Slash Boxes

SoylentNews is people

posted by janrinok on Sunday February 04, @05:40PM   Printer-friendly
from the I-can-see-you-through-the-keyhole dept.

Apparently the bad guys can now use a device's ambient light sensor:

That tape over your webcam may not be enough. Researchers at the Massachusetts Institute of Technology (MIT) have highlighted imaging privacy threats enabled by ambient light sensors, in a paper recently published in Science Advances. Device users concerned with security and privacy may be comforted by hardware solutions (shutters) and software permissions restricting webcam use. However, researchers have shown visual information can be gathered via one of the common ambient light sensors installed in many devices. These small sensors usually aren’t shuttered or disabled by users and are typically permission-free on a device level.

Ambient light sensors are categorized as low-risk by device makers and can often be accessed directly by software (or malware) without any permissions or privileges. Nevertheless, previous studies have shown such a rudimentary sensor can provide enough information to infer keystrokes on a virtual keyboard and steal a device PIN, about 80% of the time. The new research shows what an ambient light sensor can do when combined with an active light source component – namely the device' screen.

For their experiments, the MIT researchers used a Samsung Galaxy View 2. This rather old and large (17.3-inch) consumer tablet has its ambient light sensor next to the front-facing (selfie) camera, which is still a very common configuration.

[...] The scientists explained that the ambient light sensor reads the light emitted by the screen shining on a person’s face and being partially blocked by the hand / screen interaction. A whole lot of complicated math, aided by AI and image processing technology, was used by the researchers to deliver their results.

Journal Reference: Imaging privacy threats from an ambient light sensor - Yang Liu, Gregory W. Wornell, William T. Freeman, and Frédo Durand -

Related: Now That Everyone's Using Zoom, Here Are Some Privacy Risks You Need to Watch Out For

Original Submission

Related Stories

Now That Everyone's Using Zoom, Here Are Some Privacy Risks You Need to Watch Out For 24 comments

Now that everyone's using Zoom, here are some privacy risks you need to watch out for:

Now that you've finished choosing your custom Zoom background, mercifully sparing your fellow workers-from-home the sight of a growing pile of gym socks behind your desk, you might think you've got a handle on the conference call software du jour. Unfortunately, there are a few other data security considerations to make if you want to hide your dirty laundry.

Privacy experts have previously expressed concerns about Zoom: In 2019, the video-conferencing software experienced both a webcam hacking scandal, and a bug that allowed snooping users to potentially join video meetings they hadn't been invited to. This month, the Electronic Frontier Foundation cautioned users working from home about the software's onboard privacy features.

[...]Here are some of the privacy vulnerabilities in Zoom that you should watch out for while working remotely.

[...] Tattle-Tale
Whether you're using Zoom's desktop client or mobile app, a meeting host can enable a built-in option which alerts them if any attendees go more than 30 seconds without Zoom being in focus on their screen.

This discussion was created by janrinok (52) for logged-in users only, but now has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 4, Informative) by Rosco P. Coltrane on Sunday February 04, @09:04PM (5 children)

    by Rosco P. Coltrane (4757) on Sunday February 04, @09:04PM (#1343032)

    Use electrical tape. No light goes through electrical tape.

    Also, when it's not a webcam but a cellphone front facing camera you're taping over, remember that the ambient light sensor is usually nearby. So if you tape it over with something opaque, your screen will go dim because the phone will think it's dark. In that case, it's better to use a bit of frosted tape and ease off on the paranoia a bit.

    • (Score: 3, Interesting) by Gaaark on Sunday February 04, @09:27PM

      by Gaaark (41) on Sunday February 04, @09:27PM (#1343035) Journal

      Yeah: i usually use good tape like electrical but also put something like a band-aid over the lens so it doesn't get tape goo over it.

      Band-aid + electrical tape=PGP, methinks.

      --- Please remind me if I haven't been civil to you: I'm channeling MDC. ---Gaaark 2.0 ---
    • (Score: 4, Insightful) by SomeGuy on Monday February 05, @02:52AM (3 children)

      by SomeGuy (5632) on Monday February 05, @02:52AM (#1343050)

      Keep in mind that microphones can reveal a f-ton of information. And you can't just cover up a mic. Even covering them in superglue won't completely block them. I'm not aware of any way to completely inhibit a built in mic without destroying or removing them.

      Most microphones don't even have any indicator they are on. One web cam I am familiar with lights up with blue LEDs (ouch! Yuck!) when it is capturing video. But open up an audio tool and only record audio from its microphones... no lights.

      • (Score: 2, Interesting) by nostyle on Monday February 05, @02:36PM (2 children)

        by nostyle (11497) on Monday February 05, @02:36PM (#1343125) Journal

        I'm not aware of any way to completely inhibit a built in mic without destroying or removing them.

        My fix is to run Slackware Linux on chromebooks, which pretty much guarantees that audio will not work. Sure, I can make it work when I'm feeling heroic, but it's more convenient to leave it broken and talk to nobody (that's what phones are for).

        For laptops, I use duck tape over the webcams. No light leakage there.

        For my iphone SE that the wife makes me carry, I use a tactical rubberband (#82) over the camera lens. Quick to remove for doing photos. Quick to restore. No stick-em to gum up the works, and it helps keep dust off the lens. Serves as a pretty good shock absorber as well.

        If you have one of those monster phones with 3 lenses, you're on your own.


        Time after time
        You refuse to even listen

        -Beatles, You Won’t See Me