Can the New EarSpy Hack Eavesdrop on Your Phone Conversations Through Vibrations?

/in


Eavesdropping on Phone Conversations Just Got Easier.

Eavesdropping on Phone Conversations Just Got Easier. (Representational image)

Photo : iStock

Mobile security is a constantly evolving field, with new vulnerabilities constantly emerging. Imagine mobile security as a highway: just as new potholes can form on a highway every day, new vulnerabilities can appear in mobile security. The effectiveness of mobile security also depends on users taking care to protect their devices and avoid compromise, much like how the smoothness of a drive on a highway depends on drivers taking care to avoid accidents.
A group of researchers from several reputable American universities have recently developed a new attack method called EarSpy, which is designed to capture what users say through their phone’s speaker by analyzing vibrations caused by the user’s voice.

This attack can even work when the phone is held up to the ear, and was found to be very effective at identifying the gender of the speaker and the words spoken when tested on newer models of the OnePlus phone. In one particular set of tests using the OnePlus 7T, EarSpy was able to correctly identify the gender of the speaker in 98.66% of samples.

Across multiple phones, sample sets, and analysis models, gender recognition was fairly accurate, with the lowest reading being 65.53%. EarSpy was also able to detect the speaker’s identity with a top accuracy rate of 91.24%, nearly three times better than a random guess.

However, the accuracy of EarSpy in understanding the exact words spoken was lower. When tested using samples of actors reciting a sequence of digits, the best performer achieved a hit rate of only 56%. Despite this lower accuracy, the researchers noted that this is still five times more accurate than making a random guess.

The authors of the research paper also pointed out that while the impact of speakerphone vibrations on raw accelerometer data is relatively low and algorithmic word detection using this data is spotty, adversaries using the EarSpy attack can still determine key components of the conversation, such as who is speaking and what is being spoken about. In theory, EarSpy could be leveraged by malware that has infiltrated a device to relay accelerometer data back to the…

Source…