Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label Eavesdropping Scam. Show all posts

EarSpy Attack: Motion Data Sensors Used to Pry on Android Devices


A team of researchers has created an eavesdropping attack for Android devices that, to varying degrees, can identify the gender and identity of the caller and even decipher private speech. 

EarSpy Attack 

The side-channel attack, EarSpy, opens up new possibilities of eavesdropping via motion sensor data readings produced by reverberations from ear speakers in mobile devices. The attack was initially established in smartphone loudspeakers, since ear speakers were comparatively weak, to produce adequate vibrations for eavesdropping. 

However, today's smartphones include stereo speakers that are more potent, providing far higher sound quality and stronger vibrations. 

The Experiment 

EarSpy is an experiment conducted by a team of researchers from universities like Rutgers University, Texas A&M University, Temple University, New Jersey Institute of Technology, and the University of Dayton. 

  • The researchers utilized the OnePlus 7T and OnePlus 9 devices along with varying sets of pre-recorded audio that was exclusive via the ear speakers of the two devices.  
  • During a simulated call, a third-party app named Physics Toolbox Sensor Suite was used in order to capture accelerometer data. 
  • They then analyzed the audio stream using MATLAB to extract characteristics. 

The research team discovered that caller gender identification on OnePlus 7T device ranged between 77.7% and 98.75%, speech recognition between 51.85% and 56.4%, and caller ID classification between 63.0% and 91.2%. 

This demonstrated the existence of speech feature differentiation in the accelerometer data that attackers can use for eavesdropping. The gender of the user could be ascertained by attackers utilizing a lower sampling rate, as demonstrated by EarSpy's focus on gender recognition using data gathered at 20 Hz. 

How to Prevent Eavesdropping? 

To prevent eavesdropping using sensor data, researchers suggested limiting permissions so that third-party programmes cannot capture sensor data without the user's permission. To avoid unintentional data breaches, Android 13 prohibits the collecting of sensor data at 200 Hz, without the user's consent. 

Mobile device manufacturers shall remain cautious while designing more potent speakers and instead concentrate on keeping a similar sound pressure during audio conversations as was maintained by old-generation phones' ear speakers. 

Moreover, it is recommended to position motion sensors as far from the ear speaker as possible, to minimize the phone speaker’s vibrations and alleviate the likelihood of spying.

Beware of Latest Eavesdropping Scam Targeting Victims with Vague Voicemails

 

Researchers at Hiya, a Seattle-based firm specializing in robocall-blocking algorithms and apps have uncovered the newest scam call campaign dubbed “Eavesdropping Scam”. The latest fraud campaign begins with vague voicemail messages left on a victim’s smartphone in which an unknown voice is heard talking about them to another person. 

According to researchers, since 79% of unknown calls go unanswered, the scammers leave a voicemail. If a potential victim’s curiosity picks up in a voicemail claiming “I’m trying to get ahold of them right now” and decides to call back, the fraudsters on the other end of the line attempt to steal their private details or money by offering fraudulent tax relief services.

The eavesdropping scam operates in a sophisticated manner by deploying both a new strategy (leaving non-descriptive voicemails to get a call back) and a new script (pretending to discuss the recipient). The scam evades most call protection services because it does not contain any traditional scam call markers. 

Unlike other campaigns, the scammers use authentic numbers and lure people to call back. The call seems very discreet despite being a mass volume robocall, and the content of the voicemail is so vague that it does not include any typical fraud-related keywords. 

The eavesdropping scam first emerged in early 2022, and to curb the spread of the fraud campaign researchers used the company’s Adaptive AI. It allowed the researchers to flag over 90 percent of these calls from the beginning. 

The firm’s Real-Time Intelligence Service allows its Adaptive AI to identify the latest frauds based on their strategies, even on the very first call. In this campaign, phone numbers making the Eavesdropping Scam call were flagged in less than 12 call attempts on average and after successfully spotting and flagging these calls, researchers collaborated with a third-party service provider to shut down the initial operation in 24 hours.

“Catching this new and emerging scam tactic shows the power of Hiya’s Adaptive AI capabilities. Because our models are self-learning and focus on tactics, we can detect new scam risks in real-time and, in this case, shut down the operation before it reaches most users,” Hiya CEO Alex Algard stated. “At Hiya, our mission is to fully eradicate spam and fraud calls from the voice network, and the Eavesdropping Scam is the latest example of how we’re outsmarting scammers and protecting users.”