An MIT study reveals how light sensors in phones can be exploited by hackers to reconstruct users’ tactile interactions.
People have a lot of trust in their cell phones; we use them to make payments, work and write down last night’s strange dreams (thanks to the Notes app). But unfortunately, they can also be used to target us, and a recent study by researchers at MIT revealed how hackers could exploit a phone’s light sensor to track and reconstruct our activity.
Phones use ambient light sensors to detect surrounding light levels and adjust brightness accordingly, if set to an automatic adjustment option. While other phone features require user permission to allow apps to access them, such as the camera or microphone, light sensors usually don’t. This is what researchers believe can be exploited.
Led by Yang Liu, the MIT team developed an algorithm that can use variations captured by the light sensor to reconstruct images of a person’s tactile interactions with their phone, such as scrolling or swiping.
They tested the algorithm on a stock Android tablet in several situations, including placing a mannequin in front of the screen and using a dummy, cardboard cutout, or human hand to touch it, as well as seeing whether it could detect gestures during watching videos. Under all circumstances, the results revealed that the light sensor data could be used to detect interactions with the screen and create images of them.
Pixelated images reconstructed from gestures on an Android tablet.
Yang Liu et al., Science Advances 2023 (
If this all sounds a little scary, you’ll be happy to know that such a threat is far from imminent. The rate at which images could be retrieved in the study was just one frame every 3.3 minutes – slow enough to make it difficult for anyone trying to obtain the images to keep up with your real-time phone interactions. And even if they manage to get the images, if recovered from a natural video, the images can be quite blurry.
However, researchers have come up with some ways to mitigate some of the potential risks. The main focus is the software; they recommend limiting access to ambient light sensors, so that users must give permission in the same way as camera or microphone requests.
They also suggest limiting the sensors’ capabilities, keeping accuracy and speed low enough to avoid high-resolution images, and placing the sensor on the side of the device where it can’t detect the most revealing gestures.
And if you’re also worried that your phone is listening to you, don’t worry – it’s not. In fact, you should probably think about giving it a proper cleaning.
The study is published in Science Advances.