Researchers at the University of Maryland and the National University of Singapore have developed a process they call LidarPhone. In the experiment they have malware on a Robot vacuum cleaner installed with which you can access the data from the integrated LiDAR sensor. The vibrations caused by sound waves can also be filtered out of these by scanning certain surfaces.
The basic principle is basically nothing new: laser microphones have been around for a long time. With them it is possible, for example, to measure the slight vibrations of window panes and thus find out from a distance what is being discussed in a room behind. This is much easier than getting into the building and installing classic bugs.
Hijack laser module
The researchers have now also made use of the principle by tapping the LiDAR components in vacuum cleaner robots, as shown in a report in the US magazine ZDNet emerges. These laser modules are also used, which are actually intended to map the surroundings and enable the system to navigate through the apartment. If, however, the laser can be aimed at a suitable surface such as a pane of glass or a paper bin, the system can also be misused as a microphone.
However, this only works if the malware was specifically developed for the respective LiDAR module. Because its laser scanning usually rotates very quickly in order to keep an eye on the surroundings at all times. However, the attacker must ensure that the light beam is continuously aimed at the surface from which the sound is to be picked up.
The method is known so far only from the academic research mentioned and there is no evidence that the attack is already being used in practice. However, it shows once again the need for IoT systems such as vacuum cleaner robots to require an IT security concept and regular patches.