Popular Samsung, LG Android Phones Open to ‘Spearphone’ Eavesdropping
Researchers with the University of Alabama at Birmingham and Rutgers University have developed a new attack enabling them to remotely access speakerphone audio streams on LG and Samsung phones.
The attack, dubbed spearphone, takes advantage of the ability of accelerometers (motion sensors) present in vulnerable devices to record sound-wave reverberations from audio played in speakerphone mode. Accelerometers are always enabled and can freely provide data to apps and websites without explicit user permissions. This means that threat actors can instruct a rogue app or website to capture reverberations from the device on which it is running. The reverberations can then be analyzed in order to infer speech and other sensitive audio data.