Security experts from the University of Alabama at Birmingham and Rutgers University demonstrated a third-party attack that allows malicious applications to intercept voice data coming from the smartphone’s speakers without any permission.
The new method, called Spearphone, uses the accelerometer built into most Android devices. Access to this sensor can open any application, including programs that do not have any permissions.Accelerometer – a device with which the apparent acceleration is measured. It is designed to help smartphone software determine the position and distance of the mobile device in space.
“Our work brings to light a fundamental design vulnerability inmany currently-deployed smartphones, which may put people’sspeech privacy at risk while using the smartphone in theloudspeaker mode duringphone calls, media playback or voiceassistant interactions”, — scientists say.
Researchers developed a malicious Android application that records reverberation using an accelerometer and sends data to the attacker’s server. According to the researchers, an attacker can analyze the data and, using digital signal processing and machine learning techniques, recreate the spoken words and extract the necessary information about the victim.
Read also: Trojan for Android masked under an update for OpenGL ES
User Review
( votes)
