"EarSpy Attack Eavesdrops on Android Phones via Motion Sensors"

Researchers have developed an eavesdropping attack for Android devices that can, to varying degrees, determine the caller's gender and identity, as well as discern private speech. The EarSpy side-channel attack explores new eavesdropping opportunities by collecting motion sensor data readings caused by ear speaker reverberations from mobile devices. EarSpy is an academic collaboration between five American universities, including Texas A&M University, the New Jersey Institute of Technology, Temple University, the University of Dayton, and Rutgers University. Although this type of attack has been explored in smartphone loudspeakers, ear speakers were deemed too weak to provide sufficient vibration for eavesdropping risk to make this a realistic attack. However, compared to models from a few years ago, newer smartphones feature stereo speakers that are more powerful, resulting in superior sound quality and stronger vibrations. In addition, modern devices have more sensitive motion sensors and gyroscopes that can record even the smallest speaker resonances. In their analyses, the researchers used a OnePlus 7T and OnePlus 9 device, along with varied sets of prerecorded audio that played just through the ear speakers of the two devices. The team also used the third-party application called Physics Toolbox Sensor Suite to collect accelerometer data during a simulated call. Then they fed it to MATLAB for analysis and to extract features from the audio stream. Using available data sets, a Machine Learning (ML) algorithm was trained to recognize voice content, caller identity, and gender. The test data varied based on the data set and device, but the results were generally promising for ear speaker eavesdropping. On the OnePlus 7T, gender identification ranged from 77.7 percent to 98.7 percent. Caller ID categorization ranged from 63.0 percent to 91.2 percent, and speech recognition ranged from 51.8 percent to 56.4 percent. This article continues to discuss the EarSpy side-channel attack demonstrated by the team of researchers. 

Bleeping Computer reports "EarSpy Attack Eavesdrops on Android Phones via Motion Sensors"