Smartphone ambient light sensors allow spying


Android and iPhone ambient light sensors can be turned into cameras, allowing malicious actors to secretly film unsuspecting victims and their surroundings.

Smartphone ambient light sensors are typically used to automatically adjust screen brightness. However, researchers at MIT’s Computer Science and Artificial Intelligence Laboratory (CSAIL) claim the sensors can be used to craft a photo of the user’s surroundings.

A group of researchers proposed a computational imaging algorithm that allowed the recovery of an image of the environment from the screen’s perspective. All it took was single-point light intensity changes in these sensors.

“Ambient light sensors are tiny devices deployed in almost all portable devices and screens that surround us in our daily lives. As such, the authors highlight a privacy threat that affects a comprehensive class of devices and has been overlooked so far,” Princeton University professor Felix Heide, who was not involved with the paper, said.

The new study suggests that ambient light sensors could intercept various user gestures, such as swiping and sliding, and capture how users interact with their phones while watching videos.

The critical point of the study was to dispel a conviction that ambient light sensors can’t reveal any meaningful private information to attackers, so apps should be able to freely request access to them.

According to Yang Liu, a PhD at the MIT Electrical Engineering & Computer Science Department (EECS) and CSAIL, ambient light sensors capture what we’re doing without permission, and combined with a display screen, these sensors can pose privacy risks to users.

Researchers suggest that operating software makers tighten up permissions and reduce the precision and speed of the sensors. One way to combat the security issue would be to allow users similar control over app permissions to use ambient light sensors as users have with camera usage.

Additional measures could encompass future devices to have ambient light sensors facing away from the user, for example, to the side of the device.

The more researchers dig for innovative ways to spy on users, the deeper the hole gets. For example, a 2023 report suggested that attackers could intercept what users are typing by intercepting the sound of keystrokes via a remote conversation.