The independent researcher Lukasz Olejnik has reported that Ambient Light Sensors in consumer devices can be used to serve sensitive information to criminals. This includes room proportions, actions tracking and other related data.
Ambient Light Sensors Can Reveal Your Secrets
The privacy implications of having ambient light sensors on your consumer devices are becoming more severe as researchers uncover more and more ways of tracking people using such technologies. We wrote about Wi-Fi signals that can be used to track people and even eavesdrop conversations. But hardly has anyone even considered that ambient light sensors can also be used in such a way.
The independent researcher Lukasz Olejnik has revealed some details on how this can be exploited. The ambient light sensors are usually used on consumer devices such as smartphones and tablet to detect and adjust the brightness in the local environment. The contemporary technology even allows for measurement of the red, green and blue levels. The W3C have created an Ambient Light Sensors API that will give access to the sensors from every Internet browser. This will also potentially allow web designers to use their creative potential in accordance with the reported light levels of the user’s environment.
The sensors can be used to detect the proximity of the user in front of the sensor (usually placed on the front of the device). Another demonstrated concept is the sensing of direction and mechanisms of the user’s motion about the light sources. As such their use can introduce non-obvious and unexpected information leaks.
For example, they could allow attackers to map the insides of the users home or office. Usually, every room has different lighting conditions, and those can be used to build profiles. Using the sun’s direction malicious users can also make out the orientation of the building which could aid in intrusion attempts.
There are a few scenarios where this can be exploited for potentially illegal cases. Some examples are profiling the targets based on the size of their homes. Behavior analysis is another major concern that the researcher notes. The ambient light sensors can be used to reveal patterns such as the duration and times of his job, frequency of movement and other sensitive information.
When a lot of devices that contain these sensors are utilized in malicious case scenarios, then the attackers can use a lot of cross-linked data that can construct a complete profile of the users. Olejnik stresses the problem when the IoT (Internet of Things) devices come equipped with such technology. They are constantly online and stay connected all the time. Considering the fact that attackers can gain access to their data readouts in real time, this would lead to a really serious privacy issue.
Analysis of the Android version of Mozilla Firefox has concluded that the browser provides verbose data of the luminance in lux units. The identical issue has been reported in the Chromium (the open source version of Google Chrome) browser as well. Olejnik has reported the issue to the developers.
So, this is one of the latest privacy threats that we should be aware of. For more detailed information check out Olejnik’s detailed blog post.