A team of researchers has created an eavesdropping attack for Android devices that, to varying degrees, can identify the gender and identity of the caller and even decipher private speech.
EarSpy Attack
The side-channel attack, EarSpy, opens up new possibilities of eavesdropping via motion sensor data readings produced by reverberations from ear speakers in mobile devices. The attack was initially established in smartphone loudspeakers, since ear speakers were comparatively weak, to produce adequate vibrations for eavesdropping.
However, today's smartphones include stereo speakers that are more potent, providing far higher sound quality and stronger vibrations.
The Experiment
EarSpy is an experiment conducted by a team of researchers from universities like Rutgers University, Texas A&M University, Temple University, New Jersey Institute of Technology, and the University of Dayton.
- The researchers utilized the OnePlus 7T and OnePlus 9 devices along with varying sets of pre-recorded audio that was exclusive via the ear speakers of the two devices.
- During a simulated call, a third-party app named Physics Toolbox Sensor Suite was used in order to capture accelerometer data.
- They then analyzed the audio stream using MATLAB to extract characteristics.
The research team discovered that caller gender identification on OnePlus 7T device ranged between 77.7% and 98.75%, speech recognition between 51.85% and 56.4%, and caller ID classification between 63.0% and 91.2%.
This demonstrated the existence of speech feature differentiation in the accelerometer data that attackers can use for eavesdropping. The gender of the user could be ascertained by attackers utilizing a lower sampling rate, as demonstrated by EarSpy's focus on gender recognition using data gathered at 20 Hz.
How to Prevent Eavesdropping?
To prevent eavesdropping using sensor data, researchers suggested limiting permissions so that third-party programmes cannot capture sensor data without the user's permission. To avoid unintentional data breaches, Android 13 prohibits the collecting of sensor data at 200 Hz, without the user's consent.
Mobile device manufacturers shall remain cautious while designing more potent speakers and instead concentrate on keeping a similar sound pressure during audio conversations as was maintained by old-generation phones' ear speakers.
Moreover, it is recommended to position motion sensors as far from the ear speaker as possible, to minimize the phone speaker’s vibrations and alleviate the likelihood of spying.
