Spying On Mobile Phone Calls

Uploaded on 2023-01-09 in FREE TO VIEW, BUSINESS-Services-IT & Telecoms

As smartphone manufacturers improve the quality of earbuds ear speakers in their devices, it has become easier for malicious actors to leverage secretly listen in on a targeted user’s telephone conversations. 

Now, a team of university researchers have identified a new attack method they have named EarSpy to leverage side-channels for eavesdropping on user’s phone communications. 

Eavesdropping on smartphones is an established threat to the user’s safety and privacy and recent studies show that loudspeaker reverberation can inject speech into motion sensor readings and consequent loss of privacy.

The technique was described by researchers in a paper published in December in collaboration between researchers from several universities, including Texas A&M University, Temple University, New Jersey Institute of Technology, Rutgers University, and the University of Dayton. According to the research, smartphone manufacturers’ efforts to improve ear speakers in their devices has led to new vulnerabilities.

EarSpy relies on the phone’s ear speaker and consists of capturing the tiny vibrations that are generated by the speaker. An attacker could then use this data to determine what the user is saying.

An attacker might also seek to install malware on a target’s phone to record calls via the microphone, however, as security continues to improve, this attack method has become increasingly difficult, although malware planted on a device could use the EarSpy attack to capture potentially sensitive information and send it back to the attacker.

Arxiv:    Cyware:    Oodaloop:     Security Week:    GoIncognito:     Android Headlines:   BoingBoing

You Might Also Read: 

Mercenary Hacking Group Selling Spyware:

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

« Cybersecurity: Prepare For The Year Ahead
British Spy Chief Says War In Ukraine Is Changing Intelligence Gathering »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Directory of Cyber Security Suppliers

Directory of Cyber Security Suppliers

Our Supplier Directory lists 7,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

DCL Search & Select

DCL Search & Select

DCL Search & Selection connect candidates to the best companies in the IT Security, Telco, UC, Outsourcing, ERP, Audit & Control markets.

Radware

Radware

Radware is a global leader of application delivery and cyber security solutions for virtual, cloud and software defined data centers.

K7 Computing

K7 Computing

K7 provides antivirus and internet security products for business and home users.

Resource Centre for Cyber Forensics (RCCF)

Resource Centre for Cyber Forensics (RCCF)

RCCF is a pioneering institute, pursuing research activities in the area of Cyber Forensics.

The Security Awareness Company (SAC)

The Security Awareness Company (SAC)

The Security Awareness Company provides cyber security awareness training programs for companies of all sizes.

Herbert Smith Freehills

Herbert Smith Freehills

Herbert Smith Freehills is a leading professional services including data protection and privacy.

Cyber Covered

Cyber Covered

Cyber Covered provide complete website & data cover with market leading cyber insurance and powerful compliance software in one affordable package.

Global Accelerator Network (GAN)

Global Accelerator Network (GAN)

Global Accelerator Network are a highly curated community of independent Accelerators, Partners and Investors.

DeepFactor

DeepFactor

DeepFactor is the industry’s first Continuous Observability platform enabling Engineering and AppSec teams to find and triage RUNTIME security, privacy, and compliance risks in your applications.

CoreStack

CoreStack

CoreStack helps enterprises overcome cloud challenges such as ever growing security risks, stringent regulatory compliance needs and operational complexities.

NetCentrics

NetCentrics

NetCentrics leverages an innovative, agile, ‘what’s-next’ approach to our customers’ IT and cyber challenges.

Securious

Securious

If you need to improve your cyber security or achieve cyber security accreditations, Securious provide an independent service that will identify and address your issues quickly and efficiently.

Triangle

Triangle

Triangle enable innovative business transformation by ensuring critical hybrid infrastructures are optimised, interoperable and secure.

Total Secure Technology

Total Secure Technology

Total Secure Technology provides trusted Managed IT Security and Managed IT Services for organizations looking to increase their cybersecurity defensive posture.

Securin

Securin

Securin offers a comprehensive portfolio of solutions including Attack Surface Management, Vulnerability Intelligence, Penetration Testing, and Vulnerability Management.

DART Consulting & Training

DART Consulting & Training

DART is a leading cyber training and consultancy company. We enhance our clients’ cyber capabilities by growing and strengthening their frontline defense – the cyber teams.