A team of experts has developed an eavesdropping attack that takes advantage of motion sensors. It targets Android devices, can identify a caller's gender and identity, and detect private speech to some extent.

More about EarSpy attack

The attack, named EarSpy, is a side-channel attack that eavesdrop by capturing motion sensor data arising from the echo of ear speakers, during any conversation.
  • This attack was originally explored on smartphone loudspeakers because a few years ago ear speakers were too weak to produce enough vibration for eavesdropping.
  • However, today's smartphones come with more powerful stereo speakers in comparison to a few years-old models, which deliver much better sound quality along with stronger vibrations.

The experiment

EarSpy is a group experiment by researchers from five American universities namely New Jersey Institute of Technology, Texas A&M University, Temple University, Rutgers University, and the University of Dayton.
  • The researchers used a OnePlus 7T and OnePlus 9 device in their experiments, along with variable sets of pre-recorded audio that was played only using the ear speakers of the two devices.
  • During a simulated call, researchers used the third-party app Physics Toolbox Sensor Suite to capture accelerometer data. 
  • Then, they used MATLAB for analysis to extract features from the audio stream.

The accuracy (observations)

  • Caller gender identification on OnePlus 7T ranged between 77.7% and 98.7%, caller ID classification between 63.0% and 91.2%, and speech recognition between 51.8% and 56.4%.
  • On OnePlus 9, gender identification was recorded at 88.7%, identifying the speaker dropped to an average of 73.6%, while speech recognition was between 33.3% and 41.6%.
  • Using the loudspeaker and the Spearphone app, the experts created a similar attack in 2020, where the caller gender and ID accuracy reached 99%, while speech recognition at an accuracy of 80%.

Conclusion

According to experts, one way to reduce the efficacy of the EarSpy attack is to set the volume lower for the ear speakers.
Cyware Publisher

Publisher

Cyware