a new one malware variants have been discovered that have the ability to listen to the user’s calls, identify the gender of the caller and accuracyand even realize, to some extent, what is being said.
Fortunately, the good news is that this malware was part of a research test conducted by white hat and posed no risk to smartphone users (at the time).
Researchers from five universities in the United States – Texas A&M University, New Jersey Institute of Technology, Temple University, University of Dayton and Rutgers University – collaborated and built EarSpy.
Hardware abuse
EarSpy is a side-channel attack that abuses the fact that smartphone speakers, motion sensors, and gyroscopes have gotten better over the years.
The malware tries to read data captured by the motion sensor as the terminal’s earpiece echoes in the conversation. In previous years, this was not a viable attack vector because the speakers and sensors weren’t that powerful.
To prove their point, the researchers used two smartphones – one from 2016 and one from 2019. The difference in the amount of data collected is quite obvious.
To test whether the data could be used for caller gender determination and voice recognition, the researchers used a OnePlus 7T device and a OnePlus 9 device.
Former caller gender determination was between 77.7% and 98.7%, while caller gender determination was between 63.0% and 91.2%. Voice recognition dances between 51.8% and 56.4%.
“Since there are ten different categories here, the accuracy still represents five times more accuracy than the random prediction, which implies that the vibration caused by the pinna has a reasonable amount of impact. distinguishable for accelerometer data,” the researchers explained in the official report.
The researchers were also able to guess the gender of the caller pretty well on the OnePlus 9 smartphone (88.7 percent on average), but recognition fell to an average of 73.6%. Speech recognition dropped from 33.3% to 41.6%.
Via: BleepingComputer (opens in a new tab)
