Researchers have determined that some light bulbs are suitable for covert data exfiltration from personal devices, and can leak multimedia preferences by recording their luminance patterns from afar. The adversary does not need to attack the internal network of the victim to extract the information. They only need a direct connection between the target device and the lights, and line-of-sight with bulbs during the exfiltration process>
[...] Anindya Maiti and Murtuza Jadliwala from the University of Texas at San Antonio studied how LIFX and Philips Hue bulbs receive their commands for playing visualizations into a room and developed a model to interpret brightness and color modulations occurring when listening to music or watching a video.
During audio-visualization, the brightness level reflects the source sound, while in the case of video visualizations, the modifications reflect the dominant color and brightness level in the current video frame. The associated mobile app controls the oscillations by sending specially formatted packets to the light bulbs. The model created by the two researchers requires the adversary to create a database of light patterns, like a dictionary for songs and videos, they can use as a reference for the profile captured from the target. Extracting information from a personal device is possible under certain conditions. The simple observation of the light pattern is not sufficient in this case.
Light bulbs need to support infrared lighting and should not require authorization for controlling them over the local network. Moreover, the adversary needs to plant malware that encodes private data from the target device and sends it to the smart light bulbs.
The researchers used two observation points to capture the data: indoor and outdoor. Predictable enough, indoor observation recorded the most accurate results and longer exposure yielded a better outcome.
From a sample set of 100, "51 songs were correctly predicted in the top rank, while genres of 82 songs were correct in the same prediction," the researchers reveal about audio inference results.
Data exfiltration was possible through transmission techniques like such as amplitude and/or wavelength shift keying, using both the visible and the infrared spectrum of the smart bulbs (LIFX) were used.
[...] Defending against these attack methods is just a matter of making the light less visible to the outside. A curtain can do the trick. Choosing window glass that has low transmittance is also an adequate defense.
For additional technical details you can check the original paper titled "Light Ears: Information Leakage via Smart Lights," available here.
Anonymous Coward on Thursday August 30, @12:05AM
There appear to be a legion of university researchers with an inordinate interest in viewing the data on our computers. Don't these guys know you can download porn for free... why bother breaking into our computers for it?
Anonymous Coward on Thursday August 30, @12:16AM
When the same old porn gets stale, you have to raise the stakes to live voyeurism.
Snotnose on Thursday August 30, @12:17AM
They don't know the amatuer cam girls from the net. It's extra exciting if you can watch some chick do her naked thing on a webcam, and you can watch her do it live and she might sign up for your class.
Snotnose on Thursday August 30, @12:13AM
I'm not only calling horse hockey, I'm pretty sure I saw it come out of the horse's ass and splatter on the ground.
There is no link. My house has lots of conflicting light sources (windows, TV, laptop, dozens of fucking LEDs that blink all day and all night long (most have either black tape over them, or a DVD box covering them).
Not to mention, I assume they're getting the results via the electrical grid. You thought the light in my house was noisy? Check out the electrical environment. Air kicks in, kick your data transmission to the curb. Fridge? same. Neighbor's air? Same. Oh, there's a transformer between thee and me? Your bits just got turned into heat.
I have yet to hear of a reliable data tube via anyone's electricity on the grid. Yeah, you can make it work in your home, but soon as you hit a transformer all bets are off.
