We hesitate to publish news that might make readers of a more paranoid disposition even more worried about the technology they carry, but this one is so creepy we felt we couldn’t pass it up.
Everyone knows that a smartphone’s microphone can be used by apps to listen in on the phone’s surroundings, and could be used by a malicious adversary to spy on the user’s conversations. In fact, both Facebook and Verizon are openly developing technologies that listen in to a phone’s ambient environment, in order to deliver ever more targeted ads (having a row with your partner? … here are some ads for flowers and relationship counselling! Making up with your partner?… How about ordering some condoms?) (We kid you not!)
The problem with using a smart phone’s microphone to listen in on conversations is that apps need to be granted permission to access the phone’s (or tablet’s) microphone., or at least so think researchers from Stanford University and Israel’s defense research group Rafael, who have been working on using the gyroscope sensors built into all modern smart phones to record voice conversations.
Smart phones all contain a kind of gyroscope that consists of a tiny vibrating plate on a chip, which is very sensitive – on an Android phone the gyroscope sensor can be read 200 times per second (200Hz). Because the human voice ranges from 80Hz to 250Hz, the sensor can detect a significant portion of what is said near it.
Unintelligible to the human ear, Stanford researchers Yan Michalevsky and Rafael’s Gabi Nakibly have been working on speech recognition software designed to interpret data collected in this way, and although at present all that can be detected using this method is ‘a word here and there,’ Dan Boneh, a computer security professor at Stanford, argues the research provides proof on concept,
‘It’s actually quite dangerous to give direct access to the hardware like this without mitigating it in some way. The point is that there’s acoustic information being leaked to the gyroscope. If we spent a year to build optimal speech recognition, we could get a lot better at this. But the point is made.’
In tests, the researchers were able to us a phone’s gyroscope to pick up speaking the numbers 0 to 10 (as might be said when saying a credit card number out loud) with up 65 percent accuracy, and could identify the sex of a speaker with 85 percent accuracy.
Boneh is keen to point out that the research is being conducted purely in order to counter threats to users, and to demonstrate how rogue applications could abuse a phone’s censors,
‘Whenever you grant anyone access to sensors on a device, you’re going to have unintended consequences. In this case the unintended consequence is that they can pick up not just phone vibrations, but air vibrations.’
The idea that gyroscopes and accelerometers pose a privacy risk is not entirely new, but Google appears to have been following this research closely,
‘Third party research is one of the ways Android is made stronger and more secure. This early, academic work should allow us to provide defenses before there is any likelihood of real exploitation.’
The good news is that device manufacturers can fairly easily tweek their products to mitigate the risk, and Apple already limits iOS’s ability to read gyroscope data to 100Hz, thus making it very difficult to use monitor conversations. As Boneh observes,
‘There’s no reason a video game needs to access [the gyroscope] 200 times a second.’