www.androidpolice.com Open in urlscan Pro
44.196.161.176  Public Scan

URL: https://www.androidpolice.com/earspy-attack-eavesdrop-using-motion-sensors/
Submission: On January 03 via manual from DE — Scanned from DE

Form analysis 1 forms found in the DOM

GET /search/?q=

<form method="get" class="search-form js-searchBox icon i-search" id="searchform2" action="/search/?q=">
  <input id="js-search-input" type="text" name="q" class="input-text search-input" autocomplete="off" placeholder="Search Android Police" autofocus="">
</form>

Text Content

ANDROID POLICE




 * Latest
   * News
   * Deals
   * Podcast
 * Categories
   * Android
   * ChromeOS
   * Google
   * Phones
   * Wearables
   * Smart home
   * Chromebooks
   * Tablets
   * Games
   * Apps
 * Reviews, Guides & Features
   * Reviews
   * Editorials
   * Guides & How-tos
   * Features
 * The Best
   * The best Android phones
   * The best smartwatches
   * The best Android tablets
   * The best Chromebooks
   * The best Android apps
   * The best Android games
   * The best wireless earbuds
 * More
   * Share a tip!
   * AP's privacy policy
   * Meet the team
   * Write for us!
 * Newsletter

Follow Us
Follow Android Police
 * 
 * 
 * 
 * 
 * 
 * 
 * 
 * 
 * 




 * Home
 * Phones


EARSPY CAN EAVESDROP ON YOUR PHONE CONVERSATIONS USING MOTION SENSORS

By Chethan Rao
Published 2 days ago


Researchers from five American colleges have collectively developed this
side-channel attack


Readers like you help support Android Police. When you make a purchase using
links on our site, we may earn an affiliate commission. Read More.

READ UPDATE

 * Clarifications

Mobile security is kind of like a highway: new potholes form every day and its
throughput capabilities are highly dependent on the drivers taking care not to
cause a pile-up. Whether these crashes are caused by researchers sniffing out a
new vulnerability, players down the security chain not doing their part, or
worse, all of it's happening day in, day out. A group of researchers from some
of America's most reputed academic institutions have now developed an attack
named EarSpy, designed to capture what users say through curiously crafty means.

ANDROIDPOLICE VIDEO OF THE DAY
Close
Powered By

10



Customizing the Galaxy Note 20 Ultra: making it mine


Share

Next
Stay







This effort is being carried out jointly by experts at the University of Dayton,
New Jersey Institute of Technology, Rutgers University, Texas A&M University,
and Temple University. Researchers have attempted to gather vibrations from a
phone's loudspeaker in the past, but this particular attack is effective even
when the user is holding the phone to their ear, SecurityWeek reports.

The research team tested out its EarSpy exploit by playing a series of voice
samples through the OnePlus 7T and the OnePlus 9 and analyzed accelerometer data
with several neural network tools and recorded astonishingly accurate results
with regards to identifying the gender of the speaker as well as the words
spoken. By contrast, the data was hard to capture on older OnePlus models due to
the lack of a stereo speaker system, the researchers said in their paper.

Source: Arxiv.org

Newer Android versions have a more robust security apparatus, making it
exceedingly difficult for malware to get the requisite permissions. But EarSpy
attacks can still bypass these built-in safeguards as raw data from a phone's
motion sensors are easily accessible. Although more manufacturers are now
placing limits on obtaining data from the device's sensors, EarSpy researchers
believe it's still possible to infiltrate the device and eavesdrop on a
conversation.


4 Images

Close


As for the effectiveness of this attack, the researchers say EarSpy could
correctly tell the difference between males and females in 98.66% of samples in
one particular set played through the OnePlus 7T. Across both phones, two sample
sets, and multiple analysis models, gender recognition is fairly accurate with
the lowest reading being 65.53%. Furthermore, EarSpy could detect the person's
identity with a ridiculous 91.24% top accuracy rate — nearly three times better
than a random guess.

When it comes to actually understanding what was spoken, though, accuracy falls
significantly. Recognition models were tested against samples featuring actors
reciting a sequence of digits — not out of place if we're talking about sharing
personal identifiable information like a credit card number over the phone. The
best performer achieved a 56% hit rate, though researchers say this is still
five times more accurate than making a random guess.

The paper's authors say that while the actual impact of speakerphone vibrations
on raw accelerometer data is relatively low and that algorithmic word detection
off that data is extremely spotty, adversaries who use the EarSpy exploits can
still determine the key components of what is being spoken and who is speaking
it.



In theory, EarSpy could be leveraged by malware that has infiltrated the device
and relay accelerometer data back to the source of the attack. This report
highlights the importance of additional hardware safeguards, especially with
components like motion sensors that may not seem like easy targets at first
glance.

To remedy this potential vulnerability in modern-day smartphones, the
researchers recommend smartphone makers to position motion sensors away from any
source of vibrations while also reducing sound pressure during phone calls.


UPDATE: 2023/01/02 15:30 EST BY JULES WANG

Clarifications

This article has been updated to provide more specifics about the data we've
cited from the paper.


Subscribe to our newsletter
Comments 0
Share Tweet Share Share Share
Copy
Email
Share

Share Tweet Share Share Share
Copy
Email
Link copied to clipboard

Related Topics
 * News
 * Phones
 * security
 * vulnerability

About The Author
Chethan Rao • News Writer (122 Articles Published)


Chethan Rao is a weekend news writer for Android Police. He has written about
tech for around a decade and has a soft spot for the latest Android hardware. In
his free time, CR usually watches random cricket streams and NBA highlights or
catches up on his backlog of TV shows. He also enjoys the occasional hour or two
of console gaming.


Close



 * NEWS


 * REVIEWS

0



ARLO'S SMART SECURITY CAMERA SUBSCRIPTION PRICES WILL RISE NEXT MONTH

1 hour ago
1



THE SAMSUNG GALAXY NOTE 10 SERIES IS FIRST IN LINE FOR THE JANUARY SECURITY
PATCH

18 hours ago
0



THE REALME GT NEO 5 COULD REDEFINE FAST CHARGING AS WE KNOW IT

19 hours ago
See More
0



AMAZON FIRE HD 8 (2022) REVIEW: ONLY SLIGHTLY BETTER

21 hours ago
89



ANDROID 13 REVIEW: THE UPDATE WE NEED, NOT THE ONE WE WANT

4 days ago
0



BLINK VIDEO DOORBELL REVIEW: AN AFFORDABLE AND SMART WAY TO WELCOME YOUR
VISITORS

6 days ago
See More


TRENDING NOW

13



AMAZON MUSIC OPENS UP ITS ENTIRE LIBRARY TO EVERY PRIME SUBSCRIBER, WITH ONE
MAJOR CATCH

0



7 USEFUL SAMSUNG NOTES TIPS AND TRICKS

5



GOOGLE STREET VIEW APP WILL SHUT DOWN IN 2023, PHOTO PATHS WILL END WITH IT


READ NEXT

10



THE TOP 10 FREE MOVIE STREAMING SITES

5



GOOGLE GIVES UP ON ENFORCING ITS IN-APP PLAY STORE BILLING SYSTEM IN INDIA FOR
NOW

2



HOW TO SET UP ONE UI 5 HOMESCREEN ON SAMSUNG GALAXY PHONES

33



THE GOOGLE PLAY STORE'S LATEST 'UPDATE' IS BIGGER THAN EVER

 * Share A Tip
 * Home
 * Write For Us
 * Terms
 * Privacy
 * Copyright
 * Meet The Team
 * About Us
 * Fact Checking Policy
 * Corrections Policy
 * Ethics Policy
 * Ownership Policy
 * Partnership Disclaimer
 * Contest Rules


Copyright © 2023 www.androidpolice.com


user-signalWir schätzen Ihre Privatsphäre
Alles ablehnenAlles akzeptieren
Wir und unsere Partner informationen auf einem gerät speichern und/oder abrufen.
Für die Ihnen angezeigten Verarbeitungszwecke können Cookies, Geräte-Kennungen
oder andere Informationen auf Ihrem Gerät gespeichert oder abgerufen werden.
Anzeigen und Inhalte können basierend auf einem Profil personalisiert werden. Es
können Daten hinzugefügt werden, um Anzeigen und Inhalte besser zu
personalisieren. Die Leistung von Anzeigen und Inhalten kann gemessen werden.
Erkenntnisse über die Zielgruppen, die die Anzeigen und Inhalte gesehen haben,
können abgeleitet werden. Ihre Daten können verwendet werden, um bestehende
Systeme und Software zu verbessern und neue Produkte zu entwickeln.

Einige Partner bitten nicht um Ihre Zustimmung zur Verarbeitung Ihrer Daten und
verlassen sich stattdessen auf deren berechtigtes Interesse. Sehen Sie sich
unsere Liste der Partner an, um zu sehen, für welche Zwecke sie ein berechtigtes
Interesse haben und wie Sie dagegen Einwände erheben können.

Ihre Auswahl auf dieser Website wird für diese Website angewendet. Sie können
Ihre Einstellungen jederzeit ändern, indem Sie Ihre Einwilligung widerrufen,
indem Sie auf das Schlosssymbol in der unteren rechten oder linken Ecke klicken.

checklistZweckesettings-toggle-horizontalPartner
Powered By