Assessment
CFSE Consequence Paths assesses Face-Mic: zero-permission motion-sensor speech and speaker-identity eavesdropping on AR/VR headsets (Rutgers/NJIT, 2021) at CRITICAL — the worst of 2 risk paths (perception). The dominant consequence is exposure of sensor or biometric data.
Vulnerability
Face-Mic: zero-permission motion-sensor speech and speaker-identity eavesdropping on AR/VR headsets (Rutgers/NJIT, 2021). Reported attack vector: LOCAL (malicious or sandboxed app reading zero-permission sensors on-device).
CFSE Consequence Paths analysis
The vulnerability is decomposed into one risk path per terminal consequence. Each path is scored on its exposure (reachability × execution complexity) and the authority, perception, and physical/safety it reaches, together with its scale of reuse, scale of execution, and recoverability.
PERCEPTION_PRIVACY → CRITICAL
CPATH:1.0-candidate/TT:PERCEPTION_PRIVACY/RE:3/EC:3/EX:3/PH:0/DP:4/AT:1/CH:2/SR:4/SX:3/OR:4/EV:3/LS:ACTIVE
Exposure EX=3 (reachability and complexity-bound) · bands PH=ELEVATED · DP=CRITICAL · AT=HIGH → base CRITICAL · uplift recall-class recovery · caps privacy-only cap → assessed CRITICAL.
- Position: any installed/sandboxed app or web content reads zero-permission motion sensors using its own artifact, no victim physical access -> RE:3. EC:3 standard ML researcher workflow (sensor capture + deep-learning pipeline). The exploited surface is the absence of a permission gate, not elevated privilege, exploiting a read-only sensor feature -> AT:1. PH:0 no actuation/safety, pure side-channel privacy leak. DP:4: leaks live speech content from sensors users never perceive as a microphone;
- perception_feeds_action — false since the leaked perception does not drive physical action/navigation/therapy.
- boundary_crossing — true: app sandbox -> on-device sensor -> physical acoustic side-channel -> exfiltrated content. CH:2 enables further inference but not a reusable cross-domain authority bridge. SR:4: one model/technique reused across the fleet, exploiting a shared design property of mainstream headsets. SX:3: deployment-wide via app distribution but still per-device install/run, not pure remote fleet command. OR:4: largely unpatchable since sensors are core to head tracking, recovery requires hardware/platform-level change -> recovery_needs_fleet_action=true. EV:3 reproduced in CCS 2021.
- active_exploitation — false (research demonstration, no wild exploitation evidence).
DATA_PRIVACY → HIGH
CPATH:1.0-candidate/TT:DATA_PRIVACY/RE:3/EC:3/EX:3/PH:0/DP:3/AT:1/CH:2/SR:4/SX:3/OR:4/EV:3/LS:ACTIVE
Exposure EX=3 (reachability and complexity-bound) · bands PH=ELEVATED · DP=HIGH · AT=HIGH → base HIGH · uplift recall-class recovery · caps privacy-only cap → assessed HIGH.
- Same access path: zero-permission sensor read via attacker’s own app artifact -> RE:3, EC:3 standard ML workflow. AT:1 absence of permission gate on a read-only sensor, no elevated privilege. PH:0 no actuation/safety impact. Terminal consequence here is biometric identity/gender inference (speaker identity), a persistent biometric/sensitive attribute leak -> DP:3 (health/credential/biometric tier);
- perception_feeds_action — false.
- boundary_crossing — true across app/sensor/physical side-channel. CH:2 biometric identity could feed deanonymization but is not a reusable authority-transfer bridge. SR:4 one reusable model across mainstream headsets exploiting a shared design flaw. SX:3 deployment-wide via app distribution, per-device install. OR:4 unpatchable sensor-design property, recovery needs platform/hardware change -> recovery_needs_fleet_action=true. EV:3 reproduced.
- active_exploitation — false.
Published baseline
No public baseline score has been published for this finding. It belongs to a perception/surveillance harm class that is often outside published vulnerability-scoring coverage. The registry records the reachable consequence path for review.
Sources
- source citation pending public URL