A new variant of malware has been detected that is able to eavesdrop on users’ conversations, recognize the gender of callers and identityand even recognizing, to some extent, what was said.
Fortunately, the good news is that the malware is part of a white hat research experiment and poses no threat to smartphone users (at the time).
Researchers from five universities in the United States – Texas A&M University, New Jersey Institute of Technology, Temple University, University of Dayton and Rutgers University – joined forces and created EarSpy.
Equipment abuse
EarSpy is a side-channel attack that takes advantage of the fact that smartphone speakers, motion sensors, and gyroscopes have gotten better over the years.
The malware tries to read the data captured by the motion sensors while the endpoint speakers are blaring during the conversation. In earlier years, this was not a viable attack vector because the speakers and sensors were not as powerful.
To prove their thesis, the researchers used two smartphones – one from 2016 and the other from 2019. The difference in the amount of data collected was quite obvious.
To test whether the data could be used for caller gender identification and speech recognition, the researchers used a OnePlus 7T device and a OnePlus 9 device.
Caller ID on the former ranged from 77.7% to 98.7%, while caller ID was between 63.0% and 91.2%. Speech recognition danced between 51.8% and 56.4%.
“Since there are ten different classes here, the accuracy still shows five times more accuracy than a random guess, which means that the vibration caused by the in-ear speaker produced a reasonable impact on the accelerometer data,” the researchers explained in the white paper.
The researchers also managed to guess the gender of the interlocutor quite well on the OnePlus 9 smartphone (88.7% on average), but the identification fell to an average of 73.6%. Speech recognition fell from 33.3% to 41.6%.
Through: Beeping Computer (opens in a new tab)