23rd November 2020, Kathmandu
Researchers have discovered a new attack ‘ Lidar Mobile’. This attack allows attackers to spy on homeowners, through the LiDAR sensors on their robot-based vacuums.
What does LiDAR mean?
LiDAR stands for Light Detection and Ranging is a remote sensing method. It uses light in the form of a pulsed laser to measure variable distances to nearby objects. Robot Vacuum cleaners also use this technology. This technology assists in cleaning and to navigate around obstacles on the floor.
Researchers have found that robot vacuums are a source for cyberattacks while inside their homes. LiDAR (Light Detection and Ranging) sensors on robot vacuums consist of a bug. That bug could allow an attacker to listen to the private conversations of the homeowners.
Worried? Calm down because the attack is complex. Attackers would have to compromise the device itself. In addition, attackers need to be on the local network of victims to launch the attack. The idea behind the attack is to access LiDAR readings, which include sound signals. Then use it to reveal full conversations. Potentially revealing sensitive information that could reveal their credit-card data or deliver potentially incriminating information that could be used for blackmail.
Lidar Mobile Solution
According to the team of researchers from the University of Maryland, College Park, and the National University of Singapore, they have developed a system to repurpose the LiDAR sensor to sense acoustic signals in the environment. Remotely harvest the information from the cloud and process the raw signal to extract the data.
Researchers said that the Lidar Mobile can be mitigated by reducing the SNR (which stands for signal-to-noise ratio) of the LiDAR signal. This is possible If the robot vacuum-cleaner LiDARs will include a hardware interlock. In a way that its laser beams cannot travel below a certain rotation rate, with no option to override this feature in the software,”
While researchers investigate LiDAR on robot vacuum cleaners as an exemplary case. Their findings may be extended to many other different active light sensors, including various smartphone TOF (time-of-flight) sensors. ToF cameras make use of infrared rays that bounce off objects and then return to the hardware. The time that this light takes to leave and then return to the device (TOF) allows the camera to sense depth, thus developing a 3D ‘map’ of a space.
So, this attack is a signal of an important reminder. The proliferation of smart sensing devices in our homes opens up many opportunities for acoustic side-channel attacks on private conversations.
