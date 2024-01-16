In a recent revelation that could redefine our understanding of device security, researchers at MIT have discovered a new way to exploit ambient light sensors, commonly found in modern electronic devices. These sensors, designed originally to adjust screen brightness based on external light conditions, can now potentially be used to capture low-resolution images of a user's hand gestures without their knowledge or consent.

Advertisment

Unveiling a Novel Technique

The groundbreaking technique, detailed in a paper published in Science Advances, hinges on the display of a sequence of patterns on a device's screen. As these patterns are partially obstructed by the user's hand, a single-pixel light sensor detects the changes in light intensity. An inversion algorithm then processes these changes, reconstructing them into discernible images.

Successful Tests and Potential Misuse

Advertisment

The team of researchers, led by Yang Liu, successfully tested their method on a Samsung Galaxy View2 tablet. They used a mannequin hand and head to simulate a user's interactions, including common gestures like two-finger scrolling and three-finger pinching. However, the process to capture these images is currently slow, taking several minutes to accurately decipher hand gestures.

This discovery, while fascinating, raises serious concerns about the potential misuse of ambient light sensors in the realm of privacy invasion. Although the technique is too complex for mass-scale attacks and is unlikely to work on smaller devices such as smartphones, it underscores the importance of being aware of the security risks associated with device sensors.

In response to these findings, the World Wide Web Consortium has issued new standards that limit access to the light sensor API. This has been adopted by browser vendors, but unfortunately, comprehensive restrictions for Android apps are still lacking. Some devices continue to log light sensor data in a system file that is easily accessible, further emphasizing the urgency of tighter security control.