Q
Evaluate Weigh the pros and cons of technologies, products and projects you are considering.

Can a smartphone gyroscope be an eavesdropping tool?

Smartphones with gyroscopes can be exploited to serve as an eavesdropping tool. Expert Nick Lewis explains how to mitigate smartphone gyroscope risk.

Someone told me that a smartphone's gyroscope can help hackers eavesdrop on conversations. How is the gyroscope...

exploited and how can I prevent it from becoming an eavesdropping tool? Is it vulnerable only when the device is being used or at any time?

While convenient, smartphones with microphones are a great source of covert eavesdropping capabilities thanks to their ubiquitous use and always-on connected nature.

The most obvious feature to use for eavesdropping is the microphone or video camera, but other parts of the smartphone can be used to monitor communications.

Researchers Yan Michalevsky, Dan Boneh and Gabi Nakibly discovered a way to use a smartphone gyroscope to listen in on conversations in certain scenarios. While their proof-of-concept exploit had limited accuracy when focused on an individual in an empty room, accuracy could be improved with the right speech-recognition software.

One reason why smartphones are vulnerable to eavesdropping attacks when powered on is because most users keep the default setting that allows the Web browser to access the gyroscope to display webpages in the correct orientation. However, that doesn't mean other apps, especially malicious ones, couldn't make use of the gyroscope in certain scenarios.

To completely prevent the smartphone gyroscope from being used as an eavesdropping tool, users would need to power the device off or carry it in a soundproof container. Disconnecting the device from a network would not prevent the device from listening, but would prevent the device from sending the recorded data.

In its blog post, security vendor Symantec Corp. noted that Firefox is the most vulnerable of the major Web applications because it uses the default settings to listen for audio from the gyroscope. Chrome and Safari, on the other hand, limit how the smartphone gyroscope can be used to listen for audio.

Down the line, smartphone makers could change the gyroscope access default settings, making them lower so it doesn't have the sensitivity to listen for audio. For now, the risk is minimal, and as noted can be further reduced by using certain devices or configurations, but organizations at high risk for advanced, targeted attacks should at least be aware of this issue.

Ask the Expert!
Have a question about enterprise threats? Send it via email today! (All questions are anonymous.)

Next Steps

Learn more about detecting and preventing mobile device eavesdropping.

This was last published in March 2015

Dig Deeper on Mobile security threats and prevention

PRO+

Content

Find more PRO+ content and other member only offers, here.

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

Join the conversation

3 comments

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.

Is your organization concerned about smartphones being used as eavesdropping tools?
Cancel
It isn't just smart phones, with more and more companies engaged with telecommuting and remote work, there are all kinds of ways that data could in theory be captured, and stolen.  Its important to have policies to cover such events, and to know the security protocols of wherever saved notes, documents and meeting recordings are being held.
Cancel
I love it how the experts used their problem-solving skills to uncover such unusual use of the components. I had no idea that a smartphone's gyroscope can be used as a microphone!
Cancel

-ADS BY GOOGLE

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchConsumerization

SearchEnterpriseDesktop

SearchCloudComputing

ComputerWeekly

Close