Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
DEAL: For $25 - Add A Second Phone Number To Your Smartphone for life! Use promo code SLASHDOT25. Also, Slashdot's Facebook page has a chat bot now. Message it for stories and more. Check out the new SourceForge HTML5 Internet speed test! ×

Submission + - Ambient Light Sensors Can Be Used to Steal Browser Data (bleepingcomputer.com)

An anonymous reader writes: Over the past decade, ambient light sensors have become quite common in smartphones, tablets, and laptops, where they are used to detect the level of surrounding light and automatically adjust a screen's intensity to optimize battery consumption... and other stuff. The sensors have become so prevalent, that the World Wide Web Consortium (W3C) has developed a special API that allows websites (through a browser) to interact with a device's ambient light sensors. Browsers such as Chrome and Firefox have already shipped versions of this API with their products.

According to two privacy and security experts, malicious web pages can launch attacks using this new API and collect data on users, such as URLs they visited in the past and extract QR codes displayed on the screen. This is possible because the light coming from the screen is picked up by these sensors. Mitigating such attacks is quite easy, as it only requires browser makers and the W3C to adjust the default frequency at which the sensors report their readings. Furthermore, the researcher also recommends that browser makers quantize the result by limiting the precision of the sensor output to only a few values in a preset range. The two researchers filed bug reports with both Chrome and Firefox in the hopes their recommendations will be followed.

This discussion was created for logged-in users only, but now has been archived. No new comments can be posted.

Ambient Light Sensors Can Be Used to Steal Browser Data

Comments Filter:

"The following is not for the weak of heart or Fundamentalists." -- Dave Barry

Working...