According to researchers, robotic vacuum cleaners can be hacked to spy on users by recording both conversations and music.
In recent times, the fear of voice assistant devices such as Alexa or Google Home spying on users arose. While these haven’t subsided, we’re presented with a new dilemma, could robotic vacuum cleaners by spying on us?
In the latest, in a paper by researchers from the University of Maryland and University of Singapore, it has been revealed that robotic vacuum cleaners can be hacked to spy on users by recording both conversations and music.
Named as LidarPhone, the attack targets Lidar sensors that could be found in the Xiaomi Roborock vacuum which was used for demonstration purposes in the research. However, any other vacuum cleaner that uses the same sensor technology would also be naturally vulnerable.
Explaining the science behind the exploit, the researchers state in their report (PDF) that,
The core idea is to repurpose the lidar to a laser-based microphone that can sense sounds from subtle vibrations induced on nearby objects. LidarPhone carefully processes and extracts traces of sound signals from inherently noisy laser reflections…
As an example, this could be used by attackers to know about someone’s confidential information such as their credit card info if they are speaking over the phone to a banking officer or even generally about the interest of people which would be helpful in social-engineering them.
What’s even more alarming is that this method has been stated to have a minimum of 90% accuracy rate which means if your vacuum has been targeted, you’re privacy is compromised.
Watch how it’s done
To conclude, for the future, both Xiaomi and other robot manufacturers should implement the measures that the researchers have proposed in order to counter such attacks. One of these includes reducing the signal to noise ratio of the lidar signal and reducing “the resolution of any user-facing data that directly corresponds to the intensity of reflected laser light.”