Light sensors in smartphones allow spying on users - MIT study
Even if you turn off your microphone, cover your camera, and use a VPN, it won’t save you from potential surveillance through a regular light sensor.
Even if you turn off your microphone, cover your camera, and use a VPN, it won’t save you from potential surveillance through a regular light sensor.
Scientists from the Massachusetts Institute of Technology have proven that a common Ambient Light Sensor (ALS), which automatically adjusts screen brightness, can track a user’s actions on the screen. This is stated in a study published in the journal Science Advances.
The team developed an attack called «LightSpy,» which turns a supposedly secure sensor into a surveillance tool. They used data from the ALS of a typical Android tablet to gather information about the user’s gestures—swipes, clicks, scrolls. The neural network was then trained to recognize these movements with enough accuracy to recreate the interaction with the device.
It is important that the light sensor cannot be disabled programmatically: its activity is not regulated by system permissions, like the microphone or camera. Moreover, it is present in almost all modern smartphones, tablets, and laptops.
A little more about ALS sensors
The Ambient Light Sensor is a photosensor that is commonly used to automatically adjust screen brightness. But because of its sensitivity to changes in lighting and its accuracy in detecting even micro-movements, it can become an unexpected source of private information leakage. This research is one of the first to show in detail how a common hardware function can be used in side-channel attacks without physical access to the device.
The researchers demonstrated a practical implementation of the attack in everyday use, where the browser runs malicious JavaScript code. After a short period of observation, the system is already able to reproduce user behavior on websites, including entering text, identifying button presses, etc.
One of the most dangerous aspects is that the user does not receive any warnings about the use of this sensor, and the process itself leaves no traces in the system.
Researchers are calling on operating system and browser manufacturers to introduce restrictions on access to ALS, including giving users the ability to block or control it.
Recall that recently, our feed featured an article about how Microsoft banned its employees from using the DeepSeek application due to fears of data leaks to China.
Apple employee sues company for spying on personal iCloud accounts and non-working devices
Apple employee sues company for spying on personal iCloud accounts and non-working devices
Google Threat Intelligence Group reports that Russian hackers have invented new ways to spy on Ukrainian military accounts on Signal
Google Threat Intelligence Group reports that Russian hackers have invented new ways to spy on Ukrainian military accounts on Signal
A student programmer stole spyware two days before the end of his internship at the British secret service: now he could go to jail for his «stupidity»
A student programmer stole spyware two days before the end of his internship at the British secret service: now he could go to jail for his «stupidity»
Read the country’s main IT news in our Telegram
Read the country’s main IT news in our Telegram
