fbpx
Frame-14

Privacy Ninja

        • DATA PROTECTION

        • CYBERSECURITY

        • Penetration Testing

          Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing
        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing
        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing
        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing
        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training
        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing
        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review
        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention
        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise
        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle
        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

Robot Vacuum Cleaners Can Be Used By Hackers To ‘Spy’ On Private Conversations: NUS Study

Robot Vacuum Cleaners Can Be Used By Hackers To ‘Spy’ On Private Conversations: NUS Study

Assistant Professor Jun Han and doctoral student Mr Sriram Sami from NUS Computing with a robot vacuum cleaner, a monitor showing recovered sound waves and common household items made from materials that can reflect sound. (Photo: National University of Singapore)

SINGAPORE: Your robot vacuum cleaner could be picking up private conversations along with the dust and dirt in your home.

Computer scientists from the National University of Singapore (NUS) have demonstrated how a common robot vacuum cleaner and its built-in light detection and ranging (Lidar) sensor could be used to “spy” on private conversations, the university said on Monday (Dec 7).

The method, called LidarPhone, repurposes the Lidar sensor that a robot vacuum cleaner normally uses for navigating around a home into a laser-based microphone to eavesdrop on private conversations.

The research team, led by Assistant Professor Jun Han and his doctoral student Sriram Sami, managed to recover speech data with “high accuracy”, said NUS.

“The proliferation of smart devices – including smart speakers and smart security cameras – has increased the avenues for hackers to snoop on our private moments,” said Mr Sami.

“Our method shows it is now possible to gather sensitive data just by using something as innocuous as a household robot vacuum cleaner. Our work demonstrates the urgent need to find practical solutions to prevent such malicious attacks.”

HACKERS CAN LEARN CREDIT CARD DETAILS, SENSITIVE INFORMATION

The core of the LidarPhone “attack method” is the Lidar sensor, a device which emits an invisible scanning laser in order to create a map of its surroundings.

By reflecting lasers off common objects, such as a dustbin or a takeaway bag, located near a person’s computer speaker or television soundbar, the research showed that hackers could obtain information about the original sound that made the objects’ surfaces vibrate.

“Using applied signal processing and deep learning algorithms, speech could be recovered from the audio data, and sensitive information could potentially be obtained,” said NUS.

Also Read: Going Beyond DPO Meaning: Ever Heard of Outsourced DPO?

In their experiments, the researchers used a common robot vacuum cleaner with two sources of sound –  the voice of a person reading out numbers played from a computer speaker and music clips from television shows played through a television soundbar.

The team collected more than 19 hours of recorded audio files and passed them through “deep learning algorithms” that were trained to either match human voices or identify musical sequences.

“The system was able to detect the digits being spoken aloud, which could constitute a victim’s credit card or bank account numbers. Music clips from television shows could potentially disclose the victim’s viewing preferences or political orientation,” said NUS.

The system achieved a classification accuracy rate of 91 per cent when recovering spoken digits and a 90 per cent accuracy rate when classifying music clips. These results are “significantly higher” than a random guess of 10 per cent, said NUS. 

The NUS scientists also experimented with common household materials to test how well they reflected the Lidar laser beam and found that the accuracy of audio recovery varied between different materials – the best material for reflecting the laser beam was a glossy polypropylene bag, while the worst was glossy cardboard.

NUS students Dai Yimin and Sean Tan Rui Xiang, as well as Assistant Professor Nirupam Roy from the University of Maryland, contributed to the research. The research was presented at the Association for Computing Machinery’s Conference on Embedded Networked Sensor Systems (SenSys 2020) on Nov 18, where the team clinched the Best Poster Runner Up Award.

INTERNET CONNECTED DEVICES POSE PRIVACY RISKS

To prevent Lidars from being misused, people with robot vacuum cleaners are advised to not connect them to the Internet. 

The NUS team also recommends that Lidar sensor manufacturers incorporate a mechanism that cannot be overridden to prevent the internal laser from firing when the Lidar is not rotating.

“In the long term, we should consider whether our desire to have increasingly ‘smart’ homes is worth the potential privacy implications,” said Asst Prof Han. 

“We might have to accept that each new Internet-connected sensing device brought into our homes poses an additional risk to our privacy, and make our choices carefully.”

The team is working on applying these LidarPhone findings to autonomous vehicles, which also use Lidar sensors.

This technology could be used to eavesdrop on conversations happening in nearby cars through minute vibrations of the windows, said NUS.

Also Read: The 5 Benefits Of Outsourcing Data Protection Officer Service

The researchers are also looking into the vulnerability of active laser sensors found on the latest smartphones, which could reveal further privacy issues, the university added.
Source: CNA/zl

0 Comments

KEEP IN TOUCH

Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection

REPORTING DATA BREACH TO PDPC?

We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.
×

Hello!

Click one of our contacts below to chat on WhatsApp

× Chat with us