A newly discovered vulnerability in hardware-based motion sensor, known as accelerometer, which comes in-built on most Android devices can allow hackers to have unrestricted access to loudspeaker data by using app installed on a device even without permissions.
The accelerometer is supposed to allow apps to sense the movement of a device, such as shaking, rotation, or swing actions, by measuring the rate of change in the velocity with regard to magnitude, but some app developers have come to abuse the collection of data, through phone identifiers, and MAC addresses by exploiting side channels.
According to security researchers, there has been a successful demonstration of a new side-channel attack that allow malicious apps to eavesdrop on the speech coming out of the loudspeakers without requiring any express permissions.
The vulnerability dubbed Spearphone, is tied to apps that collect sensitive data even when explicitly denied the required permissions by the users, using the in-built loudspeaker of an Android device to produce aerial speech reverberations in the smartphone with the loudspeaker mode enabled.
It is triggered when a phone or video call is placed with the speaker mode activated, or there are attempts to listen to media, or interaction with Google assistant; while the researchers as a proof-of-concept, created an app designed to record speech reverberations and send captured data back to a controlled server.
The Spearphone attack can also be used to know the contents of the audio played by any device, either selected from the gallery over the Internet, or voice files received over messaging applications like WhatsApp and Telegram.
Albeit, the security team have recommended possible mitigation techniques that can prevent such attacks, which includes lowering the sampling rate and variation in volume and voice quality of devices that could negatively impact the accelerometer.