Someone told me that a smartphone's gyroscope can help hackers eavesdrop on conversations. How is the gyroscope...
By submitting your personal information, you agree that TechTarget and its partners may contact you regarding relevant content, products and special offers.
exploited and how can I prevent it from becoming an eavesdropping tool? Is it vulnerable only when the device is being used or at any time?
While convenient, smartphones with microphones are a great source of covert eavesdropping capabilities thanks to their ubiquitous use and always-on connected nature.
The most obvious feature to use for eavesdropping is the microphone or video camera, but other parts of the smartphone can be used to monitor communications.
Researchers Yan Michalevsky, Dan Boneh and Gabi Nakibly discovered a way to use a smartphone gyroscope to listen in on conversations in certain scenarios. While their proof-of-concept exploit had limited accuracy when focused on an individual in an empty room, accuracy could be improved with the right speech-recognition software.
One reason why smartphones are vulnerable to eavesdropping attacks when powered on is because most users keep the default setting that allows the Web browser to access the gyroscope to display webpages in the correct orientation. However, that doesn't mean other apps, especially malicious ones, couldn't make use of the gyroscope in certain scenarios.
To completely prevent the smartphone gyroscope from being used as an eavesdropping tool, users would need to power the device off or carry it in a soundproof container. Disconnecting the device from a network would not prevent the device from listening, but would prevent the device from sending the recorded data.
In its blog post, security vendor Symantec Corp. noted that Firefox is the most vulnerable of the major Web applications because it uses the default settings to listen for audio from the gyroscope. Chrome and Safari, on the other hand, limit how the smartphone gyroscope can be used to listen for audio.
Down the line, smartphone makers could change the gyroscope access default settings, making them lower so it doesn't have the sensitivity to listen for audio. For now, the risk is minimal, and as noted can be further reduced by using certain devices or configurations, but organizations at high risk for advanced, targeted attacks should at least be aware of this issue.
Ask the Expert!
Have a question about enterprise threats? Send it via email today! (All questions are anonymous.)
Dig Deeper on Mobile security threats and prevention
Related Q&A from Nick Lewis
When NSA cyberweapons went public, attackers bundled them into the EternalRocks malware. Nick Lewis takes a closer look at this new threat and ...continue reading
A Google Docs phishing attack used OAuth tokens to affect more than a million Gmail users. Nick Lewis explains how it happened, and how to defend ...continue reading
A vulnerability in Microsoft's Windows Defender antivirus tool left users open to remote code exploitation. Expert Nick Lewis explains how it ...continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.