Friday, August 15, 2014

The Gyroscopes In Your Phone Could Let Apps Eavesdrop On Conversations

eavesdrop

In the age of surveillance paranoia, most smartphone users know better than to give a random app or website permission to use their device’s microphone. But researchers have found there’s another, little-considered sensor in modern phones that can also listen in on their conversations. And it doesn’t even need to ask.

In a presentation at the Usenix security conference next week, researchers from Stanford University and Israel’s defense research group Rafael plan to present a technique for using a smartphone to surreptitiously eavesdrop on conversations in a room—not with a gadget’s microphone, but with its gyroscopes, the sensors designed measure the phone’s orientation. Those sensors enable everything from motion-based games like DoodleJump to cameras’ image stabilization to the phones’ displays toggling between vertical and horizontal orientations. But with a piece of software the researchers built called Gyrophone, they found that the gyroscopes were also sensitive enough to allow them to pick up some sound waves, turning them into crude microphones. And unlike the actual mics built into phones, there’s no way for users of the Android phones they tested to deny an app or website access to those sensors’ data.

“Whenever you grant anyone access to sensors on a device, you’re going to have unintended consequences,” says Dan Boneh, a computer security professor at Stanford. “In this case the unintended consequence is that they can pick up not just phone vibrations, but air vibrations.”

For now, the researchers’ gyroscope snooping trick is more clever than it is practical. It works just well enough to pick up a fraction of the words spoken near a phone. When the researchers tested their gyroscope snooping trick’s ability to pick up the numbers one through ten and the syllable “oh”—a simulation of what might be necessary to steal a credit card number, for instance—it could identify as many as 65 percent of digits spoken in the same room as the device by a single speaker. It could also identify the speaker’s gender with as much as 84 percent certainty. Or it could distinguish between five different speakers in a room with up to 65 percent certainty.

For the rest of the story: http://www.wired.com/2014/08/gyroscope-listening-hack/

No comments:

Post a Comment

Related Posts Plugin for WordPress, Blogger...