Researchers from Texas A&M University, Temple University, New Jersey Institute of Technology, Rutgers University, and the University of Dayton have come up with a new spying technique called EarSpy which can eavesdrop on your phone calls using vibrations from your phone’s earpiece recorded by the device’s accelerometer.
The paper, published on December 23, details the method which relies on the phone’s earpiece and the built-in accelerometer for capturing the vibrations generated by the speaker. It can capture the gender, identity and actual conversation that’s happening over the phone.
It detects word regions, time and frequency domain features and generates a spectrogram for each word region. The extracted data is then trained and tested using classical machine learning algorithms and convolutional neural networks.
The tests were run on Oneplus 7T and Oneplus 9 and consisted of analysing the reverberation effect of earpieces on the accelerometer and were focussed on gender, speaker as well as speech recognition.
The stereo speakers present in these models allowed significantly more data to be captured as compared to older devices which only use a mono speaker for phone calls.
Current tests indicate a 98% accuracy rate for identifying whether the caller is male or female, a 92% accuracy rate for identifying the speaker’s identity and 56% accuracy when it comes to capturing digits spoken over a phone call.
This method can be far more dangerous as compared to the traditional method of loading malware on the victim’s device. Malware relies on permissions from the Android OS to capture data streams from different parts of the phone while raw sensor data (in this case the accelerometer data) can be freely accessed without dealing with specialised permissions.
As Android becomes more resilient to malware and locks more and more parts of a phone behind permissions that a malicious app or payload might have to get, techniques like this will completely side step this requirement and can change the way threat actors approach their targets.
In the News: BitKeep crypto wallet users lose $8 million through fake apps