Researchers from five American universities have found a way to listen to your conversations and deduce your personal information through sensors built into Android smartphones.
The collaboration of researchers from five American universities has given rise to a technique forside channel attack called EarSpy. The latter uses the sensors of an Android smartphone (accelerometer and other gyroscopes) to intercept the vibrations transmitted by the speaker. Once interpreted, they not only make it possible to deduce information about the caller, but also the content of the current conversation.
To read – LastPass has minimized the consequences of the latest hack, change your passwords
To achieve this result, scientists from Texas A&M Universities, Temple, Dayton, Rutgers and the New Jersey Institute of Technology developed a machine learning algorithm. Without the technical advances made in recent years in terms of components and sound transmission, a side-channel attack such as EarSpy would not have been conceivable. This proved impossible to exploit on a OnePlus 3T dating from 2016. On the other hand, a OnePlus 9 from 2021 allowed the researchers to fill up with useful data: the speaker of the most recent smartphone is much more powerful and precise.
Thanks to EarSpy, all the sensors of our smartphones are transformed into real snitches
However “promising” EarSpy is, the information collected is far from being completely reliable. Even trained on a finite set of audio data, the scientists could only determine the caller’s gender with an accuracy of 88.7% on average. Caller ID was only working 73.6%, while voice recognition was only reliable 33.3% to 41.6% of the time. Artificial Intelligence is evolving at an exponential rate; these figures tend very quickly towards 100%.
If you use an Android smartphone on a daily basis, there is nothing to worry about yet : your conversations and information are safe from EarSpy. The academics who devised this technique mean us no harm. Their study aims to demonstrate that, placed in the wrong hands, this type of attack could one day become commonplace.
Source: Bleeping Computer