Threatened cell phones: MIT study reveals how displays can be hacked to spy on users

The capabilities of light sensors in mobile devices were studied by an MIT team led by Yang Liu. The researchers developed an algorithm to track recorded lighting changes to reconstruct user's actions based on this data.

The tests revealed that regardless of the conditions, the software could capture user interactions with the screen and reveal their activity. While the images weren't always clear, the algorithm correctly detected even gestures performed over the screen, such as during a film.

Using this method, touch-typed passwords could potentially be intercepted, as well as other virtual activities tracked. However, implementing this method is not straightforward.

The main issue lies in the speed of obtaining and processing images. In a laboratory environment, it took an average of one frame every 3.3 minutes. So, for hackers to gain meaningful data in this manner, they would need to control the user over an impractically long period of time.

Despite these hurdles, significant conclusions can be drawn from the MIT research. Light sensors in phones, tablets, and monitors are currently necessary. These powerful tools monitor the device's surrounding lighting and adapt to changes. If set to automatic, the device's screen can brighten in darkness and dim under bright sunlight.

Though this is highly convenient, those testing light sensors suggest that electronics manufacturers should pay closer attention to them, especially when creating touchscreens. They should refrain from using overly precise sensors. If these sensors encourage the display of high-resolution images, using them for tracking becomes noticeably easier.

It would also be beneficial for manufacturers to position light sensors on the side of the device. This would prevent the sensors from being easily exploited by hackers. Additionally, the software used in mobile devices plays a significant role. Mobile operating systems should limit access to light sensors. At present, installed apps only require additional user consent to access folders, take control of the camera, and activate the microphone.