Robot lawn mover
COLLEGE PARK, Md. — Robots can make daily chores much simpler than cleaning the house by hand. Unfortunately, a new study reveals they can also make things much simpler for hackers to steal personal information as well. An international team finds robot vacuum cleaners can actually be remotely reprogrammed to record sound waves, even though they don’t have a microphone inside them.
Researcher Nirupam Roy from the University of Maryland says the study successfully gathered information using the laser navigation system of a household vacuum robot. The team discovered that the robot’s laser signals can be converted into sound waves. With the help of signal processing software and machine learning systems, computers can accurately pick out speech and musical patterns from television shows the vacuum is eavesdropping on.
“We welcome these devices into our homes, and we don’t think anything about it,” says Roy, an assistant professor in the Department of Computer Science, in a university release. “But we have shown that even though these devices don’t have microphones, we can repurpose the systems they use for navigation to spy on conversations and potentially reveal private information.”
The study finds that these devices rely on light detection and ranging (Lidar) to help them roll around a room. The vacuum shines its laser throughout a room and senses the reflections as the beam bounces off walls and objects. The machine can then map out where to go and when to turn to efficiently clean a house.
While this technology is great for a robot’s sense of direction, security experts have already sounded the alarm about where this information is being stored. The study reveals mapping information is often kept in the cloud. This means a privacy breach could expose information about a user’s house size. Roy suggests third-parties could gain unauthorized insight into the income level and lifestyle of unsuspecting vacuum users.
The researchers set out to uncover if Lidar could also pose a threat as a real-time recording device. The study explains that sound waves cause objects to vibrate. This actually triggers small variations in the light that bounces off of them. Since the 1940s, laser microphones have been able to convert these variations in light back into a sound wave. These devices, often used in spy operations, rely on the laser beam reflecting off a smooth surface like a window.
Unlike professional eavesdropping equipment, robot vacuums shine their lasers on objects that often have an irregular shape or density. Roy’s team wasn’t sure if the scattered signal would provide enough information to recover the original sound wave.
Turning a vacuum cleaner robot into a spy bot
To test if a vacuum could actually record sounds, researchers first hacked into the robot’s software. This revealed it’s possible for someone to control the position of the laser beam and receive that data using a laptop with Wi-Fi.
Next, the team attempted to recover sound patterns from two different audio sources. One involved a human voice reciting numbers through a computer speaker. The other came from a television playing various shows as the machine cleaned.
The study then captured the Lidar signals as they bounced off several nearby objects, including a trash can, cardboard box, takeout carton, and a shopping bag. Researchers ran the signals through their computer learning algorithms which can tell the difference between human voices and music.
The results reveal the team’s computer program, called LidarPhone, could identify 90 percent of the spoken numbers in the room. The program could also successfully pick out 90 percent of the television shows from a minute-long recording.
“This type of threat may be more important now than ever, when you consider that we are all ordering food over the phone and having meetings over the computer, and we are often speaking our credit card or bank information,” Roy warns.
“But what is even more concerning for me is that it can reveal much more personal information. This kind of information can tell you about my living style, how many hours I’m working, other things that I am doing. And what we watch on TV can reveal our political orientations. That is crucial for someone who might want to manipulate the political elections or target very specific messages to me.”
It’s not just the vacuum cleaner that could be spying on you
The team cautions that robot vacuums are just one possible source of Lidar spying on the market today. Other devices which use an infrared sensor, like smartphones, can potentially gather information without your knowledge. Many of these devices use their sensors for facial recognition or motion detection.
“I believe this is significant work that will make the manufacturers aware of these possibilities and trigger the security and privacy community to come up with solutions to prevent these kinds of attacks,” Roy concludes.
The study was presented at the Association for Computing Machinery’s Conference on Embedded Networked Sensor Systems (SenSys 2020).
Editor’s note: An earlier version of this story questioned the highly popular robot vacuum cleaner Roomba in the headline. Roomba vacuums do not use the Lidar technology referenced in this report and cannot be hacked.