Android phone callers can be spied on via the motion sensors

EarSpy attack eavesdrops on Android phones via motion sensors
Security researchers from five universities in the US have banded together to demonstrate how one can eavesdrop on Android phones by using their motion sensors. Called EarSpy, the proof-of-concept security scare they developed piggybacks on the vibrations that a phone's ear speaker produces which can be subsequently detected by its motion sensors.

The readings allowed the scientists to be able to tell speech or caller identification, as well as personal traits like gender by simply reading the motion sensors data. This has been done before, but with a phone's loudspeaker, while with the advent of stereo sound in modern phones, the earpieces are getting more and more powerful, allowing the researchers to apply machine learning algorithms that were able to eavesdrop on the handset's owners by collecting the motion sensors data.

To prove that phone manufacturers need to even out the sound pressure during phone conversations and make sure that the motion sensors placement doesn't let them pick up the earpiece vibrations in a discernible manner, they used an old 2016 OnePlus 3T which didn't really appear on the spectrogram, while the stereo sound of a 2019 OnePlus 7T registered, and the newer OnePlus 9 series also didn't fare well.

This so-called side-channel attack can easily be thwarted, though, via simply lowering the volume of your earpiece so that the motion sensors would have a hard time picking up viable reverberations that can later be attributed to gender, caller identification, or private speech.

With Android 13, Google tries to prevent such privacy backdoors by asking for permission to collect sensor data with sampling rates at or above 200 Hz. At 200 Hz, however, the accuracy of the picked signal is only lowered by 10%, so that's not really a preventative option, whereas at the stock 400–500 Hz sampling rate speech recognition is near impossible via motion sensor reaction.

"As there are ten different classes here, the accuracy still exhibits five times greater accuracy than a random guess, which implies that vibration due to the ear speaker induced a reasonable amount of distinguishable impact on accelerometer data," warn the researchers.

Loading Comments...
FCC OKs Cingular\'s purchase of AT&T Wireless