So, a few days ago, I’m alerted to a *potential* problem that exists with Ambient Light Sensors and certain web browsers. Ambient Light Sensors are equipped on Apple Macbook Pros and many Android phones. The telemetry fed back from the sensor can have web applications render their web pages differently based upon the client’s lighting conditions. If you ask me, I’d say that’s a pretty nifty thing. Of course, there’s a catch. By keeping the screen on, a miscreant web page can manipulate the sensor and then extract the browser’s history.
‘ Be default, the Firefox browser is the most vulnerable. Google’s Chrome requires a configuration option be turned on to be vulnerable.
You can read all the technical details from this researcher here: < a href="https://blog.lukaszolejnik.com/stealing-sensitive-browser-data-with-the-w3c-ambient-light-sensor-api/">https://blog.lukaszolejnik.com/stealing-sensitive-browser-data-with-the-w3c-ambient-light-sensor-api/
Currently, it is only in the “proof of concept” phase – no sources on GitHub!!