Hackers have used LiDAR technology, as seen in the latest iPhone 12 Pro and 12 Pro Max, to turn a vacuum cleaner into a spying device.
Researchers have hacked a vacuum cleaner to create a spying machine
First, the ordinary light bulb was turned against us by resourceful hackers in the research lab; now it's the turn of the vacuum cleaner to become a covert listening device.
I am eagerly awaiting delivery of my shiny new iPhone 12 Pro Max, a smartphone that employs the wonders of LiDAR technology to help the smartphone camera see in the dark. LiDAR, light detection and ranging to be more formal, basically works by measuring reflections from a target illuminated by laser light. It can also, so it seems, help hackers listen to and record conversations using a vacuum cleaner. I know, right?
A team of academics from the National University of Singapore and the University of Maryland has published a research paper with a title of 'Spying with your robot vacuum cleaner: eavesdropping via lidar sensors' that explains exactly what was involved. Under the supervision of Prof. Jun Han, Sriram Sami took the lead in this research aided by Yimin Dai, Sean Rui Xiang Tan and Nirupam Roy.
The hack, which the researchers have called LidarPhone, is what's known as a side-channel attack. This is when, rather than exploiting weaknesses or vulnerabilities, hackers exploit implemented strengths but for a reason other than that which might be reasonably expected. In this case, using the LiDAR sensors of a 'smart' robotic vacuum cleaner, whose function is to help the device navigate and map its surroundings, to act as microphones and record conversations covertly.
Across 19 hours of this covert recording, the researchers say they managed to collect conversations and music played by a computer speaker and TV soundbar. "Sounds are essentially pressure waves that propagate through the vibrations of the medium," the research paper reveals, "sound energy in the environment is partially induced on nearby objects creating subtle physical vibrations within those solid media." By repurposing the vacuum cleaner's LiDAR sensors, they were, therefore, able to grab those vibrations, which were then processed "to recover traces of sounds." This deep learning algorithm-driven recovery process having a success rate of around 90%, according to the research paper.
This is worrying stuff when you consider that most vacuum cleaners don't come complete with microphones. The same techniques could, theoretically, be applied to any LiDAR sensor-equipped device. The iPhone 12 Pro Max, maybe, or what about a self-driving car? So, do we just have to suck it up that our smart household appliances will inevitably be spying upon us? Erm, no.
As with most such lab-based research, applying the results to a real-world hacking scenario is far from straightforward. As well as compromising the vacuum cleaner so as to be able to repurpose the LiDAR sensors through a firmware update, the hackers would also need access to the target's local network. And that's just the start of the complexity of pulling off such an attack. Background noise levels, lighting, distance from the target would all factor into impacting success.
Security expert, Graham Cluley, writing at Bitdefender Box, also points out that reflectivity issues mean that "a robot vacuum cleaner may be collecting data with a low signal-to-noise ratio." Sure, the algorithm developed by the researchers helps to a degree. Still, I'm not worrying about my robot vacuum cleaner, or any other LiDAR-equipped device, spying on me for now.
If someone wants to know what I'm saying, there are far easier listening methods using common or garden malware.
