SHTFPreparedness may collect a share of sales or other compensation from the links on this page.
Forget Worrying About Your Microphone And Camera Being Used To Spy On You….. There Is One More Way They Haven’t Told You About
Smartphone security is a constant struggle. Attackers identify vulnerabilities, vendors rush to release patches, and the cycle repeats in perpetuity. Some of the most insidious attacks come not from outright defeating system security protections, but instead finding ways to create trouble from within the confines of innocuous app permissions; we looked at just such a launcher-based attack this past spring. This week we’re learning of a new one that threatens to impact user privacy, all through some creative use of your phone’s gyroscope.
If an app wants to record audio using your phone’s microphone, it needs permission to do so, and for an app that doesn’t appear to have any good reason to be listening-in, asking for such permission might be a red flag. What a team of security researchers have discovered, though, is that the gyroscopic sensors on modern phones are sensitive enough to act as de facto microphones, monitoring ambient audio without the user’s (or the system’s) knowledge.
It makes enough sense: gyroscopic sensors detect minute motion, and sound is perceived as the movement of pressure gradients. But as this hardware isn’t designed for recording audio in the first place, fidelity is pretty rough (though software processing helps quite a bit). That makes the gyroscope’s usefulness as a general-purpose recording tool a bit limited, though it manages to fare a lot better when set up to listen for specific words (like numerals, maybe as part of a password or account number).
A demonstration of this vulnerability is planned for the USENIX Security Symposium later this week. Read more in the link below 🙂