This creepy Android flaw can detect your identity and even gender

Hopefully you’ll never encounter it

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

A newmalwarevariant has been detected that is capable of listening to a users’ calls, recognizing a callers’ gender andidentity, and even recognizing, to some degree, what’s being said.

Fortunately, the good news is that the malware is part of a research experiment done by white hats and poses no risk to smartphone users (at the time).

Researchers from five universities in the United States - Texas A&M University, New Jersey Institute of Technology, Temple University, University of Dayton, and Rutgers University - teamed up and built EarSpy.

Abusing the hardware

EarSpy is a side-channel attack that abuses the fact that smartphone speakers, motion sensors, and gyroscopes, had gotten better over the years.

The malware tries to read the data captured by motion sensors, as the endpoint’s ear speakers reverberate during a conversation. In earlier years, this wasn’t a viable attack vector as the speakers and sensors weren’t that powerful.

To prove their point, the researchers used two smartphones - one from 2016, and one from 2019. The difference in the amount of data gathered was quite obvious.

To test if the data could be used to identify the caller’s gender and recognize the speech, the researchers used a OnePlus 7T device, and a OnePlus 9 device.

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

Some of the most basic Android apps might be spying on you more than you’d think>Vulnerabilities in MediaTek chips expose millions of Android devices to eavesdropping>These are the best privacy tools right now

Caller gender identification on the former was between 77.7% and 98.7%, while the caller’s identification between 63.0% and 91.2%. Speech recognition danced between 51.8% and 56.4%.

“As there are ten different classes here, the accuracy still exhibits five times greater accuracy than a random guess, which implies that vibration due to the ear speaker induced a reasonable amount of distinguishable impact on accelerometer data,” the researchers explained in the whitepaper.

The researchers were also able to guess the caller’s gender quite well on the OnePlus 9 smartphone (88.7% on average), but identification fell to an average of 73.6%. Speech recognition fell between 33.3% and 41.6%.

Via:BleepingComputer

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

TP-Link Archer BE3600 Wi-Fi 7 Router review

Ulefone Armor Pad 3 Pro rugged tablet review

Your doctor may have an AI assistant taking notes during your next Zoom call