Mobile Hacking

EarSpy used motion sensors to spy on Android phones and listen in.

Published

on

A new attack technique for Android smartphones was developed by researchers from five universities in the United States. It can, to varying degrees, identify the caller’s gender and identity, as well as decipher private conversations.

The side-channel attack, which goes by the name “EarSpy,” aims to record data from motion sensors that are affected by reverberations from mobile device ear speakers.

Although smartphone speakers have been subjected to eavesdropping attacks, it was determined that ear speakers were insufficient to generate sufficient vibrations for a side-channel attack. Smartphones of today, on the other hand, have more sensitive motion sensors and stereo speakers that can pick up even the tiniest vibrations from the speakers.

The majority of smartphones’ built-in sensors, motion sensors, are known to be susceptible to eavesdropping. Adversaries collect audio (such as voice conversations), touch screen inputs, and even indoor locations using motion sensors. As adversaries do not require explicit permission to collect raw data from them, eavesdropping through motion sensors is simple,” the researchers wrote in a technical paper.

Using various sets of pre-recorded audio that were played only through the ear speakers of the two devices, the team tested their method on a OnePlus 7T and OnePlus 9 running Android 11 and Android 12. During a simulated call, the researchers also used a third-party app called “Physics Toolbox Sensor Suite” to capture accelerometer data and then used MATLAB to analyze the data.

A machine learning (ML) system was trained with easily accessible datasets to recognize voice content, caller identity, and gender.

According to the researchers, “we found up to 98.6 percent accuracy on gender detection, up to 92.6% accuracy on speaker detection, and up to 56.42 percent accuracy on speech detection,” which “proves the presence of distinguishing speech features in the accelerometer data that the adversaries can leverage for eavesdropping”

“Even though more recent smartphones have ear speakers that are larger and more powerful, they still keep the volume down to a manageable level to ensure that users are comfortable while speaking on the phone. As a consequence of this, they are unable to have a significant effect on the raw accelerometer data,” they added. Nonetheless, our outcome shows that it is adequate for the enemy to sensibly distinguish critical discourse highlights (e.g., orientation, speaker’s character, discourse).”

Leave a Reply

Your email address will not be published. Required fields are marked *

Trending

Exit mobile version