Hello all, I'm Sriram, the first author of this paper. We were inspired by the idea of laser microphones as an audio eavesdropping vector, and tried to find a way to use LIDARs similarly, even though they're not designed for this purpose at all.<p>In the near future, what I think is scarier is the possibility of executing the same attack through self-driving cars LIDARs. Perhaps this would allow attackers to spy on conversations in cars that are driving beside you or stationary next to you at traffic lights.
If only my Roomba was that smart, I wouldn't probably worry about eavesdropping: right now it can barely clean my floor and lock himself in the bathroom forever.<p>Jokes aside, which Robot Vacuum Cleaner is equiped with a LIDAR? So far the only ones that I've seen barely have a proximity sensor, fall sensor and IR sensors . It could be that I've only bought and seen the cheapest versions though.
The "Evil Maid" class of attacks have a new vector: "Evil Digital Maid/Butler" (assume pervasive, fully compromised electronic assistants).<p>iPhone "Evil Maid" => GPS, Mic, Camera, Digital User Impersonation [post social network messages, iMessage, etc.]<p>HomePod "Evil Butler" => Control HomeKit, Mic, Playback Arbitrary Recordings [freeze, this is the police, etc., impersonate a significant other]<p>Roomba "Evil Maid" => Lidar (mm-resolution depth-camera?!?), Virtual Mic, Push/Close Doors, Push/Move Objects [tip over a table w/ candle]<p>WiFi Cams "Evil Maid" => Camera, sometimes speakers, sometimes motion control<p>...if this is how the robot uprising begins, we're a long way from Terminators / SkyNet, but easy to see entire classes of vulnerabilities which are pretty obvious in retrospect.<p>If you haven't seen "Enemy of the State" or "Conspiracy Theory", they're great movies with a similar premise: "What if 'the system' turned against you?"
If you're playing around with this, it might help to be root on the vacuum.
<a href="https://github.com/dgiese/dustcloud" rel="nofollow">https://github.com/dgiese/dustcloud</a>
Here's a clearer photo of the setup -<p><a href="https://umd.app.box.com/s/7qkltjg5xs6cpbjllu8fajpelbs736cm" rel="nofollow">https://umd.app.box.com/s/7qkltjg5xs6cpbjllu8fajpelbs736cm</a><p>It's interesting work. It's a kinda like finding a really weak seemingly impossible to use buffer overflow and now someone has to weaponize it and put it into easy to use metasploit to become just one of 1000s of things to have available.<p>Personally I'm surprised all these robots don't have microphones yet. Not being able to talk to robots makes them pretty lame.
In reality though I never have my lidar robotvac running when I am at home. Even less having a conversation as all robotvac are loud.
I personally would be still more concern about all voice activate device (alexa etc).
This is stupid; if I'm going to be able to sneak an entire robot vacuum cleaner into the victim's environment, I'm putting an actual microphone and even camera in there, and not messing around with LIDAR bouncing off vibrating paper cups.