 |
| EarSpy ... a sophisticated attack that eavesdrops on Android |
A team of researchers has developed a new Android eavesdropping attack so sophisticated that it can identify callers' gender, identity, and even their voice to varying degrees.
The side-channel attack under development, dubbed EarSpy, aims to explore new eavesdropping opportunities by capturing motion sensor records generated by headphone feedback on mobile devices.
Regarding side channel attacks, it is stated that cyber attacks exploit vulnerabilities in the target, whether it is in the operating system, applications, networks, algorithms, cryptography, protocols or other components and settings used in the target, but side channel attacks do not depend on what Whether or not the target may have an imminent vulnerability depends on exploiting some system information that may be collected while the system is running.
EarSpy is an academic effort of researchers from five US universities: Texas A&M University, New Jersey Institute of Technology, Temple University, University of Dayton, and Rutgers University.
This type of attack had already been detected in smartphone speakers, but it was still too weak to generate enough vibration to put users at risk of being heard.
However, modern smartphones use stereo speakers that are more powerful and are capable of producing better sound quality and stronger vibrations than models released a few years ago.
Likewise, newer devices use motion and gyro sensors that can register even the smallest ringing of the speakers.
For their experiments, the researchers used two phones, one released in 2016: the OnePlus 3T and the other in 2019: the OnePlus 7T. The difference between them is clear.
Using a readily available data set, the researchers trained a machine learning (ML) algorithm to recognize speech content and the identity and gender of the caller. Test data varies by dataset and device, but generally gives promising audiological results.
The OnePlus 7T's gender detection ranged from 77.7% to 98.7%, speaker detection from 63.0% to 91.2%, and voice detection from 51.8% to 56.4%.
On the OnePlus 9, gender detection increased to 88.7%, speaker detection decreased to an average of 73.6%, and voice detection ranged from 33.3% to 41.6%.
Specifically, in 2020, researchers developed a similar attack in their experiments with the Spearphone loudspeaker and app, which used callers' gender and acquaintances with 99% accuracy and voice recognition with 99% accuracy from 99% to 80%.
It should be noted that one of the factors that can be used to reduce the effectiveness of an EarSpy attack is the volume that the user chooses for their speakers. The low sound prevents such attacks from being heard on the side channel and is more comfortable on the ears.
The researchers recommend that phone manufacturers ensure sound pressure remains stable during a call and place the motion sensor in a location where internally generated vibrations are unaffected, or at least as small as possible.