Your Phone Can Be Snooped On Using Its Gyroscope

stephendavion (2872091) writes Researchers will demonstrate the process used to spy on smartphones using gyroscopes at Usenix Security event on August 22, 2014. Researchers from Stanford and a defense research group at Rafael will demonstrate a way to spy on smartphones using gyroscopes at Usenix Security event on August 22, 2014. According to the "Gyrophone: Recognizing Speech From Gyroscope Signals" study, the gyroscopes integrated into smartphones were sensitive enough to enable some sound waves to be picked up, transforming them into crude microphones.

Is it "Gyro" or "Yeero"?

[Anonymous Coward]

Is it "Gyro" or "Yeero"?

Re:

[Guspaz]

It's "Tasty".

Re:

[Pope]

So, you like-a the sauce?

I give up...

[fuzzyfuzzyfungus]

Can we just succumb to the inevitable and work on building a list of the parts of a smartphone that can't be used to spy on you?

I'm thinking 'maybe the battery door'. Any other suggestions?

Re:

[Anonymous Coward]

They're probably working on the battery door spying technology as we speak.

Re:

[nxtr]

The vibrations of your voice cause voltage fluctuations in the battery, and can be reconstruct the image of the suspect from the reflection in the eye of the person across the street.

Re:

[fuzzyfuzzyfungus]

Given that attack [tau.ac.il] where they used the acoustic emissions of a CPU's voltage regulator circuitry to extract an RSA key I'm going to consider that one guilty until proven innocent...

Re:I give up...

[plover]

Apple fixed that problem. The iPhone has no battery door, so it can't be removed in case you don't want the phone to spy on you.

Re:I give up...

[geekmux]

Can we just succumb to the inevitable and work on building a list of the parts of a smartphone that can't be used to spy on you? I'm thinking 'maybe the battery door'. Any other suggestions?

What's the point of securing any smartphone when all of your activity on the device is captured elsewhere and sold for profit? They don't just count how many times you play your songs. They count how many times you text during the day. They count how many times you click on icons. They count how many seconds you hover over app icons even when you don't buy them in order to market apps catered to your "maybe" whims. Yes, they do this shit. No, it's not called crazy, it's called statistical analysis to the nth degree in order to maximize profits.

The phone is merely the vehicle. What that vehicle can do all depends on the driver. Unfortunately, we've all been thrown in the back of a telco cab and the driver was told to get lost years ago.

Re: A profitable business idea ...

[lemonfresh33]

Just don't use that device anywhere public. Or on a public network because they can snoop on you that way.

Re:

[geekmux]

Just don't use that device anywhere public. Or on a public network because they can snoop on you that way.

Yes, I'll just go home and surf. I'm sure I'll be perfectly safe from spying there.

After all, I trust my ISP so much that I don't even consider them a "public" network anymore. They gave me a custom home page that goes right to THEIR website, so it must be private, right? And look here, this systray icon even has their logo! I am so loved I'm practically an employee.

Re:

[RabidReindeer]

Just don't use that device anywhere public. Or on a public network because they can snoop on you that way.

Yes, I'll just go home and surf. I'm sure I'll be perfectly safe from spying there.

After all, I trust my ISP so much that I don't even consider them a "public" network anymore. They gave me a custom home page that goes right to THEIR website, so it must be private, right? And look here, this systray icon even has their logo! I am so loved I'm practically an employee.

Mine too! https://room614a.att.com/ [att.com] . It's SSL, so I know I can trust it!

Re:

[geekmux]

... maybe even eligible for a genuine patent (not that I favor patent, but ...)

Can we just succumb to the inevitable and work on building a list of the parts of a smartphone that can't be used to spy on you? I'm thinking 'maybe the battery door'. Any other suggestions?

What's the point of securing any smartphone when all of your activity on the device is captured elsewhere and sold for profit?

The point being there IS an opportunity for anyone who comes up with a workable idea to really really lock down all your gadgets (not only smartphones but all electronic gadgets) so that even when the gadgets are powered up they can't leak _any_ information

Yes, there is. And there are companies that are attempting to offer secure services and devices like this, such as Silent Circle and Blackphone.

However, your mistake with this "profitable" business idea is thinking that the majority of people actually give a shit about security and privacy and will PAY for such a service.

The current environment was birthed from the ignorance that they don't. And won't. Only a small fraction of people care enough to pay, which may or may not be profitable enough to even at

Re:

[antdude]

I am so glad I don't own a mobile phone to worry about these issues. :) I do have to worry about other sources though. :(

Re:

[viperidaenz]

But my cellphone has two microphones!

It's also waterproof, so what's a river going to do to it?

Re: I give up...

[jd2112]

So That must be the reason that Apple made the iPhone battery non removable. It's a security feature!

not the battery door

[oneiros27]

Mine's got a wireless charging pad in it.

Of course, it's running WebOS, which lets me set up security such that I can require confirmation before an app's allowed to use certain features (eg, GPS), rather than just giving it a blanket 'you're allowed to use GPS whenever you want to'.

The drawback is that I don't have nearly as many apps available to use, being that it's WebOS. (I still blame those horrible Palm Pre commercials with the stoned albino -- why they didn't bother showing that it supported multit

Re:

[viperidaenz]

A wireless charging pad? So they can just listen for the power consumption of the CPU with an RF antenna, process the waveforms to extract encryption keys and then hack in via the cellular radio and take information they want?

Re:

[fuzzyfuzzyfungus]

As much as I mourn my HP Touchpad (Oh man did WebOS multitasking curb-stomp Android multitasking at the time and even considerably later); if you are still running WebOS you probably have bigger security issues. The last update for any Pre models was December 2011, and Touchpad models January 2012. That's a long time for a relatively full featured OS to go without any fixing.

Re:

[schlachter]

it will be more dangerous when they figure out how to make your battery explode or electrocute you. when the go from surveillance to attack mode.

Re:

[camperdave]

It won't work. They'll be able to track you through the "hole" you leave by not having a trackable smart phone.

Re:

[thieh]

We probably should stop using cellphones altogether.

Re:

[Hattmannen]

Battery door? Oh, that thing on the back of the phone. Isn't that that elusive back door I've been hearing so much about? :-p

Re:

[oodaloop]

The event isn't until 2 days from now. That's ludicrous speed for /..

Re:

[Anonymous Coward]

You are so much smarter for having found this information a week ago. It's practically useless now.

Re:

[plover]

I'm going to assume most phones already have actual microphones, so how does this add any additional kind of insecurity? I'm going to assume most phones already have actual microphones, so how does this add any additional kind of insecurity?

Apparently the sound from your mic and the echo from your gyroscopes were both parsed by your speech-to-text converter. I guess it works better than we thought!

Re:So?

[JazzXP]

Basically an app can ask for permissions for the gyro only (if it even needs to) and be recording conversation.

Re:So?

[rasmusbr]

Basically an app can ask for permissions for the gyro only (if it even needs to) and be recording conversation.

Yeah, that's the thing. You don't need permissions for the gyro on Android and iOS, so any and all of the apps that you have on your phone or tablet could be using the gyro and you wouldn't know, except for an anomalous battery drain.

Re:So?

[frinkster]

Basically an app can ask for permissions for the gyro only (if it even needs to) and be recording conversation.

Yeah, that's the thing. You don't need permissions for the gyro on Android and iOS, so any and all of the apps that you have on your phone or tablet could be using the gyro and you wouldn't know, except for an anomalous battery drain.

Sure, but on iOS an app is suspended when you are on a phone call unless the app has used the system APIs to enable background execution. There are only a small number of background execution modes and your app must declare which it plans to use. When it comes to location-based background execution (the most likely use of the gyro), your app still gets suspended. The system wakes it up periodically and sends location updates to a function in your app and then gives the app a small time window for that function to return an expected value. It is very much a discrete task-based multitasking system - completely different than normal desktop machines. Good sometimes. Bad sometimes.

Re:

[rasmusbr]

Permissions on Android are a bit more rudimentary, so it would be simple to make a background process that just sits and quietly listens to the gyro. You would need to ask for the permission to keep the device awake in order to keep the CPU and sensor chip alive and (in order for it to be practical) the permission to start on boot.

Re:

[RabidReindeer]

The point of all this isn't to record phone conversations. Some of the agencies likely to exploit this particular weakness have more than enough clout to tap the main communications channel for that.

The accelerometer exploit is a very low-quality audio sampler. Sample range tops out at about 200/second, IIRC. Enough to get a muffled audio, but nowhere near opera-quality.

However, it's something that someone could do to monitor room conversations when the phone isn't on a call. And current access controls don

Re:

[Anonymous Coward]

Some of my co-workers were talking about this last week, and I think the effective issue was that while accessing the microphone requires special privileges to be granted to the application, no such privileges are required to access the gyroscope.

Re:

[rhazz]

Guilty as charged.

Oh no

[Parker Lewis]

Another summary posted by trainee.

App permissions

[grimJester]

Apps request permissions for different pieces of hardware on a case-by-case basis. The average user might raise some eyebrows if an app that shouldn't need it wants to access your microphone, but access to gyroscope data might not even require user acceptance.

Hiding the phone...

[khr]

the gyroscopes integrated into smartphones were sensitive enough to enable some sound waves to be picked up, transforming them into crude microphones

Yeah, that's why I always stick my phone inside an empty potato chip bag when I'm talking to someone...

Re:

[Dog-Cow]

Being an un-funny ass must be really hard work these days. If we were to apply the oh-so-humorous ^W's in your post, it would read That's why you should stick with Apple. With an iPhone you can get the same effect simply wrong. Which, as we can see, makes no sense at all.

Whew!

[Somebody Is Using My]

My phone doesn't have gyroscope, therefore I am safe from people listening in to my conversations.

"Gee boss, we need to spy on this guy! Any ideas how we can do it?
"Well he has a smart phone; maybe we can leverage that to our advantage?"
"Oh, I see what you are getting at; we'll hack the firmware so we can use the oscillations of the GPS to crudely and inaccurately record what he is saying!"
"Actually, I was thinking we might want to use the attached microphone which is, you know, designed to pick up sound..

How to summary

[skovnymfe]

Researchers will demonstrate the process used to spy on smartphones using gyroscopes at Usenix Security event on August 22, 2014. Researchers from Stanford and a defense research group at Rafael will demonstrate a way to spy on smartphones using gyroscopes at Usenix Security event on August 22, 2014.

Why the redundancy? Post must be longer than 100 characters?

Re:

[jheath314]

"is actually a quined phrase that makes its point via repetition" is actually a quined phrase that makes its point via repetition.

Re:

[ArcadeMan]

The post was written by The Department Of Redundancy Department.

Re:

[account_deleted]

Comment removed based on user account deletion

The paper says...

[Anonymous Coward]

They are currently able to recognize the spoken digits 1-9 correctly approximately 80% of the time. This is given a training data set from the same speaker and the same phone. Incredibly impressive, especially since it was done from a web browser and requires no special permissions or even knowledge from the user. For those of you that didn't read it. However, James Bond spy tool this is not yet...

Re:

[F.Ultra]

Something tells me that this could quite easily be fixed by filtering out "noise" from the gyroscopes before presenting it to apps. There can hardly be a use case for this finegrained details from the gyro except this one of course.

Re:

[F.Ultra]

And we really need "Kalman filters" on our phones? And there is no way in hell that one could filter out the noise level produced by audio (which must be extremely low) and still give enough resolution for the Kalman filter ?

Re:

[macklin01]

It would be neat, however, to see gyroscope inputs added to regular audio inputs to improve speech-to-text. This seems to be a nice proof of concept for that.

Re:

[Pope]

So the Numbers Station folks aren't out of a job yet!

But snooped on with what?

[sacrilicious]

Researchers will demonstrate the process used to spy on smartphones using gyroscopes at Usenix Security event on August 22, 2014. Researchers from Stanford and a defense research group at Rafael will demonstrate a way to spy on smartphones using gyroscopes at Usenix Security event on August 22, 2014. According to the "Gyrophone: Recognizing Speech From Gyroscope Signals" study, the gyroscopes integrated into smartphones were sensitive enough to enable some sound waves to be picked up, transforming them into crude microphones.

I can't help but feel like there are gyroscopes involved in this process somehow...

Re:

[wonkey_monkey]

Well, they call 'em gyroscopes, but since gyro- implies something spinning, and these things are (as far as I can ascertain) just vibrating, I call 'em accelerometers.

And real gyroscopes have more purposes than measuring acceleration anyway.

Re:

[oodaloop]

The gyroscopes and accelerometers are two different things. The gryoscope measures tilt of the device, like when you play a racing game. The accelerometer measures change in velocity, like when you shake the phone to shuffle a playlist. Two different sensors.

And no, the gyroscope in your phone does not spin; it is solid state [wikipedia.org].

Re:

[Russ1642]

A gyroscope can measure absolute orientation in the absence of a gravitational field.

Re:

[NoImNotNineVolt]

You're both partly wrong.

There are six degrees of freedom here. Three linear, and three angular. Tilting a phone is synonymous with applying angular acceleration to it. A phone existing in a tilted state relative to the ground is experiencing no angular acceleration, but its angle of tilt can be determined by combining the three linear acceleration readings into one vector (assuming the phone is stationary relative to the Earth). The word "tilt" here is ambiguous in that it could relate to either angular

Let me guess

[jones_supa]

No one will ever bother exploiting this. Neither will anyone bother to exploit the red button attack [slashdot.org] or inferring audio from video recording [slashdot.org]. It's just too tricky to get these working in practice. Even with the gyroscope you get a crummy 100Hz frequency cap with terrible amounts of factors decreasing sound capture quality.

Re:

[wonkey_monkey]

Which is, of course, exactly the kind of attitude "they" would hope you'd have.

Re:

[jones_supa]

It does not matter what they hope if they can't get the tricks to work.

Similar cool/scary news...

[RyuuzakiTetsuya]

http://petapixel.com/2014/08/0... [petapixel.com]

Good lordy.

This would be really cool if the privacy implications weren't scary. However, I can't imagine this being useful or practical wide scale. As a targeted attack, that's really scary as fuck.

Re:

[iggymanz]

been done for decades using laser on window or hard surface in room by law enforcement and others

Re:

[RyuuzakiTetsuya]

If you read the article linked, they're doing it with a cellphone camera too.

Not *great*, mind you, but possible. Thus kind of scary.

Re:

[iggymanz]

yes read the article, just saying principles not new and plenty of other ways to "bug" a room without entering. good ol' parabolic microphones can listen through walls from outside at over fifty meters range

The fear mongering industry...

[Torp]

... has moved to smartphones.

Srsly

[Alioth]

Smartphones have actual microphones. Why use the gyro as a crude microphone when you have a perfectly functioning microphone built into the device already?

Re:

[Chrisq]

Smartphones have actual microphones. Why use the gyro as a crude microphone when you have a perfectly functioning microphone built into the device already?

Because its there [wikiquote.org]

Permissions. It's a kind of privalage escalation.

[bussdriver]

The app doesn't use your microphone; or you deny it, or whatever. So the app uses the gyro to figure out what you are saying anyway - you have no idea it can even do this because it doesn't use the microphone. 3rd parties could AUDIT and secure the software for government or corporate use--- and it would still record gyro information.

A background app could listen constantly even while other apps have the mic if it can background and use the gyro.

A hacked app with only gyro access...

Think about the story w

Phone permissions suck

[Gothmolly]

Every app seems to want access to your full memory, location info, camera, microphone and contact list. Why does a flashlight app need all this?

I carry a phone because I have to for work, and I need something to read while on the crapper, and that's it. People who use all these fancy apps are the product, not the customer.

Re:

[Solandri]

You can thwart this if your phone is rooted. At first I used an app which blocked apps from accessing certain features and data I didn't want them to see, like my location. But then they started to make apps crash when they were blocked this way.

I'm currently using xprivacy [xposed.info]. It generates fake data for things like location, networks, and sensors. If the app insists on getting my location and I don't give it that permission, it still gets a location. But that location is a random place in the world. S

Or you could just use the windows and screens

[WillAffleckUW]

Since a long long time ago (about 50 years now) we've been able to use nearby windows and computer monitors - even picture frames - to pick up sounds inside rooms.

Why bother with a cell phone if you're trying to get a good audio pickup?

If you need to isolate a person, it's not a bad choice, but you can also use the other signals your cell gives out or responds to for locating the person precisely, without technically "using" the phone, and thereby alerting the target.

But, hey, do it the hard way, if you mus