- A newly discovered technique could let people eavesdrop on your mobile phone conversations.
- The vulnerability uses a phone’s motion sensors combined with machine learning.
- Experts say you can help keep your phone safe by ensuring it’s running the latest operating system.
Your phone might be hearing more than you think.
Researchers have discovered a technique that could let hackers eavesdrop on your phone conversations using the device’s motion sensors. The hack is only theoretical at this point, but it’s the latest in a growing number of phone security concerns.
“When compromised, a smartphone is in many ways the perfect spying device,” Mike Fong, the CEO of the mobile security company Privoro told Lifewire in an email interview. “It virtually never leaves the target’s presence, it serves as a nexus for the individual’s most important information, and it contains a number of sensors (including cameras and microphones) that can be hijacked to obtain secrets not otherwise captured.”
Your Phone Has Ears
The recent paper describes the new phone attack method, EarSpy, which researchers from Texas A&M University, Temple University, New Jersey Institute of Technology, Rutgers University, and the University of Dayton discovered. EarSpy uses your phone's speaker and accelerometer to measure the slight vibrations generated by the speaker.
The researchers found that improvements to phone hardware are making hacks like EarSpy more feasible. The researchers tested the OnePlus 7T and the OnePlus 9 smartphones. They found that more data can be captured by the accelerometer from the ear speaker due to the stereo speakers present in these newer models compared to older models. Once the sound was extracted, the researchers could make words comprehensible using machine learning techniques.
“This is a clear example of how the functionality or feature of a device can be used for unintended purposes and illustrates why zero-trust and the principle of least-access should be universally applied,” Patrick Tiquet, the vice president of security and architecture at Keeper Security, who was not involved in the research, told Lifewire in an email interview. “Because a component seems benign, such as a cell phone’s mobile accelerometers, does not necessarily mean the component cannot or will not be exploited.”
Jim Taylor, the chief product officer at the cyber security company RSA, pointed out in an email interview that the more sensors to our phones that collect even richer information, the more they can reveal about us.
"Adding more pressure sensors, gyroscopes, and other features ultimately makes for a better bug," he added. "And let's not forget how attached we are to our phones: it's not just that they can collect information about us, but that we're sometimes literally attached to them."
Unfortunately, EarSpy is only one of many ways that your phone security could be compromised. Fong said the most direct way to turn a phone into a spying device is via spyware. Often delivered without user interaction, "such spyware can access encrypted communications, photos and other information on the device and utilize the phone's cameras and microphones to spy and eavesdrop."
Stalkerware, which is effectively legal spyware marketed as a parental control tool, achieves the same effects as spyware, Fong said. "However, this method requires that the operator have physical control of the targeted device for installation to occur," he added.
Keeping Your Phone Safe
Experts say that hacking like EarSpy can expose your most precious information, and keeping your phone safe is difficult. Mike Parkin, a senior technical engineer at Vulcan Cyber, pointed out in an email that modern cell phones have capabilities that make them essentially all-in-one surveillance devices. Mobiles have audio, video, GPS positioning, encrypted communications, hours of battery life, and a lot of computing power.
"The only sure way to protect yourself from having your cell phone spy on you is not to have one. Though that won't prevent other people's devices from spying on you," he added. While that's not practical in the real world today, the more realistic solution is to be very, very careful about what applications you install on your phone, make sure it's up to date and has an appropriate anti-malware application installed, and is set for the maximum privacy settings."
Taylor said one way to protect yourself is to see how much information an app is collecting and where it's transmitting that information. If you use an app to track your workouts, you should be concerned if it's conveying reams of information about you when you're sitting on your couch.
But there may be only so much you can do to lock down your phone. Despite taking precautions, Taylor acknowledged keeping your data safe is "getting harder now that we're all using personal devices in a professional capacity."