News & Politics

Your Internet-Enabled Smart Lights May Be Able to Spy on You

(Getty Images)

Researchers Anindya Maiti and Murtuza Jadliwala from the University of Texas at San Antonio investigated connected light bulbs from Philips and LIFX that respond to music and video through their WiFi and Bluetooth connections.  Typically, these “smart light bulbs” change color and brightness in time with the audio and video being played on a phone or tablet. The researchers found that they could observe these light patterns and determine the users’ multimedia preferences from a remote location.

“Modern Internet-enabled smart lights promise energy efficiency and many additional capabilities over traditional lamps,” the researchers explained. “However, these connected lights create a new attack surface, which can be maliciously used to violate users’ privacy and security.”

The person monitoring the pattern does not need to access the network itself but just needs to view the lights from a distance. During playback of audio, the brightness level mimics the source sound. In the case of video, the current video frame determines the dominant color and brightness level. The mobile app controls the lamp response by sending data to the light bulbs.

The model created by the two researchers requires the person doing the detecting to create a database of light patterns, like a dictionary for songs and videos, that they can use as a reference for the what they capture from the target.

The researchers used a set of 100 songs and found they could accurately identify 51 songs, while genres of 82 songs were correctly identified. They tried different distances and found that at 15 feet they had very high accuracy, while at 150 feet they still were able to discern useful information.

What this all means is that the researchers were able to steal meaningful information from these devices just by detecting the light patterns, even from long distances.

As a “countermeasure” the researchers suggested that users “cover the windows with opaque curtains and block light leakage to the outside.” For example, “the brightness of the bulbs can be reduced, so that the light leakage is also reduced.” To prevent an attack, they said,  “strong network rules can be enforced such that computers and smartphones cannot control smart bulbs over an IP network.”

For more details you can check the original paper titled “Light Ears: Information Leakage via Smart Lights,” available here.