EarSpy is a new kind of attack created by a team of scientists from some of the most prestigious universities in the United States to secretly record users’ conversations. Professionals from the University of Dayton, the New Jersey Institute of Technology, Rutgers University, Texas A&M University, and Temple University are collaborating on this project. Before this, researchers have tried to collect vibrations from a smartphone’s speakers, but this attack works even if the person is holding the device to their ear, as reported by SecurityWeek.
Using just information from the earpiece and the built-in accelerometer, the research team tested EarSpy on the OnePlus 7T and OnePlus 9 devices, achieving very precise findings. However, the researchers noted that previous OnePlus models lacked stereo speakers, making it more difficult to record the data. They used spectrograms as well as time-frequency domain extraction of features to look at the echos that were produced in the speaker’s ear. The team’s primary goal was to establish the speaker’s gender and, if possible, use the speech’s substance to ascertain the speaker’s identity.
With the improved security features in more recent Android releases, malicious software has a far more difficult time gaining access to the device’s resources. However, EarSpy attacks may still penetrate these measures since raw data from a phone’s motion sensors is readily available. Scientists at EarSpy think it is still feasible to enter the phone and spy on a conversation, despite the fact that more manufacturers are putting constraints on accessing data from the gadget’s sensors.
The scientists noted that EarSpy is so accurate that it can distinguish between men and women in up to 98% of instances, making this assault very successful. What’s more, it had a very high maximum accuracy of identifying the individual, 92%. This figure, however, drops to 56% when it comes to comprehension. According to the study’s authors, this is still 5 times more precise than a random estimate.
Potentially infected software might use EarSpy to send data back to its creators. Components such as motion sensors, which may not look like obvious targets at first sight, are highlighted in this research as needing extra hardware protections. To address this security hole in today’s smartphones, the experts advise moving the motion sensors far from any possible vibration sources and turning down the volume during phone conversations.
