Researchers from five American colleges have collectively developed this side-channel attack
Mobile security is kind of like a highway: new potholes form every day and its throughput capabilities are highly dependent on the drivers taking care not to cause a pile-up. Whether these crashes are caused by researchers sniffing out a new vulnerability, players down the security chain not doing their part, or worse. A group of researchers from some of America’s most reputed academic institutions has now developed an attack named EarSpy, designed to capture what users say through curiously crafty means.
This effort is being carried out jointly by experts from the University of Dayton, New Jersey Institute of Technology, Rutgers University, Texas A&M University, and Temple University. Researchers have attempted to gather vibrations from a phone’s loudspeaker in the past, but this particular attack is effective even when the user is holding the phone to their ear, SecurityWeek reports.
The research team tested out EarSpy on the OnePlus 7T and the OnePlus 9 smartphones with astonishingly accurate results using nothing but data from the earpiece and the onboard accelerometer. By contrast, the data was hard to capture on older OnePlus models due to the lack of stereo speakers, the researchers said in their paper. They examined the reverberations generated on the ear speaker with the help of spectrograms and time-frequency domain feature extraction. The focus of the team was to identify the gender of the speaker and the contents of the speech itself — if not already known, attackers may be able to determine the identity of the speaker.
Newer Android versions have a more robust security apparatus, making it exceedingly difficult for malware to get the requisite permissions. But EarSpy attacks can still bypass these built-in safeguards as raw data from a phone’s motion sensors are easily accessible. Although more manufacturers are now placing limits on obtaining data from the device’s sensors, EarSpy researchers believe it’s still possible to infiltrate the device and eavesdrop on a conversation.
As for the effectiveness of this attack, the researchers say EarSpy could correctly tell the difference between males and females in up to 98% of the cases. Furthermore, it could detect the person’s identity with a ridiculous 92% top accuracy rate. However, this dips to 56% when it comes to actually understanding what was spoken. Researchers say this is still 5x more accurate than making a random guess.
In theory, EarSpy could be leveraged by malware that has infiltrated the device and relay the information back to the source of the attack. This report highlights the importance of additional hardware safeguards, especially with components like motion sensors that may not seem like easy targets at first glance.
To remedy this potential vulnerability in modern-day smartphones, the researchers recommend smartphone makers to position the motion sensors away from any source of vibrations while also reducing sound pressure during phone calls.