LidarPhone attack will make your vacuum cleaner spy on you

LidarPhone attack on vacuum cleaner

A group of scientists from the University of Maryland and the National University of Singapore have demonstrated the LidarPhone attack, which can turn a smart vacuum cleaner into a spy device that records conversations nearby.

As the name suggests, the attack relies on the device’s built-in lidar, which the vacuum cleaner uses to navigate space. Essentially, a potential attacker could use the lidar and its laser as a laser microphone.

Laser microphones are often used by special services, especially if the recording needs to be made from afar. For example, a laser microphone is pointed at a glass window and monitors the vibrations of the glass, which can then decode and decrypt the conversations that occur indoors.

The LidarPhone attack requires a number of specific conditions to be met. For example, an attacker would be forced to use some malware or interfere with the device update process in order to gain control of the lidar.say the experts.

The fact is that the device’s lidar is active and rotates constantly, which reduces the amount of data that an attacker can collect. With the help of malicious firmware, an attacker will be able to stop the rotation and normal operation of the lidar, forcing it to focus on a single object, monitoring the vibration of the surface due to sound waves.

LidarPhone attack on vacuum cleaner

LidarPhone attack on vacuum cleaner
It should also be noted that the lidars of robotic vacuum cleaners are far from being as accurate as laser microphones, so the collected data, which will be transmitted to the attacker’s remote server, will have to be processed additionally, amplifying the signal so that a person can make out the received sound.

Despite all these limitations, the researchers managed to get good results during the tests on the Xiaomi Roborock robot vacuum cleaner. Experts carried out a series of tests using a lidar to pick up a signal from various objects, in addition, during the tests, there was a different distance between the vacuum cleaner and the sound source.

At the same time, the researchers’ experiments were mainly focused on restoring not conversations, but numerical values, which were eventually restored with an accuracy of 90%.

LidarPhone can be used to identify speakers by gender, and even to determine political opinion targets from news bulletins playing in the background.note the creators of the attack.

While LidarPhone is more of a theoretical attack, for protection, the researchers recommend that robot vacuum cleaner manufacturers turn off the device’s lidar when not in use.

The researchers’ report was presented at the ACM Conference on Embedded Networked Sensor Systems (SenSys 2020). A recording of the research team’s speech can be seen below.

Let me remind you that I talked about the expert taught Smarter Coffee machine to ransom money.

By Vladimir Krasnogolovy

Vladimir is a technical specialist who loves giving qualified advices and tips on GridinSoft's products. He's available 24/7 to assist you in any question regarding internet security.

Leave a comment

Your email address will not be published. Required fields are marked *