Light Ears: Information Leakage via Smart Lights

TL;DR

This paper reveals that modern smart lights can be exploited to infer user activities and exfiltrate private data through novel attack methods leveraging their multimedia and infrared capabilities.

Contribution

It introduces new attack techniques exploiting smart light features to compromise user privacy and security, highlighting the need for enhanced protection mechanisms.

Findings

Smart lights can reveal users' audio and video playback.

Infrared capabilities enable covert data exfiltration.

Attacks are feasible in real-world settings.

Abstract

Modern Internet-enabled smart lights promise energy efficiency and many additional capabilities over traditional lamps. However, these connected lights create a new attack surface, which can be maliciously used to violate users' privacy and security. In this paper, we design and evaluate novel attacks that take advantage of light emitted by modern smart bulbs in order to infer users' private data and preferences. The first two attacks are designed to infer users' audio and video playback by a systematic observation and analysis of the multimedia-visualization functionality of smart light bulbs. The third attack utilizes the infrared capabilities of such smart light bulbs to create a covert-channel, which can be used as a gateway to exfiltrate user's private data out of their secured home or office network. A comprehensive evaluation of these attacks in various real-life settings confirms their feasibility and affirms the need for new privacy protection mechanisms.