> Honestly, the quality is probably on par with a 40 year old digital camera.
Given the article is from 2019, you could say that to be true in an odd way since in 1979, depending on where you draw the line, what we call a digital camera today did not exist yet. Whether you consider the first digital camera to be the Sony Mavica, an analog electronic camera from 1981, or the Fuji DS-1P, the first fully digital camera from 1988, by any standard all of that became a reality a bit later.
From a quick search, on iOS ambient light sensor data seems available for research purposes only, I'm guessing this isn't part of regular commercial apps. Is that correct?
> You need to provide a reason to record ambient light by adding the SRSensorUsageAmbientLightSensor dictionary to the NSSensorKitUsageDetail key in the information property list.
> NSSensorKitUsageDescription - A short description of the purpose of your app’s research study.
It's not much that the point: did you notice your phone lighting up the screen when you move around it? That's not much an "image" capture threat (meaning you covered the phone cam and allow the other sensors in that example) but a "person presence" and "person activity" threat.
Essentially with apparently innocent and cheap sensors you can determine what happen in a home, perhaps selling some smart bulb who can just tune the light and light on automatically when you enter a room then turn off after a short period of time. Apparently a simple and innocent comfort idea, but also a potential cheap remote spying device.
We already know some "strange" attacks like discovering keys pressed on a mechanical keyboard via the produced ambient noise, any of such potential threat alone seems innocent and low risk, but put together allow for a potentially cheap mass surveillance inside homes walls in a far less monitored ways.
I would like to add to it that we do not know how various seemingly insignificant signals can be correlated together to reach some more significant conclusions.
I always remind myself there exist people much smarter, much more motivated and with much more time on their hand who think about these things and figure stuff out.
To deal with the problem (of security) seriously, the only possible sane policy is to not provide ANY unnecessary information under any circumstances. And that might not be enough, because the information that is legitimately needed to get the things we want might already be way too much.
And laser microphones. There's a whole range of technologies out there that people mock as unrealistic when they appear in SciFi, but turns out we can make.
Its interesting, I remember reading about this is old tech from 2014, but it was about how its possible to extract speech from vibrations picked up by video.
I guess it's still rather interesting research, certainly within the "hacker spirit". It's just sad most have to resort to clickbait to get any any funding for such pursuits...
Yup, its up there with the hack that turned turn hard drives into microphones: it sounds super scary until you see the practical limitations in action. They need access to your screen before even attempting to, slowly, build up a picture of your hand hovering over the phone. Its like watching them screem at the hard drives in order to get a faint peep out of the microphone.
Couldn't this be mitigated in a similar fashion to other attacks using low data channels like sensors or CPU timings? By reducing the granularity?
By default, you'd get the averaged ambient light value over a few seconds, and if you really really needed high resolution, you'd need to request escalated privs?
https://www.analytech-solutions.com/analytech-solutions/blog...
And in fact, is almost identical in principle to the concept of "dual photography" from almost two decades ago:
https://graphics.stanford.edu/papers/dual_photography/
Dual photography takes the idea a step further and allows for interesting relighting if you capture the scene with more than just a photoresistor.