Spying On Mobile Phone Calls

As smartphone manufacturers improve the quality of earbuds ear speakers in their devices, it has become easier for malicious actors to leverage secretly listen in on a targeted user’s telephone conversations. 

Now, a team of university researchers have identified a new attack method they have named EarSpy to leverage side-channels for eavesdropping on user’s phone communications. 

Eavesdropping on smartphones is an established threat to the user’s safety and privacy and recent studies show that loudspeaker reverberation can inject speech into motion sensor readings and consequent loss of privacy.

The technique was described by researchers in a paper published in December in collaboration between researchers from several universities, including Texas A&M University, Temple University, New Jersey Institute of Technology, Rutgers University, and the University of Dayton. According to the research, smartphone manufacturers’ efforts to improve ear speakers in their devices has led to new vulnerabilities.

EarSpy relies on the phone’s ear speaker and consists of capturing the tiny vibrations that are generated by the speaker. An attacker could then use this data to determine what the user is saying.

An attacker might also seek to install malware on a target’s phone to record calls via the microphone, however, as security continues to improve, this attack method has become increasingly difficult, although malware planted on a device could use the EarSpy attack to capture potentially sensitive information and send it back to the attacker.

Arxiv:    Cyware:    Oodaloop:     Security Week:    GoIncognito:     Android Headlines:   BoingBoing

You Might Also Read: 

Mercenary Hacking Group Selling Spyware:


If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible


 

« Cybersecurity: Prepare For The Year Ahead
British Spy Chief Says War In Ukraine Is Changing Intelligence Gathering »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

Directory of Cyber Security Suppliers

Directory of Cyber Security Suppliers

Our Supplier Directory lists 7,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

ZenGRC

ZenGRC

ZenGRC (formerly Reciprocity) is a leader in the GRC SaaS landscape, offering robust and intuitive products designed to make compliance straightforward and efficient.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

Teneo

Teneo

Teneo is a Solutions Provider focused on reducing complexity. We combine leading technology with deep expertise to create new ideas on how to simplify IT operations.

Navista

Navista

Navista's hardware and software modules are especially designed to ease the deployment of secure networks.

ClickDatos

ClickDatos

ClickDatos specializes in consulting, auditing, data protection training, accredited by ISO/IEC 27001 certification.

LIFARS

LIFARS

LIFARS is a global leader in Digital Forensics and Cyber Resiliency Services.

ColorTokens

ColorTokens

ColorTokens Xtended ZeroTrust Platform protects from the inside out with unified visibility, micro-segmentation, zero-trust network access, cloud workload and endpoint protection.

SnapAttack

SnapAttack

SnapAttack is a collaborative platform that empowers your security team to stay ahead of threats, create robust behavioral analytics for your existing tools, and prove your program's effectiveness.

Celcom

Celcom

Celcom is the oldest mobile telecommunications provider in Malaysia, providing solutions and services to consumers and businesses.

Krista Software

Krista Software

Krista is an intelligent automation platform that combines iPaaS and Conversational AI to automate complete business processes across your teams and apps.

Buchanan Technologies

Buchanan Technologies

Buchanan Technologies is a leading IT consulting and outsourcing services firm. Our methodology transforms everyday technology investments into streamlined, secure and scalable solutions.

Gem Security

Gem Security

Gem is on a mission to help security operations evolve into the cloud era, and stop cloud threats before they become incidents.

Troye Computer Systems

Troye Computer Systems

Troye provide a complete range of digital workspace solutions that empower people to do their very best work in a safe and secure manner anywhere, anytime, using any device.

Intellinexus

Intellinexus

Intellinexus turns data into actionable insights to revolutionise decision-making in your business.

Academia the Technology Group

Academia the Technology Group

Academia specialise in the supply of software, IT hardware, training and service solutions to the public sectors, business and pro media markets.

Liquid C2

Liquid C2

Liquid C2 offers leading solutions to streamline workplace operations, secure cloud storage, rapid data recovery, and scale growth.

403Tech Inc.

403Tech Inc.

403Tech is a Calgary based IT Solutions Provider, specializing in small & medium business.

CirrusHQ

CirrusHQ

CirrusHQ are a Specialist AWS Advanced Consulting Partner with a focus on Cloud Management, DevOps, Migration and Consulting Services for the private and public sectors.