A group of scientists from the University of Maryland and the National University of Singapore have demonstrated the LidarPhone attack, which can turn a smart vacuum cleaner into a spy device that records conversations nearby.
As the name suggests, the attack relies on the device’s built-in lidar, which the vacuum cleaner uses to navigate space. Essentially, a potential attacker could use the lidar and its laser as a laser microphone.
Laser microphones are often used by special services, especially if the recording needs to be made from afar. For example, a laser microphone is pointed at a glass window and monitors the vibrations of the glass, which can then decode and decrypt the conversations that occur indoors.
The fact is that the device’s lidar is active and rotates constantly, which reduces the amount of data that an attacker can collect. With the help of malicious firmware, an attacker will be able to stop the rotation and normal operation of the lidar, forcing it to focus on a single object, monitoring the vibration of the surface due to sound waves.
…
It should also be noted that the lidars of robotic vacuum cleaners are far from being as accurate as laser microphones, so the collected data, which will be transmitted to the attacker’s remote server, will have to be processed additionally, amplifying the signal so that a person can make out the received sound.
Despite all these limitations, the researchers managed to get good results during the tests on the Xiaomi Roborock robot vacuum cleaner. Experts carried out a series of tests using a lidar to pick up a signal from various objects, in addition, during the tests, there was a different distance between the vacuum cleaner and the sound source.
At the same time, the researchers’ experiments were mainly focused on restoring not conversations, but numerical values, which were eventually restored with an accuracy of 90%.
While LidarPhone is more of a theoretical attack, for protection, the researchers recommend that robot vacuum cleaner manufacturers turn off the device’s lidar when not in use.
The researchers’ report was presented at the ACM Conference on Embedded Networked Sensor Systems (SenSys 2020). A recording of the research team’s speech can be seen below.
Let me remind you that I talked about the expert taught Smarter Coffee machine to ransom money.