Researchers Discover Encryption Flaws in RSA Certificates, Affecting IoT Devices Primarily
Last updated September 24, 2021
Researchers from the University of Maryland have figured out a smart way to listen to whatever is going on inside a home where a robot vacuum cleaner operates. These are trendy devices that are selling like hotcakes right now, as their functionality has grown to impressive levels today. What’s weird is that these vacuums don’t even have a microphone on them, so one has to wonder, how did the researchers do it?
The system targeted in this study was the navigation system, which helps the vacuum cleaner go around the house without hitting walls and furniture. This is a “LiDAR” system, measuring distances by illuminating the target with a laser light beam that’s invisible to the human eye. By measuring the return times and the wavelengths, the vacuum’s processor can figure out what stands and where, essentially mapping the space without needing cameras to “see” anything.
Sound is a wave too, and all waves make objects vibrate when they hit them. These vibrations, even though very small, can cause variations in the light that bounces off an object, i.e., the light from the LiDAR. So, essentially, the vacuum cleaner is able to tell apart even these small differences, and an interpreter can be deployed to discern the sound waves and translate them to speech or music.
That data can reach a remote actor via Wi-Fi, and manipulating the LiDAR system won’t interfere with the robot’s regular navigation and vacuuming functionality. This essentially means that a hacker could be listening to your conversations without you ever realizing it.
As for the question of accuracy, the researchers managed to identify spoken numbers with 90% accuracy during their tests and identified TV shows using minute-long recordings with similar success rates. The translation of sound wave data to speech was done by a machine-learning algorithm, so higher success rates could be reached if the AI is given enough time.
The vendors of robot vacuum cleaners should take note of the Maryland University team’s findings and take action to secure the navigation system of their robots better. If you want to minimize the risk of exposing sensitive data through your vacuum cleaner, the only way to be certain is to avoid buying one. The next best thing would be to pick one without Wi-Fi or, if you do want this feature, select a higher-end model instead of going for an inexpensive device, as the more pricey stuff has better chances of being more secure.