Doorbells and security cameras have raised security concerns as of late. Robot vacuums have gained a ton of popularity over the last few years. According to blackfriday.com, the iRobot Roomba is one of the best deals of 2020. If you own or are thinking about purchasing one, don’t let the title of this article scare you… yet.
Researchers sit around trying to think of ways devices can be used maliciously. Once they have an idea, they set off trying to see if it’s actually possible. Some geniuses in a lab cooked up a scheme of using the LiDAR sensor in a robot vacuum as a microphone. It actually worked.
What is LiDAR?
For those who don’t know, LiDAR stands for Light Detection and Ranging. Put simply, a vacuum with a LiDAR sensor pulses a laser to detect obstacles within a room. Basically, measuring those reflections allows the sensor to create a map of the room. The process works very similarly to sonar or radar but utilizes light instead of sound or radio waves. The latest smartphones have started including LiDAR sensors to help their cameras see in the dark.
This hack uses what’s known as a side-channel attack. Rather than exploiting vulnerabilities, researchers repurpose existing features to perform operations other than what was originally intended. In this particular instance, the LiDAR sensor acts as a microphone instead of a mapping and obstacle sensor.
Hacking Robot Vacuums
So how do you get a laser to act as a microphone? According to the researchers, “Sounds are essentially pressure waves that propagate through the vibrations of the medium. Hence, sound energy in the environment is partially induced on nearby objects creating subtle physical vibrations within those solid media.”
In a nutshell, sound vibrations in the air cause the furniture in the room to vibrate as well. The laser accurately measures those vibrations. The vacuum uploads the data to the attacker’s cloud storage. From there, an algorithm processes the measurements back into an audio wave. Overall, the process is pretty ingenious.
Across 19 hours of recordings, researchers recovered audio with 90% average accuracy. Not only did they detect and identify music from various TV shows, but they could identify the gender of people speaking. You can read all the science-heavy details in the lab’s research paper.
Don’t Worry… Too Much
This hack was carried out in a lab. Pulling this off in the real world would be difficult. Hackers would need access to your network and the ability to overwrite your vacuum’s firmware. It’s not impossible, but there are easier ways to listen in on conversations. Just don’t be surprised when you start seeing this spying technique in movies and shows.
Looking for More Tips?
Blog posts with various IT tips and news are released every Friday. We publish new episodes of Tech Tip Tuesday as often as we can. You can view previous episodes in our Tech Tip Tuesday library. Click the Sign Up or Subscribe button on this page to subscribe and receive every tip directly in your inbox each week. Pit Crew IT Services can also help your organization with any IT needs you might have. Get started with a free consultation using the button below.