Eavesdropping on Phone Conversations Just Got Easier. (Representational image)
Photo : iStock
This attack can even work when the phone is held up to the ear, and was found to be very effective at identifying the gender of the speaker and the words spoken when tested on newer models of the OnePlus phone. In one particular set of tests using the OnePlus 7T, EarSpy was able to correctly identify the gender of the speaker in 98.66% of samples.
Across multiple phones, sample sets, and analysis models, gender recognition was fairly accurate, with the lowest reading being 65.53%. EarSpy was also able to detect the speaker’s identity with a top accuracy rate of 91.24%, nearly three times better than a random guess.
However, the accuracy of EarSpy in understanding the exact words spoken was lower. When tested using samples of actors reciting a sequence of digits, the best performer achieved a hit rate of only 56%. Despite this lower accuracy, the researchers noted that this is still five times more accurate than making a random guess.
The authors of the research paper also pointed out that while the impact of speakerphone vibrations on raw accelerometer data is relatively low and algorithmic word detection using this data is spotty, adversaries using the EarSpy attack can still determine key components of the conversation, such as who is speaking and what is being spoken about. In theory, EarSpy could be leveraged by malware that has infiltrated a device to relay accelerometer data back to the source of the attack.
This report highlights the importance of implementing additional hardware safeguards, particularly for components like motion sensors that may not immediately seem like vulnerable targets. To address this potential vulnerability in modern-day smartphones, the researchers recommend that smartphone manufacturers position motion sensors away from sources of vibrations and reduce sound pressure during phone calls.