Researchers from five American universities have developed an attack capable of listening to a person’s telephone conversations without having access to the microphone, using a devilishly effective backdoor…
In order to prevent the risk of hacking, a team of researchers from five major universities have set up a system for listening to telephone conversations. A named method “EarSpy” (the ear spy), which works without having access to the device’s microphone.
A method as clever as it is frightening
Previously, researchers had already succeeded in a similar attack, but using the phone’s “external” speaker, which required a dedicated device to capture the vibrations and translate them into usable data. Assuming that a person is more likely to use the ear-level speaker for private conversations, the researchers found another way to use vibrations to their advantage.
This is how “EarSpy” was born, a new method that uses the upper speaker of the device, at ear level, as well as the accelerometer integrated into the mobile. The latter makes it possible to capture the tiny vibrations emitted by the loudspeaker during a telephone call before analyzing them to obtain valuable information.
For this, the researchers used a series of voice samples that they listened to on two smartphones: the OnePlus 7T and the OnePlus 9, both of which are equipped with stereo speakers. They then analyzed the accelerometer data using several artificial neural network tools, thus approaching statistical methods.
The results obtained are surprisingly precise. Indeed, they make it possible to identify the gender of the person speaking with an accuracy of 98.66% using a data sample from the OnePlus 7T. EarSpy was also able to find the identity of the person with an impressive success rate of 91.24%, almost three times better than a random guess.
Regarding the transcription of the conversation itself, the accuracy reached “only” 56% to determine a series of numbers spoken during the telephone call. A result that may seem mediocre, but which is still five times more precise than a random guess.
Ever more secure smartphones
To spy on conversations, the obvious choice would have been to use malware capable of recording calls by passing the phone’s microphone. Although the security of Android smartphones can still be improved, it has improved a lot in recent years, making it increasingly difficult for malware to access the required permissions.
However, EarSpy attacks are still able to bypass these built-in system protections because raw data from a phone’s motion sensors is easily accessible. Manufacturers are placing more and more restrictions on this subject, but researchers believe that it is still possible to infiltrate devices in this way in order to listen to telephone conversations.
On the same subject : Google Home speakers hacked to listen to private conversations
The EarSpy attack is obviously not intended to inspire malicious people, but to alert smartphone manufacturers. To address this vulnerability, the researchers recommend positioning motion sensors as far away as possible from any source of vibration while reducing sound pressure during phone calls.
Security Week
