A team of researchers has developed a new attack to eavesdrop on Android devices, which is so sophisticated that it can, to varying degrees, recognize a caller’s gender and identity, and even recognize speech.
The developed side-channel attack, called EarSpy, aims to explore new eavesdropping capabilities by capturing motion sensor data recordings generated by earphone feedback on mobile devices.
With regards to the side channel attack, it is indicated that the cyber attacks exploit the vulnerabilities of the target, whether at the level of operating systems, applications, networks, algorithms, cryptography, protocols or other components and settings that are in use in that target, but attacks side channel do not depend on the existence of a direct security flaw in the target, but rather depend on the exploitation of some of the information that may be gathered about the system during its operation.
EarSpy is an academic effort by researchers from five US universities: Texas A&M University and the New Jersey Institute of Technology. of Technology), Temple University and the University of Dayton of Dayton) and Rutgers University.
This type of attack has previously been seen in smartphone speakers, but is still too weak to generate enough vibration to put users at risk of eavesdropping.
However, modern smartphones use more powerful stereo speakers than the models released a few years ago and are in capable of providing much better sound quality and stronger vibrations.
Likewise, newer devices use more sensitive motion sensors and gyro sensors in able to record even the smallest level of resonance from the speakers.
In their experiments, the researchers used two phones, one of which was launched in 2016 – OnePlus 3T, and the other was launched in 2019 – OnePlus 7T. And the difference between them was obvious.
Using set of readily available data, the researchers trained a machine learning (ML) algorithm to identify voice content and caller identity and gender. The data of test varied according to the set of data and device, but in generally have produced promising results for eavesdropping.
Caller gender identification on the OnePlus 7T ranged from 77.7% to 98.7%, speaker identification from 63.0% to 91.2%, and voice recognition from 51.8% to 56.4 %.
On OnePlus 9, gender recognition rose to 88.7%, speaker identification dropped in media to 73.6%, while speech recognition ranged between 33.3% and 41.6%.
Interestingly, using the loudspeaker and the Spearphone application, during their experiments, the researchers developed a similar attack in 2020, and the accuracy of gender identification and caller knowledge reached 99 percent, while l speech recognition accuracy has reached 80 percent.
Interestingly, one of the factors that can be used to reduce the effectiveness of the EarSpy attack is the volume level users choose for their speakers. And the low volume can prevent this side channel attack from being picked up and is more comfortable for the ear.
The researchers suggest that phone makers ensure that sound pressure is kept stable during calls and that they place motion sensors in a location in which internally generated vibrations are not affected, or at least as little as possible.
Read More About: Technology News
The post EarSpy… a sophisticated attack that allows you to eavesdrop on Android users appeared first on Asume Tech.
from Technology - Asume Tech https://asumetech.com/earspy-a-sophisticated-attack-that-allows-you-to-eavesdrop-on-android-users/
No comments:
Post a Comment