Your smartphone’s gyroscope can be turned into an eavesdropping hacker’s microphone

If you own a smartphone, chances are it has a gyroscope – and chances also are that gyroscope can be used (without special permissions) as a microphone to listen in on your private conversations. This is the startling finding from two researchers from Stanford University’s Computer Science Department and one researcher from Rafael Advanced Defense Systems, who authored a paper titled “Gyrophone: Recognizing Speech From Gyroscope Signals.”

According to the paper, microelectromechanical systems (MEMS) gyroscopes found in modern smartphones are sensitive enough to pick up acoustic signals. While these raw signals aren’t enough to glean useful information from, the researchers used signal processing and algorithms to identify the correct speaker from a set of 10 possible speakers with a 50 percent success rate.

Related: Who needs malware? I could have wrecked this kid’s life with a notepad

Using a Nexus 4 and a Galaxy S3, they were also able to successfully recognize simple speech up to 65 percent of the time in speaker-dependent cases and up to 26 percent of the time in speaker-independent cases. The gyroscopes in these phones were also used to correctly identify a speaker’s gender up to 84 percent of the time.

“Since iOS and Android require no special permissions to access the gyro, our results show that apps and active web content that cannot access the microphone can nevertheless eavesdrop on speech in the vicinity of the phone,” according to the paper.

The researchers also offer two suggestions for defending against gyroscope-based eavesdropping: apply low-pass filtering to raw samples provided by the gyroscope, or apply a form of acoustic masking around the gyroscope itself or on a smartphone’s case.

“A general conclusion we suggest following this work is that access to all sensors should be controlled by the permissions framework, possibly differentiating between low and high sampling rates,” according to the researchers.

The paper will be presented at the 23rd USENIX Security Symposium in San Diego on Friday, Aug. 22.

Those interested in downloading an Android application that can be used for sampling a phone’s gyroscope can head to the Stanford Security Research page dedicated to the paper.

Get our Top Stories delivered to your inbox: