listen to user calls, recognize the gender of callers, identityand have some awareness of what is being said.
Luckily, this malware was part of a research experiment conducted by a white hat and (at the time) did not pose a danger to smartphone users.
Researchers from five US universities (Texas A&M University, New Jersey Institute of Technology, Temple University, Dayton University, and Rutgers University) teamed up to build EarSpy.
hardware exploit
EarSpy is a side-channel attack that exploits the fact that smartphone speakers, motion sensors, and gyroscopes have improved over the years.
Malware attempts to read data captured by motion sensors when the endpoint’s ear speaker echoes during a conversation. In the past, this wasn’t a viable attack vector because speakers and sensors weren’t that powerful.
To prove their claim, researchers used two smartphones.
Researchers used OnePlus 7T and OnePlus 9 devices to test whether the data could be used to identify caller gender and recognize speech.
For the former, caller gender identification ranged from 77.7% to 98.7%, and caller identification ranged from 63.0% to 91.2%. Speech recognition varied between 51.8% and 56.4%.
“We have 10 different classes here, so the accuracy is five times better than random guessing, which suggests that the vibrations caused by the ear speaker caused a significant amount of discernible effect on the accelerometer data. It means that,” the researchers explained in the white paper.
The researchers were able to guess the caller’s gender fairly well on the OnePlus 9 smartphone as well (88.7% on average), but the identification rate dropped to an average of 73.6%. Speech recognition he dropped between 33.3% and 41.6%.
via: beeping computer (opens in new tab)