Researchers from five American universities have developed an attack capable of eavesdropping on a person’s phone conversations without having access to the microphone, using a devilishly effective backdoor…
To prevent the risk of hacker attacks, a research team from five major universities has set up a system for tapping telephone conversations. A method called “EarSpy” (the ear spy) that works without having access to the device’s microphone.
A method that is as clever as it is frightening
Previously, researchers had managed a similar attack, but using the phone’s “external” speaker, which required a special device to capture the vibrations and convert them into usable data. Assuming that a person is more likely to use the ear speaker for private conversations, the researchers found another way to use vibration to their advantage.
Thus was born “EarSpy”, a new method that uses the top speaker of the device at ear level and the accelerometer sensor built into the mobile phone. The latter makes it possible to capture the tiny vibrations emitted by the speaker during a phone call and analyze them to obtain valuable information.
To do this, the researchers used a set of voice samples that they listened to on two smartphones: the OnePlus 7T and the OnePlus 9, both of which are equipped with stereo speakers. They then analyzed the accelerometer data with several artificial neural network tools, moving closer to statistical methods.
How the “EarSpy” procedure works. © Arxiv.org
The results obtained are surprisingly accurate. In fact, they make it possible to identify the gender of the person speaking with an accuracy of 98.66% using a data sample from the OnePlus 7T. EarSpy was also able to find the person’s identity with an impressive 91.24% success rate, nearly three times better than a random guess.
When transcribing the conversation itself, the accuracy “only” reached 56% to identify a number sequence spoken during the phone call. A result that may seem mediocre, but is still five times more accurate than a random estimate.
Ever safer smartphones
To spy on conversations, the obvious choice would have been to use malware that can record calls by passing through the phone’s microphone. Although Android smartphone security still has room for improvement, it has improved significantly in recent years, making it increasingly difficult for malware to gain the required permissions.
However, EarSpy attacks are still able to bypass these built-in system protections because raw data from a phone’s motion sensors is easily accessible. Manufacturers are increasingly restricting the issue, but researchers believe it is still possible to infiltrate devices in this way to eavesdrop on phone conversations.
On the same topic : Google Home speaker hacked to hear private conversations
The EarSpy attack is obviously not intended to encourage malicious people, but to warn smartphone manufacturers. To address this vulnerability, the researchers recommend positioning motion sensors as far as possible from sources of vibration while reducing sound pressure during phone calls.
Source: Safety Week