US researchers have developed a new attack method called EarSpy that allows you to listen to a user's calls, recognize the gender and identity of the caller, and even determine the topic of the conversation.
EarSpy is a third-party attack that uses a smartphone's auditory speakers, motion sensors, and gyroscopes. The attack is carried out by capturing the readings of motion sensors caused by sound reverberation in the auditory speaker of the smartphone.
The attack is based on the ability of sensors to register sound vibrations. During the experiment, scientists used OnePlus 7T and OnePlus 9 devices.
The team also used a third-party app to collect accelerometer data during the simulated call. The machine learning algorithm was trained using sets of pre-recorded sounds played through the speakers of the devices to recognize speech content, caller ID and gender.
Caller gender identification in OnePlus 7T's tests ranged from 77.7% to 98.7%, while caller identification ranged from 63.0% to 91.2%. Speech recognition fluctuated between 51.8% and 56.4%.
The researchers explained that vibration due to the auditory speaker caused a noticeable effect on the accelerometer data. According to the received acoustic data, it was possible to recognize the personality and gender of the interlocutor with high accuracy.
On the OnePlus 9 smartphone, experts were able to guess the gender of the caller with an accuracy of 88.7%, and the indicator of identification of the person decreased and averaged up to 73.6%. Speech recognition also dropped, from 33.3% to 41.6%.
The only defense that can reduce the effectiveness of an EarSpy attack is volume. Lower volume may prevent side channel attack. The researchers suggest that smartphone manufacturers should provide stable sound pressure during a call and place motion sensors in a position where internal vibrations do not affect them, or at least have minimal impact.