In a new study published in Science Advances, researchers from MIT’s Computer Science and Artificial Intelligence Laboratory (CSAIL) have uncovered the potential threat posed by ambient light sensors on smart devices. These sensors, which are used to adjust the brightness of the screen according to the surrounding light, can be used by hackers to capture images of users’ touch interactions without the need for a camera.
The team from MIT demonstrated how ambient light sensors could be used to capture images of users’ scrolling, swiping, or sliding, and how they could be used to monitor user activity while watching videos. Apps that have native access to the screen, such as video players and web browsers, could potentially spy on users and collect this permission-free data.
The researchers proposed a computational imaging algorithm that uses subtle single-point light intensity changes of the ambient light sensors to recover an image of the environment from the perspective of the display screen. The algorithm reconstructs the picture from the screen’s perspective, which is then optimized and denoised via deep learning to reveal a pixelated image of hand activity.
Lead author Yang Liu, a Ph.D. student in MIT’s Department of Electrical Engineering and Computer Science and a CSAIL affiliate, said that ambient light sensors could passively capture what users are doing without their permission. At the same time, apps are required to request access to cameras. “Our demonstrations show that when combined with a display screen, these sensors could pose some sort of imaging privacy threat by providing that information to hackers monitoring your smart devices,” Liu said.
The study introduces a novel combination of passive sensors and active monitors to reveal a previously unexplored imaging threat. The team recommends two software mitigation measures for operating system providers: tightening up permissions and reducing the precision and speed of the sensors. They suggest restricting access to ambient light sensors by allowing users to approve or deny those requests from apps. They also propose limiting the sensors’ capabilities and reducing the components’ precision and speed so that they reveal less private information.
The researchers’ findings highlight the need for greater privacy and security measures on smart devices to protect user data and prevent unauthorized access. As technology continues to advance, it’s crucial that developers and manufacturers take steps to address potential security threats and protect users’ privacy.
Journal Reference
- Liu, Y., Wornell, G. W., Freeman, W. T., & Durand, F. (2024). Imaging privacy threats from an ambient light sensor. Science Advances. DOI:10.1126/sciadv.adj3608