The widespread adoption of light sensors in mobile devices has enabled functionalities that range from automatic brightness control to environmental monitoring. However, these sensors also present significant security and privacy risks within the Android ecosystem due to unrestricted access permissions. This paper explores how light sensor data can be used for covert communication through a novel, light-based out-of-band channel. We develop two approaches–Baseline and ResetBased–that use luminance values to encode and decode data. These methods tackle challenges that arise from data variability and the unpredictability of sensor event timings. To enhance data transmission accuracy, our methods employ a novel strategy for selecting luminance reference sequences and leverage mean-squared-error-based distance for decoding. Experimental results validate the effectiveness of our approaches and their potential for real-world applications.
Read full abstract