Threat Actors Turn Robot Vacuums Against Their Owners


Friday, November 20th, 2020 |

Robot vacuums, known colloquially as ‘Roombas’ after the popular brand, have gained popularity over the years. A new attack known as ‘LidarPhone’ by researchers, targets vacuums with LiDAR sensors. LiDAR, or Light Detection and Ranging, is a remote sensing method that uses light in the form of a pulsed laser to measure distances to or from nearby objects. This technology helps vacuums navigate around obstacles on the floor while they clean.

While the LidarPhone attack is actually quite complex in its execution, it is simple in its theory: threat actors have developed a systems to repurpose the LiDAR sensor to sense acoustic signals in the environment and then remotely harvest that data from the cloud and finally, process the raw signal to extract information. In order to successfully execute this attack, attackers would need to have already compromised the device itself (in a test environment, researchers from the University of Maryland used a previously disclosed vulnerability in the LiDAR vacuums), and would need to be on the victim’s local network in order to successfully launch the attack. At its core, the idea behind the attack is to remotely access the vacuum cleaner’s LiDAR readings, and analyze the sound signals collected.

Teams of researchers at the University of Michigan, College Park and the National University of Singapore have been able to replicate the attack and were able to collect spoken digits, along with music played by a computer speaker and a TV sound bar, totaling more than 30,000 utterances over 19 hours of recorded audio. According to their published report, LidarPhone achieves approximately ‘91 percent and 90 percent average accuracies of digit and music classifications, respectively.’

For instance, researchers were able to detect different sounds around the household – from a cloth rug, to the trash, to various intro music sequences for popular news channels on TV like FOX, CNN and PBS – even predicting the gender of those who were talking.

At the same time, various setbacks still exist with the attack. For one, several conditions in the household could render an attack less effective. For instance, the distance away from the vacuum cleaner, and volume, of different noises has an impact on the overall effectiveness. Background noise levels and lighting conditions also have an impact on the attack.

Researchers said that the attack can be mitigated by reducing the signal-to-noise ratio (SNR) of the LiDAR signal.


Sources:

Share this: