Stealing sensitive browser data with the W3C Ambient Light Sensor API

In this post we describe and demonstrate a neat trick to exfiltrate sensitive information from your browser using a surprising tool: your smartphone or laptop’s ambient light sensor. In short: We provide background about the light sensor API and current discussions to expose it more broadly to websites. We…

Read more

Web Bluetooth API Privacy

Web Bluetooth - a web API under development, and will be one of the core components of Web of Things, the application layer of Internet of Things. It will enable sensors, beacons and user devices to communicate with each other. But at first: it will enable a web browser to…

Read more

Battery Status readout as a privacy risk

Introduction Privacy risks and threats arise and surface even in seemingly innocuous mechanisms. We have seen it before, and we will see it again. Recently, I participated in a study assessing the risk of W3C Battery Status API. The mechanism allows a web site to read the battery level of…

Read more