EarSpy: Spying On Phone Calls Via Ear Speaker Vibrations Captured By Accelerometer

An anonymous reader quotes a report from SecurityWeek: As smartphone manufacturers are improving the ear speakers in their devices, it can become easier for malicious actors to leverage a particular side-channel for eavesdropping on a targeted user's conversations, according to a team of researchers from several universities in the United States. The attack method, named EarSpy, is described in a paper published just before Christmas by researchers from Texas A&M University, Temple University, New Jersey Institute of Technology, Rutgers University, and the University of Dayton. EarSpy relies on the phone's ear speaker -- the speaker at the top of the device that is used when the phone is held to the ear -- and the device's built-in accelerometer for capturing the tiny vibrations generated by the speaker.

The researchers discovered that attacks such as EarSpy are becoming increasingly feasible due to the improvements made by smartphone manufacturers to ear speakers. They conducted tests on the OnePlus 7T and the OnePlus 9 smartphones -- both running Android -- and found that significantly more data can be captured by the accelerometer from the ear speaker due to the stereo speakers present in these newer models compared to the older model OnePlus phones, which did not have stereo speakers. The experiments conducted by the academic researchers analyzed the reverberation effect of ear speakers on the accelerometer by extracting time-frequency domain features and spectrograms. The analysis focused on gender recognition, speaker recognition, and speech recognition.

In the gender recognition test, whose goal is to determine whether the target is male or female, the EarSpy attack had a 98% accuracy. The accuracy was nearly as high, at 92%, for detecting the speaker's identity. When it comes to actual speech, the accuracy was up to 56% for capturing digits spoken in a phone call. "[This] accuracy still exhibits five times greater accuracy than a random guess, which implies that vibration due to the ear speaker induced a reasonable amount of distinguishable impact on accelerometer data," the researchers said.

android

[diems]

android permissions can block apps from accessing the accelermonmeter and other sensors unless you give it permissions but some asshole apps will not install or run if it isnt allowed access to a sensor. hopefully this will give google a kick up the ass and emulate the sensors for apps so they will still work and just get fake info. on pc i dont have a accelermonmeter and my programs work fine. most mobile apps shouldnt need access to the accelerometer, camera, gps, microphone, contacts but they want it

Re:

[MachineShedFred]

If you want my data, you're going to ask for it. And I get to choose whether to share it or not. And if you force me to share because you're an asshole, I'll just delete your app and find another.

It would be rather humorous though if Google implemented a routine that would give random noise that is in-bounds for a sensor to an app that has been denied access just so the app would still work, and with enough people using that app it would crater the signal-to-noise ratio in the data they harvest. Somethin

Re: android

[PPH]

If you want my data

Dropped phone detector, pedometer, earthquake sensor, traffic accident alarm. I can think of lots of plausible stories.

would give random noise

What's wrong with "Never gonna give you up"?

Re:

[Miamicanes]

Years ago, Cyanogen (now LineageOS) had an option to let you deliberately feed bad address book, location, call history, etc. info to apps that refused to run unless you granted them access to it. Google swatted it down *hard*, and threatened to stop looking the other way and allowing AOSP users to install GApps from "unauthorized" sources.

only fair

[zlives]

its only Fairview that as technology advances so does the tapping.

So what?

[iAmWaySmarterThanYou]

If you control my phone's accelerometer and can remotely extract data from it then you can control the microphone/speaker system directly, record the actual conversation and extract that remotely, too.

Not clutching my pearls.

Re:

[Anubis IV]

Lots of people reject requests for mic and camera access by default, but haven’t had a reason to reject accelerometer access, so it’s entirely likely a bad actor may be able to exfiltrate accelerometer data without being able to do the same with the mic or camera.

Re:

[tlhIngan]

Lots of people reject requests for mic and camera access by default, but havenâ(TM)t had a reason to reject accelerometer access, so itâ(TM)s entirely likely a bad actor may be able to exfiltrate accelerometer data without being able to do the same with the mic or camera.

Accelerometer based microphones are a thing - they're not stunning quality but are usable for things like radios and such. I know I have some for use in situations where they couldn't put the microphone in front of the mouth or it

Re:

[MachineShedFred]

What's it like back in 2007 before granular sensor permissions were added to every single mobile OS, and default to being disabled per-app?

Re:

[iAmWaySmarterThanYou]

I dunno. What's it like imagining someone could get software on my phone to remotely take over my accelerometer but not my speaker and microphone?

Does that make any sense in 2022 or 2007?

Do you feel really smart making random nonsensical statements and making me repeat what I'd already said but slllooowwweeeerrrr?

Re:

[iAmWaySmarterThanYou]

Why would it e a navigation app? And why wouldn't a navigation app ask for speaker and microphone? Waze, for example, is extremely popular and has a voice function.

You're not very bright. I am way smarter than you. You are so triggered and frothing you say stupid things that make no sense in an effort to ad hominem me and only show how dumb you really are.

Yes, framework security, yawn, in a world where people blindly click OK to anything. It is not ad hominem when I say you're stupid. Just a simple fa

Sounds familiar

[marquis111]

I wondered about this very idea on Slashdot back in 2018. Got a slight shudder when reading this article, but I've made my peace with the idea that any technological idea I may come up with has likely already been thought up by someone smarter than me with more resources. Will this attack prove workable in the wild? Hard to tell right now.

Itâ(TM)s crap

[oldnuskeet]

While interesting it doesnâ(TM)t really work for much. They couldnâ(TM)t even recognize digits in lab environment, imagine normal calls with a bit of noise. Even decent microphones have trouble picking conversations that arenâ(TM)t talking directly to them.

Who needs this?

[smooth wombat]

Everyone seems to have their phone on speaker so everyone around them can hear the conversation anyway. No need to jump through all these hoops, just use your ears.

Down with transphobia!

[mi]

In the gender recognition test, whose goal is to determine whether the target is male or female, the EarSpy attack had a 98% accuracy

Considering, that gender is merely a social construct [ctmirror.org] — rather than something biologically inherent — this truly is an amazing achievement, is not it?

Moreover, there are more than "just two" genders — so how exactly can these "researchers" claim to discern "male or female", while still being public colleges receiving tax-payers' monies? Time to cancel these "

Re: Down with transphobia!

[Grokew]

What's the difference between gender (social construct) vs XX, XY, plus variations?

Re:

[mi]

Sex and gender are synonyms [princeton.edu], dear. And Mammals [wikipedia.org] — despite the mind-boggling diversity of the class — have exactly two.

Re: Down with transphobia!

[Grokew]

Exactly. I don't get the modern (let's define gender as a social construct) thing. Now masculinity and feminity (as in traits and behaviors) those are social constructs based on the traits, and behaviors most commonly associated with each sex/gender. But the thing is that those traits, and behaviors are influenced by cultural, environmental and social pressures.

Re:

[mi]

Exactly. I don't get the modern (let's define gender as a social construct) thing

What's not to get? The Revolution (the one, that was not supposed to be televised) requires, among other things, a wide-spread dissatisfaction with the status quo.

Originally that was supposed to be the workers' dissatisfaction with the economic inequality, but the workers — whose plight The Revolution was supposed to improve — betrayed it. For one, the world saw, how much worse an actual revolution made things for e

Huh?

[CaptainLugnuts]

WTF is an "Ear Speaker?" I know what a speaker is, didn't know they had different types for different body parts.

Re: Huh?

[drblunt]

I use conduction headphones, which are a "bone speaker" in as much as they do not rely on air pressure changes.

Then there's professional monitoring devices, like the ButtKicker or the BackBeat, which are specifically designed to provide monitoring (for musos) through vibration of the physical body and not through air pressure.

Re:

[CaptainLugnuts]

I could perhaps take the bone conduction argument, but the bass transducers are just that, transducer not speaker.

Re: Huh?

[drblunt]

These devices operate in the exact same manner.

Re: Huh?

[drblunt]

Also, are speakers not transducers? I was under the impression that any device vibrating another medium was a transducer. These would just be instances of a tactile transducer.

Still not a real threat

[gweihir]

The problem is accelerometers that fit in a phone size and budget are _slooooow_. Like 10 measurements per second. And they cannot and need not get a lot faster. So, distinguishing male and female voices is not hard. Recognizing a speaker is a bit harder. The examples with digits relies on the fact that to distinguish digits you need very little data. But note how the article does not mention how accurate this is at recognizing that digits get spoken in the first place.

Muy tl;dr is: Nice research, not a rel