A team of academics has detailed this week’s novel research that converted a smart vacuum cleaner into a microphone capable of recording nearby conversations.
Named LidarPhone, the technique works by taking the vacuum’s built-in LiDAR laser-based navigational component and converting it into a laser microphone.
What are Laser microphones and how does it work?
Laser microphones are well-known surveillance tools that were used during the Cold War to record conversations from afar. Intelligence agents pointed lasers at far-away windows to monitor how glass vibrated and decoded the vibrations to decipher conversations taking place inside rooms. It can be used to eavesdrop with minimal chance of exposure.
This concept of laser microphone was taken into account by the academics from the University of Maryland and the National University of Singapore but applied it to a Xiaomi Roborock vacuum cleaning robot.
Essential conditions that need to be met for a LidarPhone attack
A LidarPhone attack is not as simple as you think, it has to meet with some sure situation before it takes place.
One of them being that an attacker would need to use malware or a tainted update process to modify the vacuum’s firmware in order to take control of the LiDAR component, which ends up into a LidarPhone attack.
This is important because the vacuum LiDARs work in a continuous spinning process, and this process reduces the number of data points the attacker collects, hence reducing the chance of the LidarPhone attack. With the corrupted firmware, attackers will need to stop the vacuum LiDAR from spinning and instead force it to focus on a nearby object at a time, from which it can record its how the surface vibrates sound waves.
In addition, since the LiDAR Smart vacuum components are nowhere near the exact level of laser observation microphones, the researchers also said that the collected laser readings would need to be uploaded to the remote attacker’s server for further processing so that the signal can be promoted and the sound quality can be achieved in such a situation.
Nonetheless, despite all these conditions, researchers said they were successful in recording and obtaining audio data from the test Xiaomi robot’s LiDAR navigational component.
Moreover, the academics said the technique could also be used to identify speakers based on gender or even determine their political orientation from the music played during news shows, captured by the vacuum’s LiDAR.
Should you be worried about someone eavesdropping in your conversation through these Vacuums?
But while a LidarPhone attack looks like a serious breach of privacy, users shouldn’t panic yet. This type of attack is based on a number of parameters that most attacks do not take into account. There are many more ways to spy on users than to flash the firmware on a vacuum cleaner to control their laser navigation system, such as tricking the user into installing malware on their phone.
The LidarPhone attack is simply a new educational study that may be used to strengthen the safety and layout of the future robotic vacuum cleaners. In fact, the primary countermeasure encouraged via way of means of the studies for producers of shrewd robotic vacuums is to close down the LiDAR aspect if it isn’t spinning.