Malicious actors are using an attack method named EarSpy to leverage side-channels for eavesdropping on user’s phone communications. The technique was described by researchers in a paper published in December in collaboration between researchers from several universities, including Texas A&M University, Temple University, New Jersey Institute of Technology, Rutgers University, and the University of Dayton. According to the research, smartphone manufacturers’ efforts to improve ear speakers in their devices has led to new vulnerabilities.
EarSpy relies on the phone’s ear speaker, and consists of capturing the tiny vibrations that are generated by the speaker. An attacker could then use this data to determine what the user is saying. Still, it would be far easier for an attacker to install malware on a target’s phone to record calls via the microphone. As security continues to improve, his attack method has become increasingly difficult.