www.androidpolice.com
Open in
urlscan Pro
44.196.161.176
Public Scan
URL:
https://www.androidpolice.com/earspy-attack-eavesdrop-using-motion-sensors/
Submission: On January 03 via manual from DE — Scanned from DE
Submission: On January 03 via manual from DE — Scanned from DE
Form analysis
1 forms found in the DOMGET /search/?q=
<form method="get" class="search-form js-searchBox icon i-search" id="searchform2" action="/search/?q=">
<input id="js-search-input" type="text" name="q" class="input-text search-input" autocomplete="off" placeholder="Search Android Police" autofocus="">
</form>
Text Content
ANDROID POLICE * Latest * News * Deals * Podcast * Categories * Android * ChromeOS * Google * Phones * Wearables * Smart home * Chromebooks * Tablets * Games * Apps * Reviews, Guides & Features * Reviews * Editorials * Guides & How-tos * Features * The Best * The best Android phones * The best smartwatches * The best Android tablets * The best Chromebooks * The best Android apps * The best Android games * The best wireless earbuds * More * Share a tip! * AP's privacy policy * Meet the team * Write for us! * Newsletter Follow Us Follow Android Police * * * * * * * * * * Home * Phones EARSPY CAN EAVESDROP ON YOUR PHONE CONVERSATIONS USING MOTION SENSORS By Chethan Rao Published 2 days ago Researchers from five American colleges have collectively developed this side-channel attack Readers like you help support Android Police. When you make a purchase using links on our site, we may earn an affiliate commission. Read More. READ UPDATE * Clarifications Mobile security is kind of like a highway: new potholes form every day and its throughput capabilities are highly dependent on the drivers taking care not to cause a pile-up. Whether these crashes are caused by researchers sniffing out a new vulnerability, players down the security chain not doing their part, or worse, all of it's happening day in, day out. A group of researchers from some of America's most reputed academic institutions have now developed an attack named EarSpy, designed to capture what users say through curiously crafty means. ANDROIDPOLICE VIDEO OF THE DAY Close Powered By 10 Customizing the Galaxy Note 20 Ultra: making it mine Share Next Stay This effort is being carried out jointly by experts at the University of Dayton, New Jersey Institute of Technology, Rutgers University, Texas A&M University, and Temple University. Researchers have attempted to gather vibrations from a phone's loudspeaker in the past, but this particular attack is effective even when the user is holding the phone to their ear, SecurityWeek reports. The research team tested out its EarSpy exploit by playing a series of voice samples through the OnePlus 7T and the OnePlus 9 and analyzed accelerometer data with several neural network tools and recorded astonishingly accurate results with regards to identifying the gender of the speaker as well as the words spoken. By contrast, the data was hard to capture on older OnePlus models due to the lack of a stereo speaker system, the researchers said in their paper. Source: Arxiv.org Newer Android versions have a more robust security apparatus, making it exceedingly difficult for malware to get the requisite permissions. But EarSpy attacks can still bypass these built-in safeguards as raw data from a phone's motion sensors are easily accessible. Although more manufacturers are now placing limits on obtaining data from the device's sensors, EarSpy researchers believe it's still possible to infiltrate the device and eavesdrop on a conversation. 4 Images Close As for the effectiveness of this attack, the researchers say EarSpy could correctly tell the difference between males and females in 98.66% of samples in one particular set played through the OnePlus 7T. Across both phones, two sample sets, and multiple analysis models, gender recognition is fairly accurate with the lowest reading being 65.53%. Furthermore, EarSpy could detect the person's identity with a ridiculous 91.24% top accuracy rate — nearly three times better than a random guess. When it comes to actually understanding what was spoken, though, accuracy falls significantly. Recognition models were tested against samples featuring actors reciting a sequence of digits — not out of place if we're talking about sharing personal identifiable information like a credit card number over the phone. The best performer achieved a 56% hit rate, though researchers say this is still five times more accurate than making a random guess. The paper's authors say that while the actual impact of speakerphone vibrations on raw accelerometer data is relatively low and that algorithmic word detection off that data is extremely spotty, adversaries who use the EarSpy exploits can still determine the key components of what is being spoken and who is speaking it. In theory, EarSpy could be leveraged by malware that has infiltrated the device and relay accelerometer data back to the source of the attack. This report highlights the importance of additional hardware safeguards, especially with components like motion sensors that may not seem like easy targets at first glance. To remedy this potential vulnerability in modern-day smartphones, the researchers recommend smartphone makers to position motion sensors away from any source of vibrations while also reducing sound pressure during phone calls. UPDATE: 2023/01/02 15:30 EST BY JULES WANG Clarifications This article has been updated to provide more specifics about the data we've cited from the paper. Subscribe to our newsletter Comments 0 Share Tweet Share Share Share Copy Email Share Share Tweet Share Share Share Copy Email Link copied to clipboard Related Topics * News * Phones * security * vulnerability About The Author Chethan Rao • News Writer (122 Articles Published) Chethan Rao is a weekend news writer for Android Police. He has written about tech for around a decade and has a soft spot for the latest Android hardware. In his free time, CR usually watches random cricket streams and NBA highlights or catches up on his backlog of TV shows. He also enjoys the occasional hour or two of console gaming. Close * NEWS * REVIEWS 0 ARLO'S SMART SECURITY CAMERA SUBSCRIPTION PRICES WILL RISE NEXT MONTH 1 hour ago 1 THE SAMSUNG GALAXY NOTE 10 SERIES IS FIRST IN LINE FOR THE JANUARY SECURITY PATCH 18 hours ago 0 THE REALME GT NEO 5 COULD REDEFINE FAST CHARGING AS WE KNOW IT 19 hours ago See More 0 AMAZON FIRE HD 8 (2022) REVIEW: ONLY SLIGHTLY BETTER 21 hours ago 89 ANDROID 13 REVIEW: THE UPDATE WE NEED, NOT THE ONE WE WANT 4 days ago 0 BLINK VIDEO DOORBELL REVIEW: AN AFFORDABLE AND SMART WAY TO WELCOME YOUR VISITORS 6 days ago See More TRENDING NOW 13 AMAZON MUSIC OPENS UP ITS ENTIRE LIBRARY TO EVERY PRIME SUBSCRIBER, WITH ONE MAJOR CATCH 0 7 USEFUL SAMSUNG NOTES TIPS AND TRICKS 5 GOOGLE STREET VIEW APP WILL SHUT DOWN IN 2023, PHOTO PATHS WILL END WITH IT READ NEXT 10 THE TOP 10 FREE MOVIE STREAMING SITES 5 GOOGLE GIVES UP ON ENFORCING ITS IN-APP PLAY STORE BILLING SYSTEM IN INDIA FOR NOW 2 HOW TO SET UP ONE UI 5 HOMESCREEN ON SAMSUNG GALAXY PHONES 33 THE GOOGLE PLAY STORE'S LATEST 'UPDATE' IS BIGGER THAN EVER * Share A Tip * Home * Write For Us * Terms * Privacy * Copyright * Meet The Team * About Us * Fact Checking Policy * Corrections Policy * Ethics Policy * Ownership Policy * Partnership Disclaimer * Contest Rules Copyright © 2023 www.androidpolice.com user-signalWir schätzen Ihre Privatsphäre Alles ablehnenAlles akzeptieren Wir und unsere Partner informationen auf einem gerät speichern und/oder abrufen. Für die Ihnen angezeigten Verarbeitungszwecke können Cookies, Geräte-Kennungen oder andere Informationen auf Ihrem Gerät gespeichert oder abgerufen werden. Anzeigen und Inhalte können basierend auf einem Profil personalisiert werden. Es können Daten hinzugefügt werden, um Anzeigen und Inhalte besser zu personalisieren. Die Leistung von Anzeigen und Inhalten kann gemessen werden. Erkenntnisse über die Zielgruppen, die die Anzeigen und Inhalte gesehen haben, können abgeleitet werden. Ihre Daten können verwendet werden, um bestehende Systeme und Software zu verbessern und neue Produkte zu entwickeln. Einige Partner bitten nicht um Ihre Zustimmung zur Verarbeitung Ihrer Daten und verlassen sich stattdessen auf deren berechtigtes Interesse. Sehen Sie sich unsere Liste der Partner an, um zu sehen, für welche Zwecke sie ein berechtigtes Interesse haben und wie Sie dagegen Einwände erheben können. Ihre Auswahl auf dieser Website wird für diese Website angewendet. Sie können Ihre Einstellungen jederzeit ändern, indem Sie Ihre Einwilligung widerrufen, indem Sie auf das Schlosssymbol in der unteren rechten oder linken Ecke klicken. checklistZweckesettings-toggle-horizontalPartner Powered By