QIF-T0086

medium

Ambient light sensor side-channel exfiltration (screen content inference via reflected light)

Tier 3 — Demonstrated (Lab-proven)

Legacy status: DEMONSTRATED

Ambient light sensors (ALS) in smartphones and tablets are low-resolution photometers (typically 16-bit, 10-100 Hz) that measure environmental illumination for auto-brightness. Since the ALS is near the display, it also captures light reflected back from the display itself and from nearby surfaces illuminated by the display. This creates a side channel: the ALS output correlates with screen content. While the ALS cannot reconstruct a full image, it can distinguish between dark and light screens, detect page scrolling patterns, identify video content by temporal light signatures, and in some cases infer text content via character-level luminance patterns. Crucially, ALS access requires no permission on most mobile platforms — it's treated as a low-risk environmental sensor. This makes it an unrestricted exfiltration channel for screen activity patterns.

Technique Details

Tactic: QIF-S.HV
Status: DEMONSTRATED
Bands: S1, S2, S3

✚ Therapeutic Application

Ambient light sensor captures display-reflected light variations to infer screen content, scrolling patterns, and user activity without requiring camera or screen capture permissions

Neural Impact

3 of 7 neural bands affected

S1 S2 S3

Drag to rotate. Click a region to learn more.

Click or hover over a glowing region to see the attack techniques targeting it and their severity.

Scoring

NISS v1.1 NISS:1.1/BI:N/CR:N/CD:N/CV:P/RV:F/NP:N

CVSS v4.0 CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

0.7Low

Governance

Neurorights at Risk

This technique threatens 1 of the 4 proposed neurorights (Ienca & Andorno, 2017).

MP Mental Privacy

Consent Complexity

0.10 / 4.0

FDORA §3305 Compliance

Cyber Device

Regulatory Coverage

0.5 / 1.0

524B Requirements

TM VA SBOM SA PM

Regulatory Gaps

! No FDA pathway for consumer sensor exploitation
! Software-only attack without software lifecycle standard (IEC 62304)

Population Vulnerability

CRB vulnerability adjustment (γ=0.30) accounts for age, diagnosis severity, consent capacity, and device dependency.

Population	NISS Base	Adjusted	Severity	Delta
Adult (Default)	0.7	0.7	Low	-
Child (10yr) + ADHD	0.7	0.8	Low	+0.12
Adult with ALS	0.7	0.8	Low	+0.11

Validation Status

Theoretical / Not yet validated. This technique has not been independently tested. See the validation dashboard for what has been tested.

Qinnovate Neural Security Atlas Edit this on GitHub