HomesecurityBe quiet"! Android device monitors your calls

Be quiet"! Android device monitors your calls

Because you do not give an app access to your microphone, it does not mean you can not hear it. Researchers have created an attack called Spearphone that uses motion sensors on Android phones to listen to phone calls, interactions with your voice assistant, and more.


When you install an Android app, it asks for your permission to access your microphone so you can hear what you're saying. However, researchers have found a solution.

Most modern smartphones have accelerometers that are supposed to detect how fast you are moving which is useful for example in fitness applications. Android apps do not need a phone accelerometer license, so the researchers used it as a listening device. The smartphone loudspeaker caused the device to vibrate, so the researchers were able to hijack the accelerometer to test these vibrations.

The attack used a combination of signal processing and mechanical learning to convert vibration specimens into speech. The technique works if the phone is on a table or is held in the hand of the user, provided that phone sounds through the speaker and not through a headset.

As the researchers argued, they could identify the gender and identity of the remote speaker with the probability of 90% and 80% respectively, with a minimum of one word.

The researchers' paper quotes several possible attacks. The software she could watch a phone call by detecting sex and possibly her ID card of the remote person. He could also use speech recognition to understand what he is saying.

The software could also use the technique to listen to "audio files", he warned, pointing to a sneaky commercial application:

Advertisers could use this information to target the victims with customized ads, according to the victim's preferences.

Finally, motion sensors could hear digital answers voice assistant to find out exactly what you asked him, for example, your meeting place in an appointment.

An attacker must plant someone malware on the phone, but since many fake apps are already doing illegal things on users' phones, this is not very unlikely. Alternatively, the attack code could run in JavaScript if the user at that time was "on" a malicious site.

The most obvious measure of protection is to activate controls that contain accelerometer licenses, as did Google for other sensors like GPS. However, this will directly affect their usability smartphone, researchers have argued and, in any case, users do not always take notice of licenses notifications.


Please enter your comment!
Please enter your name here

Teo Ehc
Teo Ehc
Be the limited edition.