Skip to main content

Your smartphone’s gyroscope can be turned into an eavesdropping hacker’s microphone

Smartphone microphone gyroscope
Image used with permission by copyright holder
If you own a smartphone, chances are it has a gyroscope – and chances also are that gyroscope can be used (without special permissions) as a microphone to listen in on your private conversations. This is the startling finding from two researchers from Stanford University’s Computer Science Department and one researcher from Rafael Advanced Defense Systems, who authored a paper titled “Gyrophone: Recognizing Speech From Gyroscope Signals.”

According to the paper, microelectromechanical systems (MEMS) gyroscopes found in modern smartphones are sensitive enough to pick up acoustic signals. While these raw signals aren’t enough to glean useful information from, the researchers used signal processing and algorithms to identify the correct speaker from a set of 10 possible speakers with a 50 percent success rate.

Recommended Videos

Related: Who needs malware? I could have wrecked this kid’s life with a notepad

Using a Nexus 4 and a Galaxy S3, they were also able to successfully recognize simple speech up to 65 percent of the time in speaker-dependent cases and up to 26 percent of the time in speaker-independent cases. The gyroscopes in these phones were also used to correctly identify a speaker’s gender up to 84 percent of the time.

“Since iOS and Android require no special permissions to access the gyro, our results show that apps and active web content that cannot access the microphone can nevertheless eavesdrop on speech in the vicinity of the phone,” according to the paper.

The researchers also offer two suggestions for defending against gyroscope-based eavesdropping: apply low-pass filtering to raw samples provided by the gyroscope, or apply a form of acoustic masking around the gyroscope itself or on a smartphone’s case.

“A general conclusion we suggest following this work is that access to all sensors should be controlled by the permissions framework, possibly differentiating between low and high sampling rates,” according to the researchers.

The paper will be presented at the 23rd USENIX Security Symposium in San Diego on Friday, Aug. 22.

Those interested in downloading an Android application that can be used for sampling a phone’s gyroscope can head to the Stanford Security Research page dedicated to the paper.

Jason Hahn
Former Digital Trends Contributor
Jason Hahn is a part-time freelance writer based in New Jersey. He earned his master's degree in journalism at Northwestern…
This company gave us a sneak peek at the future of smartphone design
Tecno's new renewable fiber on the back of a phone.

Mobile World Congress (MWC) is the year's premiere showcase for everything smart. While there are sure to be some big headline grabbers, some of the most exciting announcements from this massive show aren't the phones and other devices, but the more subtle reveals. That's exactly what's going on with these concept materials from Tecno Mobile.

Tecno Mobile is one of the largest phone manufacturers in emerging markets like India, Africa, and the Middle East, and while Western audiences aren't likely to have heard of the company or come across its devices, with a revenue of $1 billion in 2020, it's always worth keeping an eye on what Tecno has planned for the future.

Read more
If you have one of these apps on your Android phone, delete it immediately
The app drawer on the Google Pixel 8 Pro.

The NSO Group raised security alarms this week, and once again, it’s the devastatingly powerful Pegasus malware that was deployed in Jordan to spy on journalists and activists. While that’s a high-profile case that entailed Apple filing a lawsuit against NSO Group, there’s a whole world of seemingly innocuous Android apps that are harvesting sensitive data from an average person’s phone.
The security experts at ESET have spotted at least 12 Android apps, most of which are disguised as chat apps, that actually plant a Trojan on the phone and then steal details such as call logs and messages, remotely gain control of the camera, and even extract chat details from end-to-end encrypted platforms such as WhatsApp.
The apps in question are YohooTalk, TikTalk, Privee Talk, MeetMe, Nidus, GlowChat, Let’s Chat, Quick Chat, Rafaqat, Chit Chat, Hello Chat, and Wave Chat. Needless to say, if you have any of these apps installed on your devices, delete them immediately.
Notably, six of these apps were available on the Google Play Store, raising the risk stakes as users flock here, putting their faith in the security protocols put in place by Google. A remote access trojan (RAT) named Vajra Spy is at the center of these app's espionage activities.

A chat app doing serious damage

Read more
Security experts just found two giant smartphone privacy issues
The Apple iPhone 15 Pro Max's camera module.

Apple iPhone 15 Pro Max Andy Boxall / Digital Trends

This has been quite a stunning week in regard to the privacy and security of smartphone users. Specifically, two investigations have revealed troubling privacy concerns around smartphone advertising and iOS' notification system.

Read more