EarSpy – A New Attack on Android Devices Use Motion Sensors to Steal Sensitive Data

There has been a new eavesdropping attack developed by a team of security experts for Android devices which has been dubbed “EarSpy.” With the help of this attack, attackers can detect the following things:-

• Caller’s gender
• Caller’s identity to various degrees
• Speech content

As part of its exploratory purpose, EarSpy aims to capture motion sensor data readings generated by the reverberations from the ear speaker in mobile devices in order to create new methods of eavesdropping.

Universities Involved in this Project

Cybersecurity researchers from five American universities have undertaken this academic project called EarSpy. These are all the names of the universities that are affiliated with this project:-

• Texas A&M University 
• New Jersey Institute of Technology
• Temple University
• University of Dayton
• Rutgers University

Evolution of Smartphone Tech

Smartphone loudspeakers have been explored as a potential target for such attacks. As a result of this, the ear speakers are incapable of generating enough vibration to allow eavesdropping to be executed properly for the side-channel attack.

While the audio quality and vibrations of modern smartphones have improved greatly as a result of more powerful stereo speakers.

Even the tiniest resonance from a speaker can be measured by a modern device because it has more sensitive motion sensors and gyroscopes.

It is remarkable how little data is recorded on the spectrogram from the earphones of a 2016 OnePlus 3T, while a stereo ear speaker on the 2019 OnePlus 7T produces a significant amount of information.

As part of their experiments, the researchers used a OnePlus 7T device as well as a OnePlus 9 device. Both of these devices were used by the researchers to play pre-recorded audio through their ear speakers only using a variety of pre-recorded audio sets.

Although the results of the tests varied according to the dataset and device, they indicated that eavesdropping via ear speakers can be accomplished successfully.

Detection Performance

Based on the features in the time/frequency domain of the ML algorithm, the detection performance for the OnePlus 7T device has been tested, and here below we have mentioned the output chart:- 

Apart from the OnePlus 7T, the detection performance of the OnePlus 9 has been also assessed on the basis of the features in the time/frequency domain of the machine learning algorithm. And here below is the complete result chart:-

Recommendation

EarSpy’s effectiveness could be reduced by a factor, and it’s the “Volume” that users select for their ear speakers. It is also more comfortable for the ear to hear if the volume is lower; this could minimize the possibility of eavesdropping through this side-channel attack.

Additionally, the way in which the hardware components are arranged and the tightness with which the assembly is put together have an impact on how well the reverberations from the speakers are diffused.

It was found that the capture of digits spoken in a phone call with the highest accuracy was up to 56% when it came to actual speech. However, during a telephone conversation, the researchers recommend that manufacturers ensure that sound pressure remains constant and stable.

Managed DDoS Attack Protection for Applications – Download Free Guide