A team of experts has developed an eavesdropping attack that takes advantage of motion sensors. It targets Android devices, can identify a caller's gender and identity, and detect private speech to some extent.
More about EarSpy attack
The attack, named EarSpy, is a side-channel attack that eavesdrop by capturing motion sensor data arising from the echo of ear speakers, during any conversation.
This attack was originally explored on smartphone loudspeakers because a few years ago ear speakers were too weak to produce enough vibration for eavesdropping.
However, today's smartphones come with more powerful stereo speakers in comparison to a few years-old models, which deliver much better sound quality along with stronger vibrations.
The experiment
EarSpy is a group experiment by researchers from five American universities namely New Jersey Institute of Technology, Texas A&M University, Temple University, Rutgers University, and the University of Dayton.
The researchers used a OnePlus 7T and OnePlus 9 device in their experiments, along with variable sets of pre-recorded audio that was played only using the ear speakers of the two devices.
During a simulated call, researchers used the third-party app Physics Toolbox Sensor Suite to capture accelerometer data.
Then, they used MATLAB for analysis to extract features from the audio stream.
The accuracy (observations)
Caller gender identification on OnePlus 7T ranged between 77.7% and 98.7%, caller ID classification between 63.0% and 91.2%, and speech recognition between 51.8% and 56.4%.
On OnePlus 9, gender identification was recorded at 88.7%, identifying the speaker dropped to an average of 73.6%, while speech recognition was between 33.3% and 41.6%.
Using the loudspeaker and the Spearphone app, the experts created a similar attack in 2020, where the caller gender and ID accuracy reached 99%, while speech recognition at an accuracy of 80%.
Conclusion
According to experts, one way to reduce the efficacy of the EarSpy attack is to set the volume lower for the ear speakers.