The SPQR Group is moving to Northeastern University in Boston! We work broadly on research problems pertaining to embedded security. We explore the research frontiers of computer science, electrical and computer engineering, and healthcare. Our latest projects examine how to protect analog sensors from intentional electromagnetic, acoustic interference, and light injection.

Our Values

Towards the Community

• Respect: Treating others with due regard for their abilities, hard work, and humanity.
• Inclusion: Celebrating our differences that lead to more meaningful impact.
• Collaboration: Bringing together diverse thinking and skill sets to make a sum that is better than its parts.

Towards Research

• Responsibility: Ownership of our research and our lab to ensure we are doing the best possible work.
• Impact: Dedication to long-term outcomes that disrupt the status quo and improve the world.
• Transparency: Constructively sharing both good news and bad: negative results are part of the journey for evolving research.

Towards Ourselves

• Honesty: Sincerity towards others and towards ourselves in both research and relationships
• Curiosity: Preserving the passion to learn, discover, and innovate that drives our work.
• Fun: Enjoying our time together. What’s the point otherwise?

Light Commands

Light Commands is a vulnerability of MEMS microphones that allows attackers to remotely inject inaudible and invisible commands into voice assistants, such as Google assistant, Amazon Alexa, Facebook Portal, and Apple Siri using light. In our paper we demonstrate this effect, successfully using light to inject malicious commands into several voice controlled devices such as smart speakers, tablets, and phones across large distances and through glass windows.

Side Eye: Extract Sound from Muted Videos

Side Eye is a technique that allows adversaries to extract acoustic information from a stream of camera photos. When sound energy vibrates the smartphone body, it shakes camera lenses and creates tiny Point-of-View (POV) variations in the camera images. Adversaries can thus infer the sound information by analyzing the image POV variations. Side Eye enables a family of sensor-based side channel attacks targeting acoustic eavesdropping even when smartphone microphone is disabled.

Poltergeist: Manipulating Computer Vision Systems with Acoustics and Motion

As cameras become increasingly pervasive, the security and privacy of computer vision systems is a focus of SPQR's research. Our work explores how different physical processes such as acoustics and motion are captured and interpreted by cameras, and how malicious parties may exploit these effects to intentionally adulterate vision systems’ output or exfiltrate sensitive information from it. Our recent research shows acoustic injections into cameras may cause accidents to autonomous vehicles.

Good Reads

• Grand Challenges for Embedded Security Research in a Connected World
• PyCRA
• On Cuba, Diplomats, Ultrasound, and Intermodulation Distortion
• Pacemaker Recall Exposes National Need for Research and Education in Embedded Security
• The New York Times - It's Possible to Hack a Phone With Sound Waves, Researchers Show

Related Initiatives

• NSF Frontiers Trustworthy Health and Wellness project (THAW)
• Archimedes Center for Medical Device Security
• Protecting Automotive Analog Sensor Security (PASS)
• Strategic Healthcare IT Advanced Research Projects on Security (SHARPS)

SPQR Blog Posts