EXECUTIVE SUMMARY:

Everyone expects vacuum cleaners to collect dust, dirt and the occasional Cheerio, but no one expects them to eavesdrop on conversations.

But a new vulnerability in LiDAR sensors on robot vacuums means that hackers can potentially snoop on what you’re saying. The attack exploit is known as “LidarPhone”.

LiDAR, which stands for Light Detection and Ranging, is a remote sensing method that depends on light in the form of a pulsed laser to assess the distance between still objects. In short, this is how your smart vacuum figures out where the coffee table is located in relation to the couch. The vacuum can then navigate around these objects appropriately.

In addition to analyzing light to determine distance, LiDAR can also analyze sound signals collected. “This would allow an attacker to listen in on private conversations,” reports ThreatPost. “…[this in turn] could reveal their credit card data or deliver potentially incriminating information that could be used for blackmail.”

How much can a robot vacuum really hear? 

Security researchers state that LidarPhone is able to achieve a 91% average accuracy rate when it comes to classifying digits, and a 90% average accuracy rate when it comes to classifying music.

In more concrete terms, the researchers were able to leverage LidarPhone to pick up different household sounds. Using audio recordings of a home environment, they identified the sounds of a cloth rug, trash can usage, the intro sequences for major US news outlets (FOX, CNN, PBS), and they could successfully gauge the gender of a speaker.

Privacy researchers and advocates suggest that these vacuums are able to create “maps” of a home’s interior, which may be stored in the cloud. If leaked, this data could pose privacy issues for households. In addition, advertisers could also potentially obtain access to this information and learn about a home’s size, and individuals’ financials, enabling them to better target consumers.

Can ambient noise levels prevent a hacker from listening in?

Yes. The attack can’t be executed effectively if background noise levels are too high. Lighting conditions also impact the efficacy of the attack.

The bottom line on smart vacuums? 

“We welcome these devices into our homes, and we don’t think anything about it,” says Nirupam Roy, an assistant professor in the University of Maryland’s Department of Computer Science, who led recent smart vacuum research.

“But we have shown that even though these devices don’t have microphones, we can repurpose the systems they use for navigation to spy on conversations and potentially reveal private information.”

As with all smart home devices, stay updated on potential exploits and secure devices or take security precautions as needed.

For more on robot vacuums, visit ThreatPost.