A team of researchers has developed a new attack to eavesdrop On Android devicesThis advanced device allows identifying the gender and identity of the caller, and even distinguishing speech.
And he calls Developer EarSpyThe side channel attack aims to explore new eavesdropping capabilities by receiving motion sensor data recordings generated by earphone feedback in mobile devices.
With regard to the side channel attack, cyber attacks exploit the vulnerabilities of the target, whether at the level of operating systems, applications, networks, algorithms, cryptography, protocols, or other components and settings that are in use in that target, but side channel attacks do not depend on the existence of a security flaw It is direct in the target, but depends on exploiting some of the information that can be collected about the system during its operation.
And promise EarSpy An academic effort by researchers from five US universities: Texas A&M University, New Jersey Institute of Technology, Temple University, University of Dayton, and Rutgers University University).
Earlier this type of attack was detected in smartphone speakers, but they are still too weak to generate enough vibration to put users at risk of eavesdropping.
Newer smartphones also use more powerful stereo speakers than models released a few years ago, and are capable of delivering much better sound quality and stronger vibrations.
Newer devices also use more sensitive motion and gyroscope sensors that can register even the smallest level of resonance from the speakers.
In their experiments, the researchers used two phones, one of which was launched in 2016: OnePlus 3T, and the other was launched in 2019: OnePlus 7T. And the difference between them was noticeable.
Using readily available datasets, the researchers trained a machine learning (ML) algorithm to identify speech content and caller identity and gender. Test data varied depending on the dataset and device, but generally yielded promising results for eavesdropping.
Caller gender identification on the OnePlus 7T ranged from 77.7 percent to 98.7 percent, speaker identification ranged from 63.0 percent to 91.2 percent, and speech recognition ranged from 51.8 percent to 56.4 percent.
As for the OnePlus 9, the percentage for identifying gender increased to 88.7 percent, and identifying the speaker decreased to 73.6 percent on average, while the percentage for speech recognition ranged between 33.3 percent and 41.6 percent.
It is reported that using the loudspeaker and the Spearphone app, the researchers developed during their experiments a similar attack in 2020, and the accuracy of identifying the gender of the caller and knowing it reached 99 percent, while the accuracy of speech recognition reached 80 percent.
The researchers recommend that phone makers ensure that sound pressure is kept constant during calls, and that they place motion sensors in a location where internally generated vibrations do not, or at least have a minimal effect.