Stealing Browser History With Ambient Light

Schtask

Limp Gawd
Joined
Nov 29, 2011
Messages
436
Lukasz found that the light that is gloriously eminating from a monitor can be picked up by the ambient light sensors in a mobile device. If an end user takes a leisurely stroll to a malicious domain, an attacker can determine their browser history. The attack itself is able to work by parsing out the different colors used for sites that have been previously and newly visited. These sites produce small variations in light that are detected by the ambient light sensors. This attack method can also steal a precise QR code.
 
Last edited:

[Spectre]

[H] Admin
Staff member
Joined
Aug 29, 2004
Messages
20,824
I wonder how long it will take for people to finally figure out google is a big part of the problem with security and privacy that we see developing today and finally do something about it?
 

SvenBent

2[H]4U
Joined
Sep 13, 2008
Messages
3,319
who would know putting tons of internet connected sensors in your home on devices that you are not allowed to control 100% are becoming a security risk. put hey... I dont have anyhting to hide right ?

Getting of the political soapbox. i Am pretty amazed by the technical parts of the attack


Also my ussual Privacy Tips

- Dont use. google. chance to duckduckgo.com
- Dont use gmail change to protonmail.com or scryptmail.com
- Install HTTPS everywhere plugin for you browser (Even on android) https://www.eff.org/https-everywhere ( install and forget so you cando it evne on your mom's computer/phone)
- Always deny third party cookies in your browser
- consider chaning to a encrypt DNS system with DNScrypt https://en.wikipedia.org/wiki/DNSCrypt
 

Vermillion

Supreme [H]ardness
Joined
Apr 5, 2007
Messages
4,369
I wonder how long it will take for people to finally figure out google is a big part of the problem with security and privacy that we see developing today and finally do something about it?

How is Google the problem when it's the W3C that approved the API's for this? Just like they did in for GPS and Battery level in the past. Now sites have to ask for GPS access and Battery level information was gutted so that isn't no longer useful for user tracking. Sure Google may have had a hand in those APIs but so did Microsoft and Apple and others.

Any mobile browser that follows W3C standards has this issue. It isn't just Chrome. What we're seeing has absolutely nothing to do with Google. It has everything to do with the world moving to mobile at a rapid pace and attacks are becoming more and more sophisticated. I mean come on, we can steal data from an air gapped computer simply by listening to the cooling fans. So we're surprised somebody found a way to use the phone's sensors to grab browser history? I'm not.
 
Top