Meaningful Hardware Privacy for a Smart and Augmented Future

Smart home devices are becoming increasingly popular in our living spaces. Wearable devices that let you capture photos and videos in the moment, without taking out your phone, are designed to take with you everywhere you go. In the future, augmented reality (AR) glasses will feature a wide variety of cameras and sensors for capturing and understanding your surroundings. Because these devices transcend the keyboard, many of them feature sensors that are always-on, such as the wake word engines of smart voice assistants. Yet, despite thier many benefits, these emerging computing platforms also present new classes of security and privacy challenges to users and bystanders alike.

As these devices are gaining adoption, there are two evolving hardware privacy features that promise awareness and user control over sensor privacy - the Recording Indicator LED light and the Privacy “Mute” Switch. However, very little has been published on their design and security. How do these features work? Are they trustworthy? What does the LED actually mean?

This talk will describe these hardware privacy mechanisms and explain in detail their design, purpose, and security properties. We'll explore the constraints and trade-offs that influence their function and discuss the importance of hardware security assurance. I’ll clarify what privacy LED indicators mean, don't mean, and why augmented reality poses new challenges to their semantics.

These privacy features are deceptively simple and evolving. To preserve their meaning and potential for trustworthy privacy protection, we need to come together as an industry and align on new security and privacy standards.