Speechless: Analyzing the Threat to Speech Privacy from Smartphone Motion Sensors

Anand, S.; Saxena, Nitesh

doi:10.1109/sp.2018.00004

Cited by 63 publications

(28 citation statements)

References 12 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…There are opposing views on whether non-acoustic smartphone sensors capture sounds at normal conversational loudness. While Anand and Saxena did not notice an apparent effect of live human speech on motion sensors in several test devices [3], other studies report very small but measurable effects of machine-rendered speech, significant enough to reconstruct spoken words or phrases [54,79].…”

Section: Experimental Research Findingsmentioning

confidence: 99%

“…Initially, speech is recorded through the smartphone by an actor B, which could be either (1) the operating system provider itself, e.g. Apple or Google, (2) non-system apps installed on the device, or (3) third-party libraries 3 included in these apps. Potentially after some processing and filtering, which can happen locally on the device or on remote servers, actor B shares relevant information extracted from the recordingdirectly or through intermediarieswith organization A (unless A and B are one and the same actor, which is also possible).…”

Section: Threat Modelmentioning

confidence: 99%

“…Numerous popular media outlets have reported on these alleged eavesdropping attacks [3]. In a Forbes article, for instance, the US-based market research company Forrester reports that at least 20 employees in its own workforce have experienced the phenomenon for themselves [40].…”

Section: Introductionmentioning

confidence: 99%

See 2 more Smart Citations

Is My Phone Listening in? On the Feasibility and Detectability of Mobile Eavesdropping

Kröger

Raschke

2019

Data and Applications Security and Privacy XXXIII

View full text Add to dashboard Cite

Besides various other privacy concerns with mobile devices, many people suspect their smartphones to be secretly eavesdropping on them. In particular, a large number of reports has emerged in recent years claiming that private conversations conducted in the presence of smartphones seemingly resulted in targeted online advertisements. These rumors have not only attracted media attention, but also the attention of regulatory authorities. With regard to explaining the phenomenon, opinions are divided both in public debate and in research. While one side dismisses the eavesdropping suspicions as unrealistic or even paranoid, many others are fully convinced of the allegations or at least consider them plausible. To help structure the ongoing controversy and dispel misconceptions that may have arisen, this paper provides a holistic overview of the issue, reviewing and analyzing existing arguments and explanatory approaches from both sides. Based on previous research and our own analysis, we challenge the widespread assumption that the spying fears have already been disproved. While confirming a lack of empirical evidence, we cannot rule out the possibility of sophisticated large-scale eavesdropping attacks being successful and remaining undetected. Taking into account existing access control mechanisms, detection methods, and other technical aspects, we point out remaining vulnerabilities and research gaps.

show abstract

Section: Experimental Research Findingsmentioning

confidence: 99%

Section: Threat Modelmentioning

confidence: 99%

See 1 more Smart Citation

Is My Phone Listening in? On the Feasibility and Detectability of Mobile Eavesdropping

Kröger

Raschke

2019

Data and Applications Security and Privacy XXXIII

View full text Add to dashboard Cite

show abstract

“…Moreover, Michalevsky et al showed that MEMS gyroscope measurements are sensitive to acoustic signals in their vicinity [174]. As a result, they can be used to distinguish between different speakers, and, in part, the content of the speech [174] due to conducted vibrations of the loudspeakers used [175], [176].…”

Section: Additional Related Workmentioning

confidence: 99%

“…In other words, the same source of vulnerability which can be used to destabilize [10] and control [13], [34], [43] gyroscopes and accelerometers can be used for covert channel communication [171], [172], tracking [173], and speaker identification [174], [175]. Similarly, instead of using microphone non-linearities for command injections [11], [55], [134], Shen et al [177] and Chen et al [178] leveraged them to protect users' privacy by jamming nearby recording devices.…”

Section: Additional Related Workmentioning

confidence: 99%

Taxonomy and Challenges of Out-of-Band Signal Injection Attacks and Defenses

Giechaskiel

Rasmussen

2020

IEEE Commun. Surv. Tutorials

View full text Add to dashboard Cite

Recent research has shown that the integrity of sensor measurements can be violated through out-of-band signal injection attacks. These attacks target the conversion process from a physical quantity to an analog property-a process that fundamentally cannot be authenticated. Out-of-band signal injection attacks thus pose previously-unexplored security risks by exploiting hardware imperfections in the sensors themselves, or in their interfaces to microcontrollers. In response to the growingyet-disjointed literature in the subject, this article presents the first survey of out-of-band signal injection attacks. It focuses on unifying their terminology and identifying commonalities in their causes and effects through a chronological, evolutionary, and thematic taxonomy of attacks. By highlighting cross-influences between different types of out-of-band signal injections, this paper underscores the need for a common language irrespective of the attack method. By placing attack and defense mechanisms in the wider context of their dual counterparts of side-channel leakage and electromagnetic interference, this study identifies common threads and gaps that can help guide and inform future research. Overall, the ever-increasing reliance on sensors embedded in everyday commodity devices necessitates that a stronger focus be placed on improving the security of such systems against out-of-band signal injection attacks.

show abstract

CAVAEva: An Engineering Platform for Evaluating Commercial Anti-malware Applications on Smartphones

Jiang

Meng

et al. 2020

Information Security and Cryptology

View full text Add to dashboard Cite

 Users may download and print one copy of any publication from the public portal for the purpose of private study or research.  You may not further distribute the material or use it for any profit-making activity or commercial gain  You may freely distribute the URL identifying the publication in the public portal If you believe that this document breaches copyright please contact us providing details, and we will remove access to the work immediately and investigate your claim.

show abstract

Speechless: Analyzing the Threat to Speech Privacy from Smartphone Motion Sensors

Cited by 63 publications

References 12 publications

Is My Phone Listening in? On the Feasibility and Detectability of Mobile Eavesdropping

Is My Phone Listening in? On the Feasibility and Detectability of Mobile Eavesdropping

Taxonomy and Challenges of Out-of-Band Signal Injection Attacks and Defenses

CAVAEva: An Engineering Platform for Evaluating Commercial Anti-malware Applications on Smartphones

Contact Info

Product

Resources

About