There has been a flurry of research into using the various sensors on your phone to steal data in surprising ways. Here’s another: using the phone’s ambient light sensor to detect what’s on the screen. It’s a proof of concept, but the paper’s general conclusions are correct:
There is a lesson here that designing specifications and systems from a privacy engineering perspective is a complex process: decisions about exposing sensitive APIs to the web without any protections should not be taken lightly.
Leave a reply