Hackers can eavesdrop on conversations near smartphones by measuring sound vibrations with the handset’s built-in motion sensors.
Experiments had previously shown that the gyroscope and accelerometers in smartphones, collectively known as an inertial measurement unit (IMU), could detect sound vibrations in the air and listen in on conversations. This means an app that doesn’t have permission to use the microphone could get around this by using the IMU as a makeshift sound sensor.
Advertisement
To combat this, Google set a limit on how often Android apps could sample data from the IMU to 200 times a second, making it impossible to accurately hear what is going on.
Now, Ahmed Najeeb and his colleagues at Lahore University of Management Sciences, Pakistan, have found a way to circumvent this safeguard on various Android devices by tricking the gyroscope and motion sensor into taking measurements slightly offset in time, thereby upping the real sample rate from 200 to 400 times a second.
This vastly improves the audio that an attacker is able to recover. Najeeb and his colleagues report that their method achieves an 83 per cent reduction in word error rate when transcribed by artificial intelligence compared with attacks that rely on taking only 200 samples a second.
The researchers didn’t respond to a request for comment, but say in their paper that the work shows current security features are “inadequate for preventing sophisticated eavesdropping attacks” and should be re-evaluated.
Google was contacted for comment, but didn’t respond. Apple phones also contain an IMU, but the researchers did not investigate whether they are susceptible in the same way
Alan Woodward at the University of Surrey, UK, says the vulnerability should be fixed, but it probably has limited use in the real world because other methods are easier. “The problem with it as a threat is that you need something [malicious installed] on the phone, so you need to have already compromised the phone in order to get at those instruments,” says Woodward. “And if you’ve done that, then there are probably easier ways to listen in to somebody’s phone call.”
Topics: