HQ/EMEAFind out how we can help your business
A cybersecurity team has devised the EarSpy attack, which exploits motion sensors to eavesdrop on calls. The newly developed tactic could target Android devices, can identify a caller’s identity and gender, and even detect private speech in some cases.
The researchers named their attack EarSpy, a side-channel execution method that could spy on a target by capturing motion sensor data from the echo of ear speakers during an ongoing conversation.
Researchers initially studied the attack on a smartphone loudspeaker since ear speakers could not produce enough vibration for spying back then. However, modern smartphones are now equipped with more powerful stereo speakers than several older models. Hence, these devices could deliver better sound quality for calls and stronger vibrations.
The EarSpy project is a collective work from multiple American academic institutions.
Based on reports, the EarSpy attack is a group experiment from several researchers from five different American universities. The academic institutions involved are Rutgers University, the University of Dayton, Texas A&M University, the New Jersey Institute of Technology, and Temple University.
The group used a OnePlus 9 and OnePlus 7T device in their experiments and added variable sets of pre-recorded voice audio that was played only using the ear speakers of both devices. In addition, the researchers used the third-party app Physics Toolbox Sensor Suite to capture accelerometer data during the simulated call.
Subsequently, the group utilised MATLAB to analyse the data to extract features from the audio stream.
The results revealed that the caller gender on OnePlus 9 recorded 88.7%, identifying the speaker dropping to about 73.6%. Speech recognition was between 33.3% and 41.6%.
On the OnePlus 7T, the caller gender identification ranged between 77.7% and 98.7%. The caller ID classification ranged between 63% and 91%, and speech recognition between 51.8% and 56.4%.
Some experts also executed a similar attack a couple of years ago using the loudspeaker and the Spearphone application. The caller gender and ID accuracy reached a staggering 99%, while speech recognition was about 80%.
As of now, callers could reduce the effectiveness of these attacks if they set the volume for the ear speakers.
