
The Gyroscopes in Your Phone Could Let Apps Eavesdrop on Conversations - digitalcreate
http://www.wired.com/2014/08/gyroscope-listening-hack/
======
anigbrowl
_But he says the research is only intended to show the possibility of the
spying technique, not to perfect it. “We’re security experts, not speech
recognition experts,” Boneh says._

It shows. Sampling at 200Hz means your masimum detectable frequency is 100Hz,
per the Nyquist theorem - that'll capture ~40% of the typical male frequency
range (fundamental only - not enough for harmonics or formants) and little or
nothing of the typical female frequency range. I question the claimed 65%
success rate, and would like to know a lot more about the experimental
conditions before I'd be inclined to accept it. I do enough synthesis to know
what that sort of sample rate sounds like without having to test, and the
short answer is 'awful'. I can see possibly getting numbers out of it when the
phone is held up to one's head but only in perfectly controlled environments.
For contrast POTS bandwidth is 300 to 3400 Hz.

 _Or if an app really needed to access the gyroscope at high frequencies, it
could be forced to ask permission. “There’s no reason a video game needs to
access it 200 times a second,” says Boneh._

I think it's quite plausible that people might be able to detect a lag greater
than 5ms in the right game. That's around the envelope for involuntary
variation by professional drummers.

~~~
srean
That is what one would get with a single gyroscope. Now imagine several
gyroscopes listening in, with their sampling frequency slightly/randomly out
of phase, an array of receivers if you will. For this to work one needs to
figure out the 'sync' of the gyroscopes but I dont see a fundamental problem
with this approach.

~~~
Ajoo
I don't know, requiring several phones within hearing range seems like it
would severely limit the applicability of this technique. If you think N
phones provides at best N*(maximum sample rate of one phone) and that's
assuming their phases a perfectly misaligned I'd think you'd still need quite
a few to get something.

Plus the 100 Hz figure is optimistic. I dunno what kind of anti-aliasing these
things have. If none you get an aliased signal and with a low order filter the
practical maximum frequency detectable would be even less.

------
digitalcreate
Reminds me of the recent Visual Microphone algorithm that researchers found,
which recreates sound by looking at micro-vibrations of objects (ex. potato
chip bags and house plants).

~~~
trhway
that an old trick by bouncing laser of the objects near the source of the
sound.

~~~
gamegoblin
I think OP was referring to a recent demo that uses only video. No special
equipment required.

------
gojomo
Similarly, in 2011, it was shown that in-phone motion-sensors could be used to
deduce typing in other apps:

Android:
[http://www.theregister.co.uk/2011/08/17/android_key_logger/](http://www.theregister.co.uk/2011/08/17/android_key_logger/)

iPhone: [http://www.wired.com/2011/10/iphone-keylogger-
spying/](http://www.wired.com/2011/10/iphone-keylogger-spying/)

------
al2o3cr
FFS, another Wired "if you take this interesting-but-very-primitive research
result and ignore the orders of magnitude in sampling rate improvement needed,
OMG SPYING" article.

Slightly more feasible than the last one which focused on detecting sound via
image differences in high-speed (thousands of fps) camera footage, but
still...

~~~
gojomo
Attacks only get better.

------
userbinator
I suppose it would depend on the exact gyroscope; apparently some are more
sensitive to audio frequency noise than others; some details in this document:

[http://www.invensense.com/mems/gyro/documents/whitepapers/A%...](http://www.invensense.com/mems/gyro/documents/whitepapers/A%20Critical%20Review%20of%20the%20Market%20Status%20and%20Industry%20Challenges%20of%20Producing%20Consumer%20Grade%20MEMS%20Gyroscopes.pdf)

Its placement within the device will also affect the sensitivity to audio, so
it will vary between device models - the article doesn't mention if 65% is
worst-case, best-case, or an average.

------
sjtrny
65% accuracy on a limited character set hardly seems worth it at this point.

~~~
ademarre
_" Attacks always get better; they never get worse."_ – The NSA[1]

[1]
[http://tools.ietf.org/html/rfc4270#section-6](http://tools.ietf.org/html/rfc4270#section-6)

