When you install an app, do you read the fine print? You know, all those terms and conditions you may have blindly agreed to when you clicked “Agree.”
Guess what? You may have given those apps permission to listen to you using your microphone. Want to find out which apps are spying on you? Tap or click here and Kim will show you how to find them and put a stop to it.
Threat actors take every chance they can to get more information on you and don’t need your permission. They can use a vulnerability in your phone that seems obvious until you realize how it’s done.
Here’s the backstory
Move close enough to someone speaking on the phone and you can catch their conversation. You’ll hear what they’re saying and, depending on their volume settings, the person on the other end.
Seems simple enough, right? But threat actors don’t need to be near a phone to eavesdrop on a conversation. They can use malware to record the data captured by motion sensors as your earpiece vibrates during a conversation.
This information can reveal your gender, identity and even your conversation.
Fortunately, this malware is part of an experiment called EarSpy being conducted by researchers at Texas A&M University, New Jersey Institute of Technology, Temple University, University of Dayton and Rutgers University.
They conducted tests on the OnePlus 7T and the OnePlus 9 (both running Android), and here were the results:
- Gender identification accuracy ranged between 77.7% and 98.7%.
- Caller ID accuracy ranged between 63% and 91.2%.
- Speech recognition accuracy ranged between 51.8% and 56.4%.
- Gender identification accuracy ranged between 77.7% and 88.7%.
- Caller ID accuracy ranged between 55.7% and 88.7%.
- Speech recognition accuracy ranged between 33.3% and 41.6%.
Getting this data does not require special permissions, so hackers can circumnavigate your phone’s safeguards and restrictions. This type of malware can relay your information back to the attacker.
What you can do about it
The simple solution is to lower the volume of your earpiece so that the motion sensors don’t pick up vibrations so much.
While Android 13 introduced restrictions for sensor data collection without permission, it’s not an impenetrable defense.
The researchers behind EarSpy suggest that smartphone manufacturers be more careful when designing larger and more powerful ear speakers. They should also place the motion centers where the phone speaker’s vibration impact will be minimized.