Skip to main content
  1. Home
  2. Computing
  3. News

Ambient light sensors can be used to snoop on us while we’re web browsing

Mark Coppock
By

researchers use ambient light sensor data to steal browser exhausted man computer problems desk hacking hackers malware frust
Shutterstock
There are more ways to access your data than by exploiting the various software vulnerabilities and hardware bugs that we seem to hear about on a daily basis. Our gadgets actually have all kinds of weaknesses that could allow nefarious parties to steal our information, and some of them are things we’d probably never consider.

One of those weaknesses stems from the fact that our PCs, tablets, and smartphones are stocked with sensors that extract information from our environments and use that data to make our devices more useful. Some researchers have found a way to use the innocuous-seeming ambient light sensor to grab potentially sensitive browser data and pass it along.

Recommended Videos

The ambient light sensor is used for a couple of purposes. It detects background light levels and adjusts screen brightness, and it works as a proximity sensor to determine when to shut off a smartphone’s screen during a call. As the researchers point out, the ambient light sensor is quite precise, and can measure light intensity from completely dark to incredibly bright.

The specific hack that the researchers developed uses the ambient light sensor to pick up color and lighting information from the screen by tapping into the data the sensor passes to the system. Because the sensor’s data is affected by what’s being displayed on the screen, it can be used in a variety of ways to pick up browser information that affects the light that the screen is giving off.

One simple example is the colors of visited links, which are normally obfuscated by the browser to avoid just this kind of snooping. Essentially, the light sensor readings can be used to distinguish between visited and unvisited links and thus inform an attacker as to which links the user had previously visited.

Light sensor: detecting browsing history

Another example involves using the ambient light sensor data to grab QR codes. That data can be used for such things as hijacking a user’s account when a QR code is used to provide emergency access to an account.

Light sensor: Stealing a QR code #2

So far, the researchers have managed to create attacks that work in Firefox and Chrome on Android devices and on PCs with ambient light sensors. Certain problems exists, such as changing lighting conditions in real-world situations, and also screen brightness variations. Nevertheless, the attack presents yet another reason to wonder who might be stealing our information in ways that we’d never imagine — or prepare against.

Topics
Mark Coppock
Mark Coppock
Computing Writer
Mark has been a geek since MS-DOS gave way to Windows and the PalmPilot was a thing. He’s translated his love for…
How to download Vimeo videos on desktop and mobile
Vimeo app icon on Apple TV.

Downloading Vimeo videos lets you enjoy these high-quality, cinematic uploads without relying on an internet connection. These days, it’s easier than ever before to obtain these media files, too. Thanks to online video converters, you’ll be able to download and save videos straight to your smartphone, tablet, or laptop. There’s also the possibility you’ll just be able to download a video directly from Vimeo, without using extra software.

Read more
I finally found a gaming laptop utility that’s actually worth using
The Asus ROG Zephyrus G16 sitting on a coffee table.

Nearly all gaming laptops come with bundled first-party software, and most of it isn't all that good. They tend to be poorly designed and riddled with bloatware and features that you'll never need. Armoury Crate is Asus' version of that, and while it isn't terrible, it suffers from many of those same problems.

A large number of users on Reddit have voiced their criticism of Armoury Crate, accusing it of being buggy, broken, and overly complex. Some of the most common issues include the software's cluttered user interface, promotional pop-ups, unnecessary bloatware, and the high usage of system resources. In my experience, I do find Armoury Crate's UI to be confusing, and I've also noticed that the software runs way too many background processes and services, some of which seem unnecessary.

Read more
How to delete Slack messages on desktop and mobile
how to delete slack messages message confirm mac desktop

If your company uses Slack as its preferred communication tool, then you'll need to know the basics of navigating it. And one action you might want to know how to take in Slack is deleting a message. You can remove a direct message or one you post in a channel using any of the Slack desktop, web, and mobile applications.

For those times when you type a message in the wrong channel or conversation or simply say something you wish you hadn’t, here’s how to delete Slack messages.

Read more