EarSpy Attack Uses Motion Sensors to Eavesdrop on Android Phones

Snoops could eavesdrop on Android phone conversations by using motion sensors to register speaker reverberations, according to a side-channel attack developed by university researchers. The method, dubbed EarSpy, could let an attacker distinguish the caller’s identity and even listen to private conversations to some degree.

EarSpy was developed under a joint academic effort from five US universities: Rutgers University, Texas A&M University, Temple University, New Jersey Institute of Technology and the University of Dayton.

Researchers initially thought ear speakers couldn’t generate vibrations powerful enough to allow eavesdropping, making the attack more suitable for smartphone loudspeakers. However, most modern devices have high-quality stereo speakers and more sensitive sensors that detect finer vibrations.

The experiment used a combination of techniques to determine the best environment for a successful attack. Researchers used different devices, several pre-recorded audio files, a third-party app to capture sensor data during simulated calls, and a machine learning algorithm to interpret the results.

“We found up to 98.6% accuracy on gender detection, up to92.6% accuracy on speaker detection, and up to 56.42% accuracy on speech detection, which proves the presence of distinguishing speech features in the accelerometer data that the adversaries can leverage for eavesdropping,” reads the EarSpy technical paper.

Experts recommend a combination of steps to counter eavesdropping attacks using sensor data. Limiting permissions to prevent third-party apps from recording sensor data without the user’s consent is one key to defending against EarSpy and similar attacks.

By default, Android 13 caps sensor data collection without permission at 200 Hz to prevent accidental data leaks. However, a part of the EarSpy experiment focused on gender recognition collected all data at 200 Hz, proving that even a lower sampling rate could let perpetrators determine the victim’s gender.

According to the research team, manufacturers should be careful about designing larger, more powerful speakers and focus on maintaining “the same sound pressure during phone conversations as previous generation phones ear speakers.”

Last but not least, positioning motion sensors far enough from the ear speaker could minimize the phone speaker’s vibration, lowering the chances an eavesdropping attack could succeed.