Serious vulnerability found in vast majority of smartphones: What danger does it pose?

American scientists from the Computer Science and Artificial Intelligence Laboratory (CSAIL) at the Massachusetts Institute of Technology have discovered a vulnerability in devices equipped with light sensors and displays. Almost all modern smartphones and other mobile devices meet these criteria. The research has been published in the scientific journal Science Advances (SciAdv).

Light sensors assess the ambient light level and, accordingly, adjust the screen brightness. Unlike smartphone cameras, applications do not need to request user permission to use these sensors.

The CSAIL team has developed a computational visualization algorithm to reconstruct the image of the surrounding environment captured by the light sensor.

"Light sensors can passively track our actions without our permission. Our demonstrations show that in conjunction with displays, these sensors pose a threat to privacy by providing information to hackers," noted the lead author of the study, Yan Liu.

Scientists have proposed two measures to mitigate the consequences of the identified vulnerability for operating system developers: tightening permission policies and reducing the accuracy and speed of the sensors.

By reducing the accuracy and speed of these components, sensors will disclose less confidential information. It is also claimed that from a hardware perspective, the external light sensor should not be directed straight at the user on any smart device but should be placed on the side where it will not register important sensor interactions.