LuxTrack: Activity Inference Attacks via Smartphone Ambient Light Sensors and Countermeasures

Ambient light sensors (ALSs) are integrated into mobile devices to enable various functionalities, such as automatic adjustment of screen brightness and background color. ALSs can be used to record the light intensity in the surrounding environment without requiring permission from the user. However...

Full description

Saved in:
Bibliographic Details
Published in:IEEE internet of things journal 2024-09, Vol.11 (17), p.28734-28751
Main Authors: Seyedkazemi, Seyedpayam, Gursoy, M. Emre, Saygin, Yucel
Format: Article
Language:English
Subjects:
Accuracy
Ambient light sensor (ALS)
Applications programs
Background noise
Color
Datasets
Electronic devices
Feature extraction
Inference
Internet of Things
Light
Luminous intensity
Machine learning
machine learning (ML)
Mobile computing
mobile privacy
Portable computers
Privacy
security
Sensors
side-channel attack
Smartphones
Task analysis
Temperature sensors
Videos
Citations: Items that this one cites
Online Access:Get full text
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:Ambient light sensors (ALSs) are integrated into mobile devices to enable various functionalities, such as automatic adjustment of screen brightness and background color. ALSs can be used to record the light intensity in the surrounding environment without requiring permission from the user. However, this ability raises novel privacy risks. In this article, we propose LuxTrack, a side-channel privacy attack that uses the ALS of a smartphone to infer the user's activity on a nearby laptop using the light emitted from the laptop screen. To demonstrate LuxTrack, we developed an Android app that records the light intensity data from the ALS of a mobile device, and used this app to create an ALS light intensity data set in a controlled environment with real human subjects. From this data set, LuxTrack extracts a total of 187 features under six categories and trains six different machine learning models for activity inference. Experiments show that LuxTrack can achieve up to 80% accuracy in inferring the sites/apps the user is viewing on their laptop. We then propose three countermeasures against LuxTrack: 1) binning; 2) smoothing; and 3) noise addition. We demonstrate that while these countermeasures are effective in reducing attack accuracy, they also yield a reduction in the accuracy of legitimate tasks (e.g., adjusting screen background color). By conducting a tradeoff analysis between the attack accuracy and legitimate task accuracy, we show that the choice of the right countermeasure and parameters can enable the reduction of attack accuracy to below 30% while only incurring 3% loss in legitimate task accuracy.
ISSN:2327-4662
2327-4662
DOI:10.1109/JIOT.2024.3406208