According to the paper, microelectromechanical systems (MEMS) gyroscopes found in modern smartphones are sensitive enough to pick up acoustic signals. While these raw signals aren’t enough to glean useful information from, the researchers used signal processing and algorithms to identify the correct speaker from a set of 10 possible speakers with a 50 percent success rate.
Related: Who needs malware? I could have wrecked this kid’s life with a notepad
Using a Nexus 4 and a Galaxy S3, they were also able to successfully recognize simple speech up to 65 percent of the time in speaker-dependent cases and up to 26 percent of the time in speaker-independent cases. The gyroscopes in these phones were also used to correctly identify a speaker’s gender up to 84 percent of the time.
“Since iOS and Android require no special permissions to access the gyro, our results show that apps and active web content that cannot access the microphone can nevertheless eavesdrop on speech in the vicinity of the phone,” according to the paper.
The researchers also offer two suggestions for defending against gyroscope-based eavesdropping: apply low-pass filtering to raw samples provided by the gyroscope, or apply a form of acoustic masking around the gyroscope itself or on a smartphone’s case.
“A general conclusion we suggest following this work is that access to all sensors should be controlled by the permissions framework, possibly differentiating between low and high sampling rates,” according to the researchers.
The paper will be presented at the 23rd USENIX Security Symposium in San Diego on Friday, Aug. 22.
Those interested in downloading an Android application that can be used for sampling a phone’s gyroscope can head to the Stanford Security Research page dedicated to the paper.
[Image courtesy of venimo/Shutterstock]
