Qualcomm introduces Always-On technology – and completely misunderstands privacy concerns

06-12-2021 | By Robin Mitchell

Qualcomm recently announced that it has developed its latest technologies to allow cameras to always be on. What exactly does the new technology claim to do, why is it a complete blunder on Qualcomm’s part, and how will such technology affect future designs?

What is Qualcomm’s Always-On Computer Vision Module (CVM)?

Recently, Qualcomm announced a new technology feature in their Computer Vision Module called Always-On. This feature allows for camera devices to always be operational and allow for devices to react to environmental changes while keeping energy usage low. For example, a device can be fitted with a CVM, put into a low-energy state, and then wake up when detecting an individual waving at the camera.

What makes the CVM special is that real-time cameras and image processing algorithms are energy-intensive processes. Qualcomm’s CVM with Always-On technology allows devices to be woken up when detecting something of interest and only consume milliwatts of power. Furthermore, the CVM does not output image data but only camera metadata which does not include images. As all image processing is done internally on the module, images cannot be taken directly from the CVM.

Why is the CVM Always-On a complete blunder?

Currently, the world is undergoing a security and privacy revolution; customers are covering up their unused cameras, companies are obliged to protect user devices, and governments are introducing legislation to prevent insecure devices from being sold. The threat to privacy from bad actors has continued to grow thanks to the large amounts of personal data being generated by individuals, which is frequently stored on cloud services.

It is evident that privacy is important to consumers, and businesses worldwide are rightly capitalising on this with improved security systems, advanced encryption engines, and process monitoring technologies.

This leads us to wonder what on earth was going through the minds of engineers at Qualcomm when suggesting an Always-On technology?

If asked this question, Qualcomm would undoubtedly point to their CVM design and state that the chip itself does not produce image data, only metadata from whatever the camera sees. For example, gestures such as waving hands would not be sent as an image of waving hands to a central controller, but instead a message with some command string (such as CMD:WAVING).

But it should be understood that just about every system designed to date has some kind of bug or flaw. As such, there is a very real risk that some external device or program may be able to confuse the CVM with a buffer overflow or incorrect command programming and, in this state, draw images from the camera. Exactly how this attack could be made is not currently known. Considering that even Intel CPUs have been hacked with bit manipulation in adjacent registers, one would be amazed at how hackers can gain entry into even the securest systems.

The optics of the announcement (pardon the pun) could also be argued to have been poorly orchestrated. Of all examples Qualcomm could have chosen to announce their new technology, they suggested that it could be used in children’s toys that always watch them. Even if their system is secure, public opinion on devices that monitor children is unequivocal, and the horror stories of IoT-enabled toys still remain strong in parents’ memories.

Such technologies can also fall victim to poor implementation. While the CVM itself could be perfectly safe, the ability to keep a camera on at all times could see poor designs fall victim to hackers. For example, the CVM could be used in conjunction with a custom image processor, and the CVM keeping the camera active may also allow the image processor to read data from the camera. The CVM sends a “disable message” to the custom image processor to prevent camera reading when in sleep mode. Still, a hacker may find a way to bypass this and re-active the image processor to obtain camera data.

How could Always-On change technology in the future?

Always-On technology will undoubtedly receive pushback from consumers and governments due to the overwhelming risk to privacy and security.

However, if such technology finds its way into everyday devices, it could lead to complacency and public acceptance of always-on technology. Devices that would be shunned and outlawed today could become commonplace, and the idea of being unseen could be a privilege that very few get to have.

Furthermore, the mass use of such technology could eventually lead to devices always being on whose raw images are being processed. Unlike the CVM by Qualcomm, which produces metadata, future devices would take images from cameras and microphones, process the data, and potentially store this data on a remote server (this is almost a reality with many smart home devices such as Amazon Echo).

Engineers need to ask themselves serious questions about implementing Always-On technologies. Sure, they may be practical for the home and ideal for offices, but are they necessary? Does their implementation only encourage more monitoring, and if security on such devices fails, what will be the repercussions?