the data: indoor and outdoor. Predictable enough, indoor observation recorded the most accurate results and longer exposure yielded a better outcome.
From a sample set of 100, "51 songs were correctly predicted in the top rank, while genres of 82 songs were correct in the same prediction," the researchers reveal about audio inference results.
Data exfiltration was possible through transmission techniques like such as amplitude and/or wavelength shift keying, using both the visible and the infrared spectrum of the smart bulbs (LIFX) were used.
[...] Defending against these attack methods is just a matter of making the light less visible to the outside. A curtain can do the trick. Choosing window glass that has low transmittance is also an adequate defense.
For additional technical details you can check the original paper titled "Light Ears: Information Leakage via Smart Lights," available here.
(Score: 3, Funny) by jmorris on Thursday August 30 2018, @12:27AM (1 child)
Yup, if you have a bright light throbbing to the beat of your music, somebody might be able to guess what you are listening to. Assuming that can't just point a microphone at you (or use one of those lasers that bounce off of a window and recover audio) and just listen to the music. Never would have guessed such a thing was possible! And turning the light signals into audio fingerprints and matching it to a database, cutting edge stuff these guys are doing, yo! Better hand these people a huge sack of additional grant money.
And better still, a device with little to no security and capable of being seen from miles away (under optimal conditions) can be used to transmit information if you can implant a device on the target network close enough to control the light. Astounding! What will they come up with next!
(Score: 2) by Osamabobama on Thursday August 30 2018, @05:38PM
I bet the BBC will use this to check for unlicensed televisions soon.
Appended to the end of comments you post. Max: 120 chars.