New Android attack allows listening to calls remotely
According to experts in vulnerability testing, users of mobile devices with Android operating system face multiple threats on a daily basis. From malicious applications to exploits on the operating system, hackers are constantly developing new ways to compromise the security of these devices.
Now, there has been reported the existence of a
new method for listening to phone calls known as Spearphone, which involves
using the motion sensors of a smartphone
to intervene the audio output of the speakers.
A group of vulnerability testing experts from
the University of Alabama, Birmingham, found that any motion sensor (or
accelerometer) is able to capture any audio content that arrives through a
device’s speakers when using the speaker during a call.
Because a smartphone’s motion sensors are
always on and apps do not request permission to use it, any malicious software
could record audio reverbs in real time; this can also be recorded or sent to a
location controlled by hackers.
Vulnerability testing experts tested this
attack on three different smartphone models, the LG G3, the Samsung Galaxy Note
4 and the Samsung Galaxy S6. These devices were selected because the speakers
and accelerometer are located relatively close to each other, making it very
easy to detect audio vibrations.
Although it is relatively easy for a sensor to
detect audio, the method to access this data is missing. According to the
experts, it all depends on the permissions of the applications installed by the
user. “There is a known vulnerability associated with the motion sensors
of a smartphone, as these devices do not have any restrictions on reading the
logs of an accelerometer; virtually any application can access and read this
data,” the experts say.
According to experts from the International Institute
of Cyber Security (IICS), any situation in which a user makes a speaker call
becomes a potential attack scenario. In addition, the extraction of information
is not limited to the user’s calls, but hackers can also extract data from any
application that plays audio, such as music, videos, queries with the Google
assistant, among other services.
(Visited 2 1 times)
Gloss