It seems like security experts are consistently finding loopholes in smartphone security that allows others to spy on you. Now, a group of researchers from Stanford University and Israel defence research group Rafael, have figured out how a smartphone's gyroscope could be used to eavesdrop on you.
Most phones that cost over $100 have a gyroscope. These gyroscopes are sensors that figure out your phone's orientation. For example, if you turn your phone from horizontal to vertical, the gyroscopes senses that and tells the display to change its orientation. Gyroscopes are often commonly used in games and apps, too.
However, researchers have discovered that gyroscopes could pose a security risk. They created an experimental app called Gyrophone and using it to pick up sound waves, such as dialogue. Basically, Gyrophone turns your gyroscopes into a microphone and allows others to listen in on you, even if you don't have your phone's microphone on.
What's most disturbing about this discovery is that most apps ask for permissions when they need access to such phone features, such as your microphone and GPS. However, gyroscopes are automatically always on for all apps, so a shady app could essentially be used to spy on you without you being aware of it.
This works because the gyroscope responds to physical vibrations. And because it's so sensitive, it also picks up air vibrations, including those coming from sound. With a custom-built speech recognition program, the researchers created something that could translate those waves into words, allowing them to hear what's being said in the vicinity of the phone.
"Whenever you grant anyone access to sensors on a device, you're going to have unintended consequences," says Dan Boneh, a computer security professor at Stanford. "In this case the unintended consequence is that they can pick up not just phone vibrations, but air vibrations."
Both Android and iOS devices have gyroscopes, but iOS has a limit on how much movement the gyroscope can read per second:100 times. However, Android's limit is higher, 200 times per second, and that's what researchers estimate is enough to pick up speech.
The good news is that this technology is not at the point where potential spies will be using it anytime soon. However, now that the security flaw exists, researchers assume more nefarious types will begin using it. Fortunately, especially for Android, it's a simple fix: limit the vibrations per second.
"Third party research is one of the ways Android is made stronger and more secure," says a Google spokesperson. "This early, academic work should allow us to provide defences before there is any likelihood of real exploitation."